How to disable live deployment in apache tomcat

automatic deployment process monitors the deployed web applications for changes. depending upon the changes, the web application is either re-deployed or reloaded at run time.this can lead to a security problem if anyone is able to deploy to your running tomcat server and can easily run his application.

so to disable auto deploy use
autoDeploy=”false” in tomcat/conf/server.xml

<Host name=”localhost”  appBase=”webapps”
unpackWARs=”true” autoDeploy=”false” >

tomcat can be made to deploy  WAR at startup only this can be done using deployOnStartup=”true” parameter in apache tomcat this make new deployements to take affect only if tomcat is restart.

<Host name=”localhost”  appBase=”webapps”
unpackWARs=”true” autoDeploy=”false” deployOnStartup=”true” >


This entry was posted in Tomcat. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s