Java Conditional configuration (web.xml) – Development/Production

I have the following configuration in my web.xmlfile in a Spring application:


The problem is: the <secure>true</secure> enforces the cookie to be sent over HTTPS only, and in my development machine I don’t have HTTPS set up. However, this configuration is indispensable in the production environment.

Is there a way to make this configuration to be environment-sensitive – i.e. false for development and true for official/production builds?


If you are using Maven (which I would strongly suggest) then you can use profiles together with maven-war-plugin. You can specify different web.xml in each of these profiles (so you can have one for prod environment and other for dev). Here is an example for you


Now each build will have by default web.xml with dev settings. When you want to change it to production build, just execute

mvn clean install -Pprod

Leave a Reply

Your email address will not be published. Required fields are marked *