In Tomcat 9, can AutoDeploy be turned off programatically

Question

We use tomcat 9 with spring/hibernate. Obviously its a production code and the tomcat manager is not there. For the tomcat hardening we are trying to turn off the "autoDeploy" via code dynamically. We can do that in server.xml as :

<Host appBase="webapps" autoDeploy="false" name="localhost" unpackWARs="true">

Can that be done? Is there a way to do this programatically?

EDIT: Code attempted:

package test.servlet;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;

import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.tomcat.util.modeler.Registry;

public class TestServlet extends HttpServlet {
    ObjectName oname = null;
    MBeanServer mBeanServer = null;

    public void service(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

        String name = request.getParameter("app");

        PrintWriter writer = response.getWriter();

        try {
            oname = new ObjectName("Catalina:type=Deployer,host=localhost");
            mBeanServer = Registry.getRegistry(null, null).getMBeanServer();
            if (!isDeployed(name) && !isServiced(name)) {
                writer.println("deploying application -> " + name);
                addServiced(name);
                try {
                    // Perform new deployment
                    check(name);
                } finally {
                    removeServiced(name);
                }
            }

        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }

    protected void check(String name) throws Exception {
        String[] params = { name };
        String[] signature = { "java.lang.String" };
        mBeanServer.invoke(oname, "check", params, signature);
    }

    protected void addServiced(String name) throws Exception {
        String[] params = { name };
        String[] signature = { "java.lang.String" };
        mBeanServer.invoke(oname, "addServiced", params, signature);
    }

    protected boolean isDeployed(String name) throws Exception {
        String[] params = { name };
        String[] signature = { "java.lang.String" };
        Boolean result = (Boolean) mBeanServer.invoke(oname, "isDeployed", params, signature);
        return result.booleanValue();
    }

    protected boolean isServiced(String name) throws Exception {
        String[] params = { name };
        String[] signature = { "java.lang.String" };
        Boolean result = (Boolean) mBeanServer.invoke(oname, "isServiced", params, signature);
        return result.booleanValue();
    }

    protected void removeServiced(String name) throws Exception {
        String[] params = { name };
        String[] signature = { "java.lang.String" };
        mBeanServer.invoke(oname, "removeServiced", params, signature);
    }
}

Answer 1

I guess you would have to disable deployOnStartup and autoDeploy both.

Reference from the Tomcat 9 docs for host :

autoDeploy : This flag value indicates if Tomcat should check periodically for new or updated web applications while Tomcat is running. If true, Tomcat periodically checks the appBase and xmlBase directories and deploys any new web applications or context XML descriptors found. Updated web applications or context XML descriptors will trigger a reload of the web application. The flag's value defaults to true.

deployOnStartup : This flag value indicates if web applications from this host should be automatically deployed when Tomcat starts. The flag's value defaults to true.

If you disable deployOnStartup and autoDeploy, then you would need to explicitly configure the manager app via a Context element in server.xml and then use it to deploy additional WAR files/directories.

Note : You can disable auto deploy via setting - autodeploy="false" in your server.xml file.

Read more at : Apache Tomcat 9 Configuration Reference

Answer 2

No, it cannot be, as you cannot set autoDeploy="false" from Java code.

The only way to configure this, is to do it in the server.xml.