📄 What is it exactly?
➤ File Name:
WEB-INF/web.xml
➤ It’s read by the servlet container (like Tomcat) when deploying your app.
🧠 What It Does:
- Maps URLs to servlets
- Declares filters, listeners
- Configures session settings
- Sets up security (authentication, roles)
- Controls app initialization order
- Configures welcome files (like
index.html)
🧪 Minimal web.xml Example
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" version="3.1">
<servlet>
<servlet-name>MyServlet</servlet-name>
<servlet-class>com.myapp.MyServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MyServlet</servlet-name>
<url-pattern>/hello</url-pattern>
</servlet-mapping>
</web-app>
This tells the servlet container:
- Load class
com.myapp.MyServlet - Map it to URL:
/hello
So when a user hits: http://localhost:8080/yourapp/hello, the container calls that servlet.
🛡️ Other Things You Can Configure
1. Welcome Page
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
2. Session Timeout
<session-config>
<session-timeout>30</session-timeout> <!-- in minutes -->
</session-config>
3. Security Constraints
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Area</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
💡 Modern Usage Note
Starting with Servlet 3.0, web.xml is optional.
You can now use annotations instead:
@WebServlet("/hello")
public class MyServlet extends HttpServlet { ... }
But web.xml is still useful for:
- Large/legacy apps
- Externalizing config
- Fine-grained control
✅ TL;DR
| Feature | Details |
|---|---|
| File Location | WEB-INF/web.xml |
| Role | Deployment configuration |
| Declares | Servlets, filters, listeners, security |
| Still Needed? | Optional in modern apps (Servlet 3.0+) |