5 Replies Latest reply on Oct 25, 2017 2:24 PM by gir489

    JSP hot deploy in production, good or bad idea?


      I work for a company who sell a software product to be deployed on client premise.


      A new feature I am designing is to enable user to extend the application, one of which is to customize the pages. User can change existing or add new pages.

      I am exploring various options available, one of which is to let user (indirectly via a deployer app or a menu inside the application) deploy their custom pages into WEB-INF directory inside our exploded war package.

      This feature will very much depend on <jsp-config development="true" check-interval="5" /> so that the newly deployed JSP picked up and compiled by the app server.


      The question, will this be a bad idea?

      Is there a security concern related to leaving JSP subsytem's development mode on in production server?






      P.S. I am aware that templating engine like Velocity and Freemarker seem like a better fit  to this rather than JSP which designed to be a 'static' part of the artifact. However our pages (thousand of them) are written in JSP and we would like to as much as possible reuse existing knowledge and passed it to our users, rather than introduce another learning curve within our organization.