Spring Boot - Autogenerate context.xml while war file is deployed to tomcat

Problem Statement - I want to generate a context.xml file through spring boot code so that, whenever I deploy application to tomcat, context.xml should be created by itseld under META-INF folder.

Detailed Question

I have created a spring boot project which will be hosted on tomcat server on a VPS.

I want to restrict the application from remote access. i.e. it should only be accessible from localhost.

I achieved this through below steps manually

• Navigated to {{tomcat}}/webapps/application folder
• Navigated to META-INF
• Created a context.xml file with below content

<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>

This is working fine for me. However, if I deploy a new build, this will get overwritten and my application will be exposed again.

Can someone help me with a way to auto-create this file every-time war file is generated and deployed to tomcat.

I believe what you need is that the context.xml remains unchanged even after the application redeployment. I think deployXml attribute can help doing that.

In your Server.xml, add deployXml attribute and mark it to false.

<Host name="localhost" deployXml="false" appBase="webapps" unpackWARs="true" autoDeploy="true">

Second step, move your context.xml to conf/catalina/localhost

According to Tomcat Documentation here -
https://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Standard_Implementation

deployXML
> Set to false if you want to disable parsing the context XML descriptor
> embedded inside the application (located at /META-INF/context.xml).
> Security conscious environments should set this to false to prevent
> applications from interacting with the container's configuration. The
> administrator will then be responsible for providing an external
> context configuration file, and putting it in the location defined by
> the xmlBase attribute. If this flag is false, a descriptor is located
> at /META-INF/context.xml and no descriptor is present in xmlBase then
> the context will fail to start in case the descriptor contains
> necessary configuration for secure deployment (such as a
> RemoteAddrValve) which should not be ignored. The flag's value
> defaults to true unless a security manager is enabled when the default
> is false. When running under a security manager this may be enabled on
> a per web application basis by granting the
> org.apache.catalina.security.DeployXmlPermission to the web
> application. The Manager and Host Manager applications are granted
> this permission by default so that they continue to work when running
> under a security manager.