Executable .war with winstone-maven-plugin

You don’t need to install Tomcat, JBoss or any other web server in order to run a Java web application (.war file)!

If your project is configured with a Maven pom.xml and the module has <packaging>war</packaging>, you can just add this little piece of XML inside the pom’s <plugins> tag:


Then, when you run…

mvn install

…winstone-maven-plugin will automatically create a *-standalone.jar file for you, which contains your web application.

Standalone .jar file, along with the .war file.
Standalone .jar file, along with the .war file.

You can run that .jar file as a standalone application, which runs your included web application on port 8080 by default:

java -jar target/*-standalone.jar

No web server installation necessary! No external files required! (You don’t even need the .war file anymore.)

The resulting .jar file is actually the servlet container Winstone, with your .war file deployed inside it.

There are more configuration options on winstone-maven-plugin’s usage page.

I want to disable some default features of Winstone for security reasons, because they are not needed: ajp13 listener on a separate port, servlet invoker and directory listings. This is the complete plugin configuration I usually use myself:


You can temporarily override these configuration parameters if you like, using command-line options when executing the standalone .jar file. Find them with --help when you run the .jar.

This Post Has 11 Comments

  1. Thomas Joseph

    Really Cool!
    … BTW, this was my first visit to this site/blog as such…

  2. Hegelund

    That little peace of information just saved my day! Really neat and handy.

  3. Rick Knowles


    This is a neat use of maven for packaging into the winstone embedded function. A winstone user at one of my clients was asking about a maven plugin the other day, so I’ve forwarded this onto him. I don’t use maven 2 much myself (preferring Ant for speed), but plenty of people do, so your help in extending Winstone is appreciated.



  4. Hugo Josefson

    Thanks for your feedback! You may also be interested in my latest post about onejar-maven-plugin:


    It’s for Maven projects which need to be built as an executable .jar file. Onejar-maven-plugin collects all dependency jars inside one big executable jar, and makes your application really easy to run. It also works better and simpler than maven-assembly-plugin.


  5. David Johnson

    Any idea how to implement HTTP authentication with this technique? Where in the maven webapp project do I put the tomcat-users.xml file?

    1. Hugo Josefson

      Hi David,

      Thanks for asking.

      I don’t particularly like the standard Java Webapp way of configuring security. It forces you to configure things in your web server (for example in Tomcat with a tomcat-users.xml). It is also not portable, so you have to configure different web servers differently. For example, you can’t use the tomcat-users.xml in Winstone. In Winstone, the equivalence of a tomcat-users.xml are the “Security options”, which are documented here:
      http://winstone.sourceforge.net/ (search the page for “Security options”)

      What I have found is more powerful and easier is to use, is Spring Security. When using that, everything can be configured inside the webapp and nothing has to be configured manually afterwards, in the web server. The war can also be dropped into any web server without modification.

      I have used it with war’s in Winstone too. Works great.

      Here’s an example to get you going:

      And here’s the official website for Spring Security:


  6. Ken Chau

    How do you specify the useJasper and the commonLibFolder and the subsequent Jasper jars within Maven for this plugin??

  7. Jan Goyvaerts

    It does in a single inclusion what I’m trying to do for the whole day ! :-)

    Is it possible it doesn’t handle ajax calls ? The site is obviously missing things. Pity…

Leave a Reply