Maven: Customize web.xml of web-app project

is there a way to have two web.xml files and select the appropriate one depending on the profile?

Yes, within each profile you can add a configuration of the maven-war-plugin and configure each to point at a different web.xml.

<profiles>    <profile>        <id>profile1</id>        <build>            <plugins>                <plugin>                    <groupId>org.apache.maven.plugins</groupId>                    <artifactId>maven-war-plugin</artifactId>                    <configuration>                        <webXml>/path/to/webXml1</webXml>                    </configuration>                </plugin>                 ...

As an alternative to having to specify the maven-war-plugin configuration in each profile, you can supply a default configuration in the main section of the POM and then just override it for specific profiles.

Or to be even simpler, in the main <build><plugins> of your POM, use a property to refer to the webXml attribute and then just change it's value in different profiles

<properties>    <webXmlPath>path/to/default/webXml</webXmlPath></properties><profiles>    <profile>        <id>profile1</id>        <properties>            <webXmlPath>path/to/custom/webXml</webXmlPath>        </properties>    </profile></profiles><build>    <plugins>        <plugin>            <groupId>org.apache.maven.plugins</groupId>            <artifactId>maven-war-plugin</artifactId>            <configuration>                <webXml>${webXmlPath}</webXml>            </configuration>        </plugin>        ...

There's a third, compromise option which I implemented in my project. It keeps everything in one web.xml while still making both it and the pom.xml readable. In my case, I had a need to sometimes have security and sometimes have no security, depending on the environment.

So what I did was:

In the pom.xml, define two profiles (or however many you need). Within the profiles, include two properties. When you want security, you leave them empty, like this:

<enable.security.start></enable.security.start><enable.security.end></enable.security.end>

When you want to exclude all of the security, you define them as follows:

<enable.security.start><!--</enable.security.start><enable.security.end>--></enable.security.end>

Then, you have a single web.xml file with the following:

${enable.security.start}<security-constraint>  ...  // all of the XML that you need, in a completely readable format  ...</login-config>  ${enable.security.end}

The pom.xml maven-war-plugin has to be configured to use filtering. Mine looks like this:

   <configuration>      <webResources>        <resource>          <filtering>true</filtering>          <directory>src/main/webapp</directory>          <includes>            <include>**/web.xml</include>          </includes>        </resource>      </webResources>      <warSourceDirectory>src/main/webapp</warSourceDirectory>      <webXml>src/main/webapp/WEB-INF/web.xml</webXml>      ...

So, basically, when you select the profile to include security, you get two extra CRLF's in your web.xml. When you select the profile to NOT include security, the XML is all still in the web.xml, but it's commented out so it gets ignored. I like this because you don't have to worry about keeping multiple files in sync, yet the XML is still readable (and it's in the web.xml file where people would naturally look for it).

Comment to Chris Clark answer. You can reverse - so in development you do not want to have any constraints (security or jndi, other)

<!-- ${enable.security.end}<security-constraint>    ...</security-constraint>${enable.security.start} -->

So in development you have commented out section. But in production it will be translated to (with maven profile):

<!-- --><security-constraint>    ...</security-constraint><!-- -->

and commented section will be visible.