Glassfish example source code file (sun-application-client-container_1_2.dtd)
The Glassfish sun-application-client-container_1_2.dtd source code<!--
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
Copyright 2009 Sun Microsystems, Inc. All rights reserved.
Use is subject to License Terms
-->
<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
<!ENTITY % severity "(FINEST|FINER|FINE|CONFIG|INFO|WARNING|SEVERE|ALERT|FATAL)">
<!-- iAS Application client container configuration
send-password Specifies whether client authentication credentials should
be sent to the server. Without credential all accesses to
protected EJBs will result in exceptions.
message-security-config: Optional list of layer specific lists of
configured message security providers.
-->
<!ELEMENT client-container (target-server+, auth-realm?, client-credential?, log-service?, message-security-config*, property*)>
<!ATTLIST client-container send-password %boolean; "true">
<!-- Target server's IIOP listener configuration
name Application server instance name
address ip address or hostname (resolvable by DNS) of the ORB
port port number of the ORB
-->
<!ELEMENT target-server (description?, security?)>
<!ATTLIST target-server name CDATA #REQUIRED
address CDATA #REQUIRED
port CDATA #REQUIRED>
<!ELEMENT description (#PCDATA)>
<!-- Default client credentials that will be sent to server. If this element
is present, then it will be automatically sent to the server, without
prompting the user for usename and password on the client side.
user-name User name credential
password Password credential
realm The realm (specified by name) where credentials are to be
resolved.
-->
<!ELEMENT client-credential (property*)>
<!ATTLIST client-credential user-name CDATA #REQUIRED
password CDATA #REQUIRED
realm CDATA #IMPLIED>
<!-- Logging service configuration.
file By default log file will be at $APPCLIENT_ROOT/logs/client.log
Can use this attribute to specify an alternate location.
level sets the base level of severity. Messages at or above this
setting get logged into the log file.
-->
<!ELEMENT log-service (property*)>
<!ATTLIST log-service file CDATA #IMPLIED
level %severity; "SEVERE">
<!-- SSL security configuration for IIOP/SSL communication with
the target-server.
-->
<!ELEMENT security (ssl, cert-db)>
<!-- Define SSL processing parameters
cert-nickname nickname of the server certificate in the certificate database
or the PKCS#11 token. In the certificate, the name format is
tokenname:nickname. Including the tokenname: part of the name
in this attribute is optional.
ssl2-enabled (optional) Determines whether SSL2 is enabled.
ssl3-enabled (optional) Determines whether SSL3 is enabled.
If both SSL2 and SSL3 are enabled for a virtual server, the server
tries SSL3 encryption first. If that fails, the server tries SSL2
encryption.
ssl2ciphers (optional) A space-separated list of the SSL2 ciphers used, with
the prefix + to enable or - to disable, for example +rc4. Allowed
values are rc4, rc4export, rc2, rc2export, idea, des, desede3.
ssl3-tls-ciphers (optional) A space-separated list of the SSL3 ciphers used, with
the prefix + to enable or - to disable, for example
+SSL_RSA_WITH_RC4_128_MD5.
Allowed SSL3/TLS values are SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5,
SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_NULL_SHA
tls-enabled (optional) Determines whether TLS is enabled.
tls-rollback-enabled (optional) Determines whether TLS rollback is enabled. TLS
rollback should be enabled for Microsoft Internet Explorer
5.0 and 5.5.
client-auth-enabled (optional) Determines whether SSL3 client authentication is
performed on every request, independent of ACL-based access
control.
-->
<!ELEMENT ssl EMPTY>
<!ATTLIST ssl cert-nickname CDATA #IMPLIED
ssl2-enabled CDATA "false"
ssl2-ciphers CDATA #IMPLIED
ssl3-enabled CDATA "true"
ssl3-tls-ciphers CDATA #IMPLIED
tls-enabled CDATA "true"
tls-rollback-enabled CDATA "true">
<!-- Location and password to read the Certificate Database. iAS
(actually NSS) will provide utilities with which a certificate
database can be created.
path Specifies the absolute path where the cert database (cert7.db)
is stored.
password needed to open and read a cert database
-->
<!ELEMENT cert-db EMPTY>
<!ATTLIST cert-db path CDATA #REQUIRED
password CDATA #REQUIRED>
<!-- JAAS is available on Application Client Container.
Optional configuration for JAAS authentication realm.
name defines the name of this realm
classname defines the java class which implements this realm
-->
<!ELEMENT auth-realm (property*)>
<!ATTLIST auth-realm name CDATA #REQUIRED
classname CDATA #REQUIRED>
<!-- Syntax for supplying properties as name value pairs -->
<!ELEMENT property EMPTY>
<!ATTLIST property name CDATA #REQUIRED
value CDATA #REQUIRED>
<!--
The message-layer entity is used to define the value of the
auth-layer attribute of message-security-config elements.
Used in: message-security-config
-->
<!ENTITY % message-layer "(SOAP)">
<!--
The message-security-config element defines the message layer
specific provider configurations of the application server.
All of the providers within a message-security-config element
must be able to perform authentication processing at
the message layer defined by the value of the auth-layer
attribute.
The default-provider attribute may be used to identify
the server provider to be invoked for any application
for which a specific server provider has not been bound.
The default-client-provider attribute may be used to identify
the client provider to be invoked for any application
for which a specific client provider has not been bound.
At most one (non-null) default server provider and at most one
(non-null) default client provider may be identified
among all the same layer message-security-config elements.
When a default provider of a type is not defined for a message
layer, the container will only invoke a provider of the type
(at the layer) for those applications for which a specific
provider has been bound.
Default:
Used in: security-service
-->
<!ELEMENT message-security-config ( provider-config+ )>
<!ATTLIST message-security-config
auth-layer %message-layer; #REQUIRED
default-provider CDATA #IMPLIED
default-client-provider CDATA #IMPLIED>
<!--
The provider-config element defines the configuration of
an authentication provider.
The provider-id attibute contains an identifier that can be used to
reference the provider-config.
The request-policy and response-policy sub-elements define
the authentication policy requirements associated
with the request and response processing performed by the
authentication provider (respectively).
the provider-type attribute defines whether the provider is a client
authentication provider or a server authentication provider.
The class-name attribute defines the java implementation class of the
provider. Client authentication providers must implement the
com.sun.enterprise.security.jauth.ClientAuthModule interface. Server-side
providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule
interface. A provider may implement both interfaces, but it must implement
the interface corresponding to its provider type.
The optional list of property elements may be used to configure provider
specific property values. These values will be passed to the provider
when its initialize method is called.
A provider-config with no contained request-policy or response-policy
sub-elements, is a null provider. The container will not instantiate
or invoke the methods of a null provider, and as such the implementation
class of a null provider need not exist.
Default:
Used in: message-security-config
-->
<!ELEMENT provider-config ( request-policy?, response-policy?, property* )>
<!ATTLIST provider-config
provider-id CDATA #REQUIRED
provider-type (client | server | client-server) #REQUIRED
class-name CDATA #REQUIRED>
<!--
The request-policy element is used to define the authentication policy
requirements associated with the request processing performed by an
authentication provider (i.e. when a client provider's
ClientAuthModule.initiateRequest method is called or when a
server provider's ServerAuthModule.validateRequest is called).
The auth-source attribute defines a requirement for message layer
sender authentication (e.g. username password) or content authentication
(e.g. digital signature).
The auth-recipient attribute defines a requirement for message
layer authentication of the reciever of a message to its sender (e.g. by
XML encryption).
The before-content attribute value indicates that recipient
authentication (e.g. encryption) is to occur before any
content authentication (e.g. encrypt then sign) with respect
to the target of the containing auth-policy.
Default:
Used in: provider-config
-->
<!ELEMENT request-policy EMPTY >
<!ATTLIST request-policy
auth-source (sender | content) #IMPLIED
auth-recipient (before-content | after-content) #IMPLIED>
<!--
The response-policy element is used to define the authentication policy
requirements associated with the response processing performed by an
authentication provider (i.e. when a client provider's
ClientAuthModule.validateResponse method is called or when a
server provider's ServerAuthModule.secureResponse method is called).
The auth-source attribute defines a requirement for message layer
sender authentication (e.g. username password) or content authentication
(e.g. digital signature).
The auth-recipient attribute defines a requirement for message
layer authentication of the reciever of a message to its sender (e.g. by
XML encryption).
The before-content attribute value indicates that recipient
authentication (e.g. encryption) is to occur before any
content authentication (e.g. encrypt then sign) with respect
to the target of the containing auth-policy.
Default:
Used in: provider-config
-->
<!ELEMENT response-policy EMPTY >
<!ATTLIST response-policy
auth-source (sender | content) #IMPLIED
auth-recipient (before-content | after-content) #IMPLIED>
Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish sun-application-client-container_1_2.dtd source code file: |
The search page
Other Glassfish source code examples at this package level
Click here to learn more about this project
