Glassfish example source code file (sun-domain_1_1.dtd)
The Glassfish sun-domain_1_1.dtd source code<?xml version="1.0" encoding="UTF-8"?>
<!--
XML DTD for Sun Java System Application Server Configuration.
Copyright (c) 2002 by Sun Microsystems, Inc. All Rights Reserved.
-->
<!-- ENTITIES -->
<!-- boolean
Used in:
access-log, admin-object-resource, appclient-module,
application-ref, availability-service, config,
connector-connection-pool, connector-module, connector-resource,
custom-resource, das-config, ejb-container-availability,
ejb-module, external-jndi-resource, http-access-log,
http-file-cache, http-listener, http-protocol, iiop-listener,
iiop-service, j2ee-application, java-config,
jdbc-connection-pool, jdbc-resource, jms-service, jmx-connector,
lb-config, lifecycle-module, log-service, mail-resource,
node-agent, persistence-manager-factory-resource, profiler,
resource-ref, security-service, server-ref, ssl,
transaction-service, web-container-availability, web-module
-->
<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
<!-- isolation
Used in:
jdbc-connection-pool
-->
<!ENTITY % isolation
"(read-uncommitted | read-committed | repeatable-read | serializable)">
<!-- validation-level
Used in:
das-config
-->
<!ENTITY % validation-level "(full | parsing | none)">
<!-- object-type
defines the type of the resource. It can be:
system-all
These are system resources for all instances and DAS
system-admin
These are system resources only in DAS
system-instance
These are system resources only in instances (and not DAS)
user
User resources (This is the default for all elements)
Used in:
admin-object-resource, connector-module, connector-resource,
custom-resource, ejb-module, external-jndi-resource,
j2ee-application, jdbc-resource, mail-resource,
persistence-manager-factory-resource, resource-adapter-config,
web-module
-->
<!ENTITY % object-type "(system-all | system-admin | system-instance | user)">
<!-- rjmx-protocol
SE/EE related ENTITIES: This will define the available JSR 160
connector transport protocols.
Used in:
jmx-connector
-->
<!ENTITY % rjmx-protocol "(rmi_jrmp | rmi_iiop | jmxmp)">
<!-- monitoring-level
monitoring-level controls the amount of monitoring data collected
and exposed to clients
OFF
no monitoring/statistical data is exposed to the clients.
LOW
SE/EE only
HIGH
maximum data is gathered and released.
Used in:
module-monitoring-levels
-->
<!ENTITY % monitoring-level "(OFF | LOW | HIGH)">
<!-- persistence-type
SE/EE related ENTITIES
Used in:
web-container-availability
-->
<!ENTITY % persistence-type "(memory | file | ha)">
<!-- session-save-frequency
Used in:
web-container-availability
-->
<!ENTITY % session-save-frequency "(web-method | time-based | on-demand)">
<!-- session-save-scope
Used in:
web-container-availability
-->
<!ENTITY % session-save-scope
"(session | modified-session | modified-attribute)">
<!-- sfsb-persistence-type
Used in:
ejb-container-availability
-->
<!ENTITY % sfsb-persistence-type "(file | ha)">
<!-- message-layer
Used in:
message-security-config
-->
<!ENTITY % message-layer "(SOAP)">
<!-- log-level
Configure the Log Levels for Various Loggers in the SUN ONE
Modules. The Default level is set to INFO, The log levels can be
changed using one of the seven levels. Please refer JSR 047 to
understand the Log Levels.
The Logs can be completely turned off by using 'OFF' value. The names of
the module loggers are self-explanatory
Used in:
module-log-levels
-->
<!ENTITY % log-level
"(FINEST | FINER | FINE | CONFIG | INFO | WARNING | SEVERE | OFF)">
<!-- ELEMENTS -->
<!-- domain
Top level Domain Element that includes applications, resources,
configs, servers, clusters and node-agents, load balancer
configurations and load balancers. node-agents and load balancers
are SE/EE related entities only.
attributes
application-root
for PE this defines the location where applications are
deployed
locale
If present, overrides OS locale setting.
log-root
specifies where the server instance's log files are kept,
including HTTP access logs, server logs, and transaction
logs. Default is $INSTANCE-ROOT/logs
-->
<!ELEMENT domain
(applications?, resources?, configs, servers, clusters?, node-agents?,
lb-configs?, system-property*, property*)>
<!ATTLIST domain
application-root CDATA #IMPLIED
log-root CDATA #IMPLIED
locale CDATA #IMPLIED>
<!-- configs
Used in:
domain
-->
<!ELEMENT configs (config+)>
<!-- servers
Used in:
domain
-->
<!ELEMENT servers (server*)>
<!-- clusters
Used in:
domain
-->
<!ELEMENT clusters (cluster*)>
<!-- node-agents
Used in:
domain
-->
<!ELEMENT node-agents (node-agent*)>
<!-- lb-configs
Used in:
domain
-->
<!ELEMENT lb-configs (lb-config*)>
<!-- applications
Various types of applications that can be deployed on Sun ONE
Application Server instance
Used in:
domain
-->
<!ELEMENT applications
((lifecycle-module | j2ee-application | ejb-module | web-module |
connector-module | appclient-module)*)>
<!-- lifecycle-module
attributes
class-name
fully qualified name of the startup class.
classpath
where this module is actually located, if it is not under
applications-root
enabled
boolean attribute. If set to "false" this module will not be
loaded at server start up.
is-failure-fatal
if true, aborts server start up if this module does not load
properly.
load-order
integer value that can be used to force the order in which
deployed lifecycle modules are loaded at server start up.
Smaller numbered modules get loaded sooner. Order is
unspecified if two or more lifecycle modules have the same
load-order value.
name
unqiue identifier for the deployed server lifecycle event
listener module.
Used in:
applications
-->
<!ELEMENT lifecycle-module (description?, property*)>
<!ATTLIST lifecycle-module
name CDATA #REQUIRED
class-name CDATA #REQUIRED
classpath CDATA #IMPLIED
load-order CDATA #IMPLIED
is-failure-fatal %boolean; "false"
enabled %boolean; "true">
<!-- j2ee-application
attributes
availability-enabled
This boolean flag controls whether availability is enabled
for SFSB checkpointing (and potentially passivation). If this
is "false", then all SFSB checkpointing is disabled for
either the given j2ee app or the given ejb module. If it is
"true" (and providing that all the availability-enabled
attributes above in precedence are also "true", then the j2ee
app or stand-alone ejb modules may be ha enabled.
Finer-grained control exists at lower level inside each bean.
If this attribute is missing, it defaults to "false".
directory-deployed
This attribute indicates whether the application has been
deployed to a directory or not
Used in:
applications
-->
<!ELEMENT j2ee-application (description?)>
<!ATTLIST j2ee-application
name CDATA #REQUIRED
location CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true"
availability-enabled %boolean; "false"
directory-deployed %boolean; "false">
<!-- ejb-module
attributes
availability-enabled
This boolean flag controls whether availability is enabled
for SFSB checkpointing (and potentially passivation). If this
is "false", then all SFSB checkpointing is disabled for
either the given j2ee app or the given ejb module. If it is
"true" (and providing that all the availability-enabled
attributes above in precedence are also "true", then the j2ee
app or stand-alone ejb modules may be ha enabled.
Finer-grained control exists at lower level inside each bean.
If this attribute is missing, it defaults to "false".
directory-deployed
This attribute indicates whether the application has been
deployed to a directory or not
Used in:
applications
-->
<!ELEMENT ejb-module (description?)>
<!ATTLIST ejb-module
name CDATA #REQUIRED
location CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true"
availability-enabled %boolean; "false"
directory-deployed %boolean; "false">
<!-- web-module
attributes
availability-enabled
This boolean flag controls whether availability is enabled
for HTTP Session Persistence. If this is "false", then all
session persistence is disabled for the given web module. If
it is "true" (and providing that all the availability-enabled
attributes above in precedence are also "true", then the web
module may be ha enabled. Finer-grained control exists at
lower level (see sun-web.xml). If this attribute is missing,
it defaults to "false".
context-root
context-root must match the pattern for the hpath production
in RFC 1738 which can be found at:
http://www.w3.org/Addressing/rfc1738.txt. This is flattened
to the following regular expression in XML Schema's pattern
language:
([a-zA-Z0-9$\-_.+!*'(),]|%[0-9A-Fa-f][0-9A-Fa-f]|;|:|&|=)*(/([
-zA-Z0-9$\-_.+!*'(),]|%[0-9A-Fa-f][0-9A-Fa-f]|;|:|&|=)*)*
Note that this includes the null or empty context root and
permits but does not require a context root to start with the
'/' character (including a context root which is simply the
'/' character).
directory-deployed
This attribute indicates whether the application has been
deployed to a directory or not
Used in:
applications
-->
<!ELEMENT web-module (description?)>
<!ATTLIST web-module
name CDATA #REQUIRED
context-root CDATA #REQUIRED
location CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true"
availability-enabled %boolean; "false"
directory-deployed %boolean; "false">
<!-- connector-module
Used in:
applications
-->
<!ELEMENT connector-module (description?)>
<!ATTLIST connector-module
name CDATA #REQUIRED
location CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true"
directory-deployed %boolean; "false">
<!-- appclient-module
Used in:
applications
-->
<!ELEMENT appclient-module (description?)>
<!ATTLIST appclient-module
name CDATA #REQUIRED
location CDATA #REQUIRED
directory-deployed %boolean; "false">
<!-- resources
J2EE Applications look up resources registered with the
Application server, using portable JNDI names.
Used in:
domain
-->
<!ELEMENT resources
((custom-resource | external-jndi-resource | jdbc-resource | mail-resource
| persistence-manager-factory-resource | admin-object-resource |
connector-resource | resource-adapter-config | jdbc-connection-pool |
connector-connection-pool)*)>
<!-- description
Textual description of a configured entity
Used in:
admin-object-resource, appclient-module,
connector-connection-pool, connector-module, connector-resource,
custom-resource, ejb-module, external-jndi-resource,
j2ee-application, jdbc-connection-pool, jdbc-resource,
lifecycle-module, mail-resource,
persistence-manager-factory-resource, property, system-property,
web-module
-->
<!ELEMENT description (#PCDATA)>
<!-- custom-resource
custom (or generic) resource managed by a user-written factory
class.
attributes
jndi-name
JNDI name for generic resource, the fully qualified type of
the resource and whether it is enabled at runtime
Used in:
resources
-->
<!ELEMENT custom-resource (description?, property*)>
<!ATTLIST custom-resource
jndi-name CDATA #REQUIRED
res-type CDATA #REQUIRED
factory-class CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true">
<!-- external-jndi-resource
resource residing in an external JNDI repository
Used in:
resources
-->
<!ELEMENT external-jndi-resource (description?, property*)>
<!ATTLIST external-jndi-resource
jndi-name CDATA #REQUIRED
jndi-lookup-name CDATA #REQUIRED
res-type CDATA #REQUIRED
factory-class CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true">
<!-- jdbc-resource
JDBC javax.sql.(XA)DataSource resource definition
Used in:
resources
-->
<!ELEMENT jdbc-resource (description?, property*)>
<!ATTLIST jdbc-resource
jndi-name CDATA #REQUIRED
pool-name CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true">
<!-- mail-resource
The mail-resource element describes a javax.mail.Session resource
attributes
host
ip V6 or V4 address or hostname.
Used in:
resources
-->
<!ELEMENT mail-resource (description?, property*)>
<!ATTLIST mail-resource
jndi-name CDATA #REQUIRED
store-protocol CDATA "imap"
store-protocol-class CDATA "com.sun.mail.imap.IMAPStore"
transport-protocol CDATA "smtp"
transport-protocol-class CDATA "com.sun.mail.smtp.SMTPTransport"
host CDATA #REQUIRED
user CDATA #REQUIRED
from CDATA #REQUIRED
debug %boolean; "false"
object-type %object-type; "user"
enabled %boolean; "true">
<!-- persistence-manager-factory-resource
Persistence Manager runtime configuration.
attributes
factory-class
Class that creates persistence manager instance.
jdbc-resource-jndi-name
jdbc resource with which database connections are obtained.
jndi-name
JNDI name for this resource
Used in:
resources
-->
<!ELEMENT persistence-manager-factory-resource (description?, property*)>
<!ATTLIST persistence-manager-factory-resource
jndi-name CDATA #REQUIRED
factory-class CDATA "com.sun.jdo.spi.persistence.support.sqlstore.impl.PersistenceManagerFactoryImpl"
jdbc-resource-jndi-name CDATA #IMPLIED
object-type %object-type; "user"
enabled %boolean; "true">
<!-- admin-object-resource
The admin-object-resource element describes a administered object
for a inbound resource adapter.
attributes
jndi-name
JNDI name for this resource
res-adapter
Name of the inbound resource adapter.
res-type
Interface definition for the administered object
Used in:
resources
-->
<!ELEMENT admin-object-resource (description?, property*)>
<!ATTLIST admin-object-resource
jndi-name CDATA #REQUIRED
res-type CDATA #REQUIRED
res-adapter CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true">
<!-- connector-resource
Used in:
resources
-->
<!ELEMENT connector-resource (description?, property*)>
<!ATTLIST connector-resource
jndi-name CDATA #REQUIRED
pool-name CDATA #REQUIRED
object-type %object-type; "user"
enabled %boolean; "true">
<!-- resource-adapter-config
This element is for configuring the resource adapter. These
values (properties) over-rides the default values present in
ra.xml. The name attribute has to be unique . It is optional for
PE. It is used mainly for EE.
Used in:
resources
-->
<!ELEMENT resource-adapter-config (property*)>
<!ATTLIST resource-adapter-config
name CDATA #IMPLIED
thread-pool-ids CDATA #IMPLIED
object-type %object-type; "user"
resource-adapter-name CDATA #REQUIRED>
<!-- config
The configuration defines the configuration of a server instance
that can be shared by other server instances. The
availability-service and are SE/EE only.
attributes
dynamic-reconfiguration-enabled
When set to "true" then any changes to the system (e.g.
applications deployed, resources created) will be
automatically applied to the affected servers without a
restart being required. When set to "false" such changes will
only be picked up by the affected servers when each server
restarts.
Used in:
configs
-->
<!ELEMENT config
(http-service, iiop-service, admin-service, connector-service?,
web-container, ejb-container, mdb-container, jms-service?, log-service,
security-service, transaction-service, monitoring-service, java-config,
availability-service?, thread-pools, alert-service?, system-property*,
property*)>
<!ATTLIST config
name CDATA #REQUIRED
dynamic-reconfiguration-enabled %boolean; "true">
<!-- alert-service
The Alert service provides a mechanism for users to register for
and receive alerts. The alert service collects together a set of
alert subscriptions
Used in:
config
-->
<!ELEMENT alert-service (alert-subscription*, property*)>
<!-- alert-subscription
alert subscription details a specific subscription. The
subscription comprises the configuration of a specific listener,
and a filter to be applied.
attributes
name
The unique name identifying a particular alert service.
Used in:
alert-service
-->
<!ELEMENT alert-subscription (listener-config, filter-config?)>
<!ATTLIST alert-subscription
name CDATA #REQUIRED>
<!-- listener-config
connects a specific listener class with specific managed objects
attributes
listener-class-name
The name of a class that can act as a listener for alerts.
Non-empty string containing a Java class name.
subscribe-listener-with
A list of managed object names that the listener should be
subscribed to. A non-empty, comma separated list.
Used in:
alert-subscription
-->
<!ELEMENT listener-config (property*)>
<!ATTLIST listener-config
listener-class-name CDATA #REQUIRED
subscribe-listener-with CDATA #REQUIRED>
<!-- filter-config
filter-config provides the means of specifying a filter to be
applied to alerts
attributes
filter-class-name
The name of a class that can act as a filter. Non-empty
string containing a Java class name.
Used in:
alert-subscription
-->
<!ELEMENT filter-config (property*)>
<!ATTLIST filter-config
filter-class-name CDATA #REQUIRED>
<!-- http-service
Used in:
config
-->
<!ELEMENT http-service
(access-log?, http-listener+, virtual-server+, request-processing?,
keep-alive?, connection-pool?, http-protocol?, http-file-cache?,
property*)>
<!-- access-log
attributes
format
The global format for the access log rotation-policy The
policy based on which the log rotation would be done . At
this time only time based rotation is enabled.
rotation-enabled
The flag for enabling the access-log rotation
rotation-interval-in-minutes
The time interval in minutes between two successive rotations
of the access logs.
rotation-suffix
The suffix to be added to the access-log name after rotation.
Used in:
http-service
-->
<!ELEMENT access-log EMPTY>
<!ATTLIST access-log
format CDATA "%client.name% %auth-user-name% %datetime% %request% %status% %response.length%"
rotation-policy (time) "time"
rotation-interval-in-minutes CDATA "1440"
rotation-suffix CDATA "%YYYY;%MM;%DD;-%hh;h%mm;m%ss;s"
rotation-enabled %boolean; "true">
<!-- http-listener
attributes
acceptor-threads
Number of acceptor threads for the listen socket. The
recommended value is the number of processors in the machine.
address
IP address of the listen socket. Can be in dotted-pair or
IPv6 notation. Can also be any for INADDR-ANY. Configuring a
listen socket to listen on any is required if more than one
http-listener is configured to it.
blocking-enabled
Enables blocking for the listen and external ports.
default-virtual-server
The id attribute of the default virtual server for this
particular connection group.
external-port
The port at which the user makes a request , typically a
proxy server port.
family
Specified the family of addresses either inet or ncsa
id
Unique identifier for http listener.
port
Port number to create the listen socket on. Legal values are
1 - 65535. On Unix, creating sockets that listen on ports 1 -
1024 requires superuser privileges. Configuring an SSL listen
socket to listen on port 443 is recommended.
redirect-port
if the connector is supporting non-SSL requests and a request
is received for which a matching security-constraint requires
SSL transport catalina will automatically redirect the
request to the port number specified here
security-enabled
Determines whether the http listener runs SSL. You can turn
SSL2 or SSL3 on or off and set ciphers using an ssl element.
The enable-ssl in the protocol element should be set to true
for this setting to work.
server-name
Tells the server what to put in the host name section of any
URLs it sends to the client. This affects URLs the server
automatically generates; it doesnt affect the URLs for
directories and files stored in the server. This name should
be the alias name if your server uses an alias. If you append
a colon and port number, that port will be used in URLs the
server sends to the client.
xpowered-by
The Servlet 2.4 spec defines a special X-Powered-By:
Servlet/2.4 header, which containers may add to
servlet-generated responses. This is complemented by the JSP
2.0 spec, which defines a X-Powered-By: JSP/2.0 header to be
added (on an optional basis) to responses utilizing JSP
technology. The goal of these headers is to aid in gathering
statistical data about the use of Servlet and JSP technology.
If true, these headers will be added.
Used in:
http-service
-->
<!ELEMENT http-listener (ssl?, property*)>
<!ATTLIST http-listener
id CDATA #REQUIRED
address CDATA #REQUIRED
port CDATA #REQUIRED
external-port CDATA #IMPLIED
family (inet | ncsa) "inet"
blocking-enabled %boolean; "false"
acceptor-threads CDATA "10"
security-enabled %boolean; "false"
default-virtual-server CDATA #REQUIRED
server-name CDATA #REQUIRED
redirect-port CDATA #IMPLIED
xpowered-by %boolean; "true"
enabled %boolean; "true">
<!-- ssl
Define SSL processing parameters
attributes
cert-nickname
nickname of the server certificate in the certificate
database or the PKCS#11 token. In the certificate, the name
format is tokenname:nickname. Including the tokenname: part
of the name in this attribute is optional.
client-auth-enabled
Determines whether SSL3 client authentication is performed on
every request, independent of ACL-based access control.
ssl2-ciphers
A comma-separated list of the SSL2 ciphers used, with the
prefix + to enable or - to disable, for example +rc4. Allowed
values are rc4, rc4export, rc2, rc2export, idea, des,
desede3. If no value is specified, all supported ciphers are
assumed to be enabled. NOT Used in PE
ssl2-enabled
Determines whether SSL2 is enabled. NOT Used in PE. SSL2 is
not supported by either iiop or web-services. When this
element is used as a child of the iiop-listener element then
the only allowed value for this attribute is "false".
ssl3-enabled
Determines whether SSL3 is enabled.
If both SSL2 and SSL3 are enabled for a virtual server, the server
tries SSL3 encryption first. If that fails, the server tries SSL2
encryption.
ssl3-tls-ciphers
A comma-separated list of the SSL3 ciphers used, with the
prefix + to enable or - to disable, for example +rsa_des_sha.
Allowed SSL3 values are rsa_rc4_128_md5, rsa3des_sha,
rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5.
Allowed TLS values are rsa_des_56_sha, rsa_rc4_56_sha. If no
value is specified, all supported ciphers are assumed to be
enabled.
tls-enabled
Determines whether TLS is enabled.
tls-rollback-enabled
Determines whether TLS rollback is enabled. TLS rollback
should be enabled for Microsoft Internet Explorer 5.0 and
5.5. NOT Used in PE
Used in:
http-listener, iiop-listener, jmx-connector, ssl-client-config
-->
<!ELEMENT ssl EMPTY>
<!ATTLIST ssl
cert-nickname CDATA #REQUIRED
ssl2-enabled %boolean; "false"
ssl2-ciphers CDATA #IMPLIED
ssl3-enabled %boolean; "true"
ssl3-tls-ciphers CDATA #IMPLIED
tls-enabled %boolean; "true"
tls-rollback-enabled %boolean; "true"
client-auth-enabled %boolean; "false">
<!-- virtual-server
Configuration of Virtual Server
Virtualization in Application Server allows multiple URL domains to be
served by the same HTTP server process, which is listening on multiple
host addresses If an application is available at two virtual servers, they
still share same physical resource pools, such as JDBC connection pools.
Sun ONE Application Server allows a list of virtual servers, to be
specified along with web-module and j2ee-application elements. This
establishes an association between URL domains, represented by the virtual
server and the web modules (standalone web modules or web modules inside
the ear file)
attributes
default-web-module
stand alone web module associated with this virtual server by
default.
docroot
The location on the filesystem where the files related to the
content to be served by this virtual server is stored.
hosts
A comma-separated list of values allowed in the Host request
header to select the current virtual server. Each Virtual
Server that is configured to the same Connection Group must
have a unique hosts value for that group.
http-listeners
A comma-separated list of http-listener id(s), Required only
for a Virtual Server that is not the default virtual server.
id
Virtual server ID. This is a unique ID that allows lookup of
a specific virtual server. A virtual server ID cannot begin
with a number.
log-file
Specifies a log file for virtual-server-specific log
messages. Default value is
${com.sun.aas.instanceRoot}/logs/server.log
state
Determines whether a Virtual Server is active (on) or
inactive (off, disable). The default is on (active). When
inactive, a Virtual Server does not service requests.
off
returns a 404: Status code (404) indicating that the
requested resource is not available
disabled
returns a 403: Status code (403) indicating the server
understood the request but refused to fulfill it.
Used in:
http-service
-->
<!ELEMENT virtual-server (http-access-log?, property*)>
<!ATTLIST virtual-server
id CDATA #REQUIRED
http-listeners CDATA #IMPLIED
default-web-module CDATA #IMPLIED
hosts CDATA #REQUIRED
state (on | off | disabled) "on"
docroot CDATA #IMPLIED
log-file CDATA "${com.sun.aas.instanceRoot}/logs/server.log">
<!-- http-access-log
attributes
iponly
if the IP address of the user agent should be specified or a
DNL lookup should be done
log-directory
location of the access logs specified as a directory.This
defaults to the domain.log-root, which by default is
${INSTANCE_ROOT}/logs. Hence the default value for this
attribute is ${INSTANCE_ROOT}/logs/access
Used in:
virtual-server
-->
<!ELEMENT http-access-log EMPTY>
<!ATTLIST http-access-log
log-directory CDATA "${com.sun.aas.instanceRoot}/logs/access"
iponly %boolean; "true">
<!-- request-processing
This element provides attributes to configure the request
processing subsystem in the HTTP service.
attributes
header-buffer-length-in-bytes
The size of the buffer used by the request processing threads
for reading the request data
initial-thread-count
The no of request processing threads when the http service is
initialized
request-timeout-in-seconds
Time after which the request times out
thread-count
Max no of request processing threads.
thread-increment
The increment in the no of request processing threads when
the no. of requests reaches the number specified by
request-threads-init
Used in:
http-service
-->
<!ELEMENT request-processing EMPTY>
<!ATTLIST request-processing
thread-count CDATA "128"
initial-thread-count CDATA "48"
thread-increment CDATA "10"
request-timeout-in-seconds CDATA "30"
header-buffer-length-in-bytes CDATA "4096">
<!-- keep-alive
Keep-alive subsystem configuration
attributes
max-connections
Max no of connection in the Keep Alive mode
thread-count
no of Keep Alive threads in the system
timeout-in-seconds
Keep Alive timeout , max time a connection can be deemed as
idle and kept in the keep-alive state
Used in:
http-service
-->
<!ELEMENT keep-alive EMPTY>
<!ATTLIST keep-alive
thread-count CDATA "1"
max-connections CDATA "256"
timeout-in-seconds CDATA "30">
<!-- connection-pool
attributes
max-pending-count
Max no of pending connections on the listen socket
queue-size-in-bytes
Size in bytes of the Connection queue
receive-buffer-size-in-bytes
The buffer size of the receive buffer used by sockets.
send-buffer-size-in-bytes
The buffer size of the send buffer used by sockets.
Used in:
http-service
-->
<!ELEMENT connection-pool EMPTY>
<!ATTLIST connection-pool
queue-size-in-bytes CDATA "4096"
max-pending-count CDATA "4096"
receive-buffer-size-in-bytes CDATA "4096"
send-buffer-size-in-bytes CDATA "8192">
<!-- http-protocol
HTTP Protocol related settings
attributes
default-response-type
Setting the default response-type. Specified as a semi-colon
delimited string consisting of content-type, encoding,
language, charset
dns-lookup-enabled
If the DNS name for a particular ip address from which the
request originates needs to be looked up.
forced-response-type
The response type to be forced if the content served cannot
be matched by any of the MIME mappings for extensions.
Specified as a semi-colon delimited string consisting of
content-type, encoding, language, charset
ssl-enabled
Globally enables SSL across the server
version
The version of the HTTP protocol used by the HTTP Service
Used in:
http-service
-->
<!ELEMENT http-protocol EMPTY>
<!ATTLIST http-protocol
version CDATA "HTTP/1.1"
dns-lookup-enabled %boolean; "false"
forced-response-type CDATA "text/html; charset=iso-8859-1"
default-response-type CDATA "text/html; charset=iso-8859-1"
ssl-enabled %boolean; "true">
<!-- http-file-cache
attributes
file-caching-enabled
Enables the caching of file content if the file size is less
than the one specified ny med-file-size-limit
file-transmission-enabled
This is valid on Windows only. Enables the TransmitFileSystem
call.
globally-enabled
globally enables the file cache
hash-init-size
Initial no. of hash buckets.
max-age-in-seconds
Maximum age of a valid cache entry
max-files-count
Maximum no. of files in the file cache.
medium-file-size-limit-in-bytes
Maximum size of a cached file that can be stored as a memory
mapped file.
medium-file-space-in-bytes
Total size of all files that are cached as memory mapped
files.
small-file-size-limit-in-bytes
Maximum size of a file that can be read into memory.
small-file-space-in-bytes
Total size of the files that are read into memory.
Used in:
http-service
-->
<!ELEMENT http-file-cache EMPTY>
<!ATTLIST http-file-cache
globally-enabled %boolean; "true"
file-caching-enabled %boolean; "on"
max-age-in-seconds CDATA "30"
medium-file-size-limit-in-bytes CDATA "537600"
medium-file-space-in-bytes CDATA "10485760"
small-file-size-limit-in-bytes CDATA "2048"
small-file-space-in-bytes CDATA "1048576"
file-transmission-enabled %boolean; "false"
max-files-count CDATA "1024"
hash-init-size CDATA "0">
<!-- iiop-service
Used in:
config
-->
<!ELEMENT iiop-service (orb, ssl-client-config?, iiop-listener*)>
<!ATTLIST iiop-service
client-authentication-required %boolean; "false">
<!-- orb
Orb Configuration properties
attributes
max-connections
maximum number of incoming connections, on all listeners
message-fragment-size
GIOPv1.2 messages larger than this will get fragmented.
Minimum value is 128.
use-thread-pool-ids
This would refer to the thread-pool-id(s) defined in the
thread-pool sub-element of thread-pool-config element in
server.xml. These would be the threadpool(s) used by the ORB.
More than one thread-pool-id(s) could be specified by using
commas to separate the names e.g. orb-thread-pool-1,
orb-thread-pool-2
Used in:
iiop-service
-->
<!ELEMENT orb (property*)>
<!ATTLIST orb
use-thread-pool-ids CDATA #REQUIRED
message-fragment-size CDATA "1024"
max-connections CDATA "1024">
<!-- ssl-client-config
ssl-client-config element specifies the SSL configuration when
the Application Server is making outbound IIOP/SSL connections.
Used in:
iiop-service
-->
<!ELEMENT ssl-client-config (ssl)>
<!-- iiop-listener
children
ssl
element specifies optional SSL configuration. Note that the
ssl2 ciphers are not supported for iiop, and therefore must
be disabled.
attributes
address
ip V6 or V4 address or hostname.
enabled
if false, a configured listener, is disabled
id
unique identifier for this listener.
port
port number
security-enabled
Determines whether the iiop listener runs SSL. You can turn
SSL2 or SSL3 on or off and set ciphers using an ssl element
Used in:
iiop-service
-->
<!ELEMENT iiop-listener (ssl?, property*)>
<!ATTLIST iiop-listener
id CDATA #REQUIRED
address CDATA #REQUIRED
port CDATA "1072"
security-enabled %boolean; "false"
enabled %boolean; "true">
<!-- admin-service
Admin Service exists in every instance. It is the configuration
for either a normal server, DAS or PE instance.
attributes
type
an instance can either be of type
das
Domain Administration Server in SE/EE or the PE instance
das-and-server
same as das
server
Any non-DAS instance in SE/EE. Not valid for PE.
Used in:
config
-->
<!ELEMENT admin-service (jmx-connector*, das-config?, property*)>
<!ATTLIST admin-service
type (das | das-and-server | server) "server"
system-jmx-connector-name CDATA #IMPLIED>
<!-- connector-service
Configuration of the Connector Container. The attributes
specified in the connector container would apply to all resource
adapters deployed in this cluster/server-instance
attributes
shutdown-timeout-in-seconds
integer value (default 30 seconds). Represents the time-out,
in seconds, that would be allowed by the application server,
during shutdown, to call the ResourceAdapter.stop() method of
this connector module's instance to complete.
Resource Adapters that take longer than the specified
shutdown-timeout-in-seconds time interval would be ignored and the
application server shutdown procedure would continue.
Used in:
config
-->
<!ELEMENT connector-service EMPTY>
<!ATTLIST connector-service
shutdown-timeout-in-seconds CDATA "30">
<!-- jmx-connector
The jmx-connector element defines the configuration of a JSR 160
compliant remote JMX Connector.
attributes
accept-all
Determines whether the connection can be made on all the
network interfaces. A value of false implies that the
connections only for this specific address will be selected.
This attribute is ignored for SJS AS 8.1.
address
Specifies the IP address or host-name. Ignored for SJS AS 8.1.
auth-realm-name
The name of the auth-realm in this config element that
represents the special administrative realm. All
authentication (from administraive GUI and CLI) will be
handled by this realm.
enabled
Defines if this connector is enabled. For EE this must be
enabled.
name
name of jmx connector used for identification
port
Specifies the port of the jmx-connector-server. Note that
jmx-service-uRL is a function of protocol, port and address
as defined by the JSR 160 1.0 Specification.
protocol
Defines the protocol that this jmx-connector should support.
Supported protocols are defined by Entity rjmx-protocol. SJS
AS 8.1 PE/SE/EE supports "rmi_jrmp" protocol only. Other
protocols can be used by user applications independently. For
other protocols supported refer to documentation.
security-enabled
Decides whether the transport layer security be used in
jmx-connector. If true, configure the ssl element.
Used in:
admin-service, node-agent
-->
<!ELEMENT jmx-connector (ssl?, property*)>
<!ATTLIST jmx-connector
name CDATA #REQUIRED
enabled %boolean; "true"
protocol %rjmx-protocol; "rmi_jrmp"
address CDATA #REQUIRED
port CDATA #REQUIRED
accept-all %boolean; "false"
auth-realm-name CDATA #REQUIRED
security-enabled %boolean; "true">
<!-- das-config
attributes
admin-session-timeout-in-minutes
timeout in minutes indicating the administration gui session
timeout.
autodeploy-dir
The source directory (relative to instance root) from which
autodeploy service will pick deployable components. You can
also specify an absolute directory.
autodeploy-enabled
This will enable the autodeployment service. If true, the
service will automatically starts with the admin-server. Auto
Deployment is a feature that enables developers to quickly
deploy applications and modules to a running application
server withoutrequiring the developer to perform an explicit
application server restart or separate deployment operation.
autodeploy-jsp-precompilation-enabled
If true, JSPs will be pre compiled during deployment of the
war module(s).
autodeploy-polling-interval-in-seconds
The polling interval (in seconds), at the end of which
autodeployment service will scan the source directory
(specified by "autodeploy-dir" tag) for any new deployable
component.
autodeploy-verifier-enabled
To enable/disable verifier, during auto-deployment. If true,
verification will be done before any deployment activity. In
the event of any verifier test failure, deployment is not
performed.
deploy-xml-validation
specifies if descriptor validation is required or not.
full
xml will be validated and in case of xml validation
errors, deployment will fail.
parsing
xml errors will be reported but deployment process will
continue.
none
no xml validation will be perfomed on the standard or
runtime deployment descriptors.
dynamic-reload-enabled
when true, server checks timestamp on a .reload file at every
module and application directory level to trigger reload.
polling frequency is controlled by
reload-poll-interval-in-seconds
Used in:
admin-service
-->
<!ELEMENT das-config (property*)>
<!ATTLIST das-config
dynamic-reload-enabled %boolean; "false"
dynamic-reload-poll-interval-in-seconds CDATA "2"
autodeploy-enabled %boolean; "false"
autodeploy-polling-interval-in-seconds CDATA "2"
autodeploy-dir CDATA "autodeploy"
autodeploy-verifier-enabled %boolean; "false"
autodeploy-jsp-precompilation-enabled %boolean; "false"
deploy-xml-validation %validation-level; "full"
admin-session-timeout-in-minutes CDATA "60">
<!-- web-container
Used in:
config
-->
<!ELEMENT web-container (session-config?, property*)>
<!-- session-config
Used in:
web-container
-->
<!ELEMENT session-config (session-manager?, session-properties?)>
<!-- session-manager
Used in:
session-config
-->
<!ELEMENT session-manager (manager-properties?, store-properties?)>
<!-- manager-properties
Used in:
session-manager
-->
<!ELEMENT manager-properties (property*)>
<!ATTLIST manager-properties
session-file-name CDATA #IMPLIED
reap-interval-in-seconds CDATA #IMPLIED
max-sessions CDATA #IMPLIED
session-id-generator-classname CDATA #IMPLIED>
<!-- store-properties
Used in:
session-manager
-->
<!ELEMENT store-properties (property*)>
<!ATTLIST store-properties
directory CDATA #IMPLIED
reap-interval-in-seconds CDATA #IMPLIED>
<!-- session-properties
Used in:
session-config
-->
<!ELEMENT session-properties (property*)>
<!ATTLIST session-properties
timeout-in-seconds CDATA #IMPLIED>
<!-- ejb-container
Configuration of EJB Container.
children
ejb-timer-service
The ejb-timer-service element contains the configuration for
the ejb timer service. There is at most one ejb timer service
per server instance.
attributes
cache-idle-timeout-in-seconds
(eb, sfsb) specifies the rate at which the cache cleaner
thread is scheduled. All idle instances are passivated at
once.
cache-resize-quantity
(eb,sfsb) Cache elements have identity, hence growth is in
unit steps and created on demand. Shrinking of cache happens
when cache-idle-timeout-in-seconds timer expires and a cleaner thread
passivates beans which have been idle for longer than
cache-idle-timeout-in-seconds. All idle instances are passivated at
once. cache-resize-quantity does not apply in this case.
when max cache size is reached, an asynchronous task is created to
bring the size back under the max-cache-size limit. This task removes
cache-resize-quantity elements, consulting the victim-selection-policy.
Must be greater than 1 and less than max-cache-size.
commit-option
(eb) Entity Beans caching is controlled by this setting.
Commit Option C implies that no caching is performed in the
container.
max-cache-size
(sfsb,eb) specifies the maximum number of instances that can
be cached. For entity beans, internally two caches are
maintained for higher concurrency: (i) Ready (R$) (ii) Active
in an Incomplete Transaction (TX$). The TX$ is populated with
instances from R$ or from the Pool directly. When an instance
in TX$ completes the transaction, it is placed back in the R$
(or in pool, in case an instance with same identity already
is in R$). max-cache-size only specifies the upper limit for
R$. The container computes an appropriate size for TX$. For
SFSBs, after the max-cache-size is reached, beans (as
determined by the victim-selection-policy) get passivated.
max-pool-size
(slsb,eb) maximum size, a pool can grow to. A value of 0
implies an unbounded pool. Unbounded pools eventually shrink
to the steady-pool-size, in steps defined by
pool-resize-quantity.
pool-idle-timeout-in-seconds
(slsb,eb) defines the rate at which the pool cleaning thread
is executed. this thread checks if current size is greater
than steady pool size, it removes pool-resize-quantity
elements. If the current size is less than steady-pool-size
it is increased by pool-resize-quantity, with a ceiling of
min (current-pool-size + pool-resize-quantity, max-pool-size)
Only objects that have not been accessed for more than
pool-idle-timeout-in-seconds are candidates for removal.
pool-resize-quantity
(slsb,eb) size of bean pool grows (shrinks) in steps
specified by pool-resize-quantity, subject to max-pool-size
(steady-pool-size) limit.
removal-timeout-in-seconds
(sfsb) Instance is removed from cache or passivation store,
if it is not accesed within this time. All instances that can
be removed, will be removed.
session-store
specifies the directory where passivated beans and persisted
HTTP sessions are stored on the file system. Defaults to
$INSTANCE-ROOT/session-store
steady-pool-size
(slsb,eb) number of bean instances normally maintained in
pool. When a pool is first created, it will be populated with
size equal to steady-pool-size. When an instance is removed
from the pool, it is replenished asynchronously, so that the
pool size is at or above the steady-pool-size. This additions
will be in multiples of pool-resize-quantity. When a bean is
disassociated from a method invocation, it is put back in the
pool, subject to max-pool-size limit. If the max pool size is
exceeded the bean id destroyed immediately. A pool cleaning
thread, executes at an interval defined by
pool-idle-timeout-in-seconds. This thread reduces the pool
size to steady-pool-size, in steps defined by
pool-resize-quantity. If the pool is empty, the required
object will be created and returned immediately. This
prevents threads from blocking till the pool is replenished
by the background thread. steady-pool-size must be greater
than 1 and at most equal to the max-pool-size.
victim-selection-policy
(sfsb) Victim selection policy when cache needs to shrink.
Victims are passivated. Entity Bean Victims are selected
always using fifo discipline. Does not apply to slsb because
it does not matter, which particular instances are removed.
fifo
method picks victims, oldest instance first.
lru
algorithm picks least recently accessed instances.
nru
policy tries to pick 'not recently used' instances and is
a pseudo-random selection process.
Used in:
config
-->
<!ELEMENT ejb-container (ejb-timer-service?, property*)>
<!ATTLIST ejb-container
steady-pool-size CDATA "32"
pool-resize-quantity CDATA "16"
max-pool-size CDATA "64"
cache-resize-quantity CDATA "32"
max-cache-size CDATA "512"
pool-idle-timeout-in-seconds CDATA "600"
cache-idle-timeout-in-seconds CDATA "600"
removal-timeout-in-seconds CDATA "5400"
victim-selection-policy (fifo | lru | nru) "nru"
commit-option (B | C) "B"
session-store CDATA #IMPLIED>
<!-- ejb-timer-service
Configuration for ejb timer service.
attributes
max-redeliveries
is the maximum number of times the ejb timer service will
attempt to redeliver a timer expiration due to exception or
rollback. The minimum value is 1, per the ejb specification.
minimum-delivery-interval-in-millis
is the minimum number of milliseconds allowed before the next
timer expiration for a particular timer can occur. It guards
against extremely small timer increments that can overload
the server.
redelivery-interval-internal-in-millis
is the number of milliseconds the ejb timer service will wait
after a failed ejbTimeout delivery before attempting a
redelivery.
timer-datasource
overrides the cmp-resource (jdbc/__TimerPool) specified in
sun-ejb-jar.xml of (__ejb_container_timer_app) of the timer
service system application. By default this is set to
jdbc/__TimerPool, but can be overridden for the cluster or
server instance, if they choose to.
Used in:
ejb-container
-->
<!ELEMENT ejb-timer-service (property*)>
<!ATTLIST ejb-timer-service
minimum-delivery-interval-in-millis CDATA "7000"
max-redeliveries CDATA "1"
timer-datasource CDATA #IMPLIED
redelivery-interval-internal-in-millis CDATA "5000">
<!-- mdb-container
attributes
idle-timeout-in-seconds
idle bean instance in pool becomes a candidate for deletion,
when this timeout expires.
max-pool-size
maximum size, pool can grow to. A non-negative integer.
pool-resize-quantity
quantum of increase/decrease, when the size of pool
grows/shrinks. An integer in the range [0, max-pool-size].
steady-pool-size
minimum and initial number of message driven beans in pool.
An integer in the range [0, max-pool-size].
Used in:
config
-->
<!ELEMENT mdb-container (property*)>
<!ATTLIST mdb-container
steady-pool-size CDATA "10"
pool-resize-quantity CDATA "2"
max-pool-size CDATA "60"
idle-timeout-in-seconds CDATA "600">
<!-- jms-service
The jms-service element specifies information about the
bundled/built-in JMS service that is managed by Application
Server.
attributes
addresslist-behavior
Determines broker selection from imqAddressList.
random
causes selection to be performed randomly
priority
causes selection to be performed sequentially
addresslist-iterations
Number of times reconnect logic should iterate
imqAddressList. This property will not be used if the
addresslist-behavior is "random". An integer.
default-jms-host
reference to a jms-host that to be started when type of
jms-service is LOCAL.
init-timeout-in-seconds
specifies the time server instance will wait at start up, for
its corresponding JMS service instance to respond. If there
is no response within the specifies timeout period,
application server startup is aborted. Default value of 60
seconds.
mq-scheme
Scheme for establishing connection with broker. For example,
scheme can be specified as "http" for connecting to MQ broker
over http. Default is "mq".
mq-service
Type of broker service. If a broker supports ssl, then the
type of service can be "ssljms". If nothing is specified, MQ
will assume 4that service is "jms".
reconnect-attempts
Total number of attempts to reconnect. An integer.
reconnect-enabled
Causes reconnect feature to be enabled (true) or disabled
(false). A boolean.
reconnect-interval-in-seconds
Interval between reconnect attempts, in seconds. An integer.
start-args
specifies the arguments that will be supplied to start up the
corresponding JMS service instance.
type
Type of JMS service.
Used in:
config
-->
<!ELEMENT jms-service (jms-host*, property*)>
<!ATTLIST jms-service
init-timeout-in-seconds CDATA "60"
type (LOCAL | REMOTE) "LOCAL"
start-args CDATA #IMPLIED
default-jms-host CDATA #IMPLIED
reconnect-interval-in-seconds CDATA "60"
reconnect-attempts CDATA "3"
reconnect-enabled %boolean; "true"
addresslist-behavior (random | priority) "random"
addresslist-iterations CDATA "3"
mq-scheme CDATA #IMPLIED
mq-service CDATA #IMPLIED>
<!-- jms-host
attributes
admin-password
attribute specifies the admin password.
admin-user-name
specifies the admin username.
host
ip V6 or V4 address or hostname.
port
the port number used by the JMS service.
Used in:
jms-service
-->
<!ELEMENT jms-host (property*)>
<!ATTLIST jms-host
name CDATA #REQUIRED
host CDATA #IMPLIED
port CDATA "7676"
admin-user-name CDATA "admin"
admin-password CDATA "admin">
<!-- log-service
By default, logs would be kept in $INSTANCE-ROOT/logs. The
following log files will be stored under the logs directory.
access.log
keeps default virtual server HTTP access messages.
server.log
keeps log messages from default virtual server. Messages from
other configured virtual servers also go here, unless
log-file is explicitly specified in the virtual-server
element.
attributes
alarms
if true, will turn on alarms for the logger. The SEVERE and
WARNING messages can be routed through the JMX framework to
raise SEVERE and WARNING alerts. Alarms are turned off by
default.
file
can be used to rename or relocate server.log using absolute
path.
log-filter
Can plug in a log filter to do custom filtering of log
records . By default there is no log filter other than the
log level filtering provided by JSR 047 log API.
log-handler
Can plug in a custom log handler to add it to the chain of
handlers to log into a different log destination than the
default ones given by the system (which are Console, File and
Syslog). It is a requirement that customers use the log
formatter provided by the the system to maintain uniformity
in log messages. The custom log handler will be added at the
end of the handler chain after File + Syslog Handler, Console
Handler and JMX Handler. User cannot replace the handler
provided by the system, because of loosing precious log
statements. The Server Initialization will take care of
installing the custom handler with the system formatter
initialized. The user need to use JSR 047 Log Handler
Interface to implement the custom handler.
log-rotation-limit-in-bytes
Log Files will be rotated when the file size reaches the
limit.
log-rotation-timelimit-in-minutes
This is a new attribute to enable time based log rotation.
The Log File will be rotated only if this value is non-zero
and the valid range is 60 minutes (1 hour) to 10*24*60
minutes (10 days). If the value is zero then the files will
be rotated based on size specified in
log-rotation-limit-in-bytes.
log-to-console
logs will be sent to stderr when asadmin start-domain verbose
is used
use-system-logging
if true, will utilize Unix syslog service or Windows Event
Logging to produce and manage logs.
Used in:
config, node-agent
-->
<!ELEMENT log-service (module-log-levels?, property*)>
<!ATTLIST log-service
file CDATA #IMPLIED
use-system-logging %boolean; "false"
log-handler CDATA #IMPLIED
log-filter CDATA #IMPLIED
log-to-console %boolean; "false"
log-rotation-limit-in-bytes CDATA "500000"
log-rotation-timelimit-in-minutes CDATA "0"
alarms %boolean; "false">
<!-- module-log-levels
Used in:
log-service
-->
<!ELEMENT module-log-levels (property*)>
<!ATTLIST module-log-levels
root %log-level; "INFO"
server %log-level; "INFO"
ejb-container %log-level; "INFO"
cmp-container %log-level; "INFO"
mdb-container %log-level; "INFO"
web-container %log-level; "INFO"
classloader %log-level; "INFO"
configuration %log-level; "INFO"
naming %log-level; "INFO"
security %log-level; "INFO"
jts %log-level; "INFO"
jta %log-level; "INFO"
admin %log-level; "INFO"
deployment %log-level; "INFO"
verifier %log-level; "INFO"
jaxr %log-level; "INFO"
jaxrpc %log-level; "INFO"
saaj %log-level; "INFO"
corba %log-level; "INFO"
javamail %log-level; "INFO"
jms %log-level; "INFO"
connector %log-level; "INFO"
jdo %log-level; "INFO"
cmp %log-level; "INFO"
util %log-level; "INFO"
resource-adapter %log-level; "INFO"
synchronization %log-level; "INFO"
node-agent %log-level; "INFO">
<!-- security-service
The security service element defines parameters and configuration
information needed by the core J2EE security service. Some
container-specific security configuration elements are in the
various container configuration elements and not here. SSL
configuration is also elsewhere. At this time the security
service configuration consists of a set of authentication realms.
A number of top-level attributes are defined as well.
children
message-security-config
Optional list of layer specific lists of configured message
security providers.
attributes
anonymous-role
Used as role name for default/anonymous role.
audit-enabled
If true, additional access logging is performed to provide
audit information.
audit-modules
Optional list of audit provider modules which will be used by
the audit subsystem. The default value refers to the internal
log-based audit module.
default-principal
Used as the identity of default security contexts when
necessary and no principal is provided.
default-principal-password
Password of default principal.
default-realm
Specifies which realm (by name) is used by default when no
realm is specifically requested. The file realm is the common
default.
jacc
Specifies the name of the jacc-provider element to use for
setting up the JACC infrastructure. The default value
"default" does not need to be changed unless adding a custom
JACC provider.
Used in:
config
-->
<!ELEMENT security-service
(auth-realm+, jacc-provider+, audit-module*, message-security-config*,
property*)>
<!ATTLIST security-service
default-realm CDATA "file"
default-principal CDATA #IMPLIED
default-principal-password CDATA #IMPLIED
anonymous-role CDATA "ANYONE"
audit-enabled %boolean; "false"
jacc CDATA "default"
audit-modules CDATA "default">
<!-- audit-module
An audit-module specifies an optional plug-in module which
implements audit capabilities.
attributes
classname
defines the java class which implements this audit module
name
defines the name of this realm
Used in:
security-service
-->
<!ELEMENT audit-module (property*)>
<!ATTLIST audit-module
name CDATA #REQUIRED
classname CDATA #REQUIRED>
<!-- auth-realm
The auth-realm element defines and configures one authentication
realm. There must be at least one realm available for a server
instance; any number can be configured, as desired.
Authentication realms need provider-specific parameters which vary
depending on what a particular implementation needs; these are defined as
properties since they vary by provider and cannot be predicted for any
custom or add-on providers.
For the default file provider, the param used is: file
attributes
classname
defines the java class which implements this realm
name
defines the name of this realm
Used in:
node-agent, security-service
-->
<!ELEMENT auth-realm (property*)>
<!ATTLIST auth-realm
name CDATA #REQUIRED
classname CDATA #REQUIRED>
<!-- jacc-provider
The jacc-provider element defines the standard JACC properties
used for setting up the JACC provider. It also allows optional
properties which can be used by the provider implementation for
its configuration.
attributes
name
A name for this jacc-provider. Is always "default" for the
default provider.
policy-configuration-factory-provider
Corresponds to (and can be overridden by) the system property
javax.security.jacc.PolicyConfigurationFactory.provider
policy-provider
Corresponds to (and can be overridden by) the system property
javax.security.jacc.policy.provider
Used in:
security-service
-->
<!ELEMENT jacc-provider (property*)>
<!ATTLIST jacc-provider
name CDATA #REQUIRED
policy-provider CDATA #REQUIRED
policy-configuration-factory-provider CDATA #REQUIRED>
<!-- transaction-service
Configuration for Transaction Manager.
attributes
automatic-recovery
if true, server instance attempts recovery at restart.
heuristic-decision
During recovery, if outcome of a transaction cannot be
determined from the logs, then this property is used to fix
the outcome.
keypoint-interval
property used to specify the number of transactions between
keypoint operations on the log. A Keypoint operations could
reduce the size of the transaction log files. A larger value
for this property (for example, 1000) will result in larger
transaction log files, between log compactions, but less
keypoint operations, and potentially better performance. A
smaller value (e.g. 20) results in smaller log files but
slightly reduced performance due to the greater frequency of
keypoint operations.
retry-timeout-in-seconds
used to determine the retry time in the following scenarios.
1 Time to wait at the transaction recovery time, when
resources are unreachable.
2 If there are any transient
exceptions in the second phase of the 2 PC protocol.
A negative value indicates infinite retry. '0' indicates no
retry. A positive value indicates the number of seconds for
which retry will be attempted. Default is 10 minutes which
may be appropriate for a database being restarted.
timeout-in-seconds
amount of time the transaction manager waits for response
from a datasource participating in transaction. A value of 0
implies infinite timeout.
tx-log-dir
Transaction service creates a sub directory 'tx' under
tx-log-dir to store the transaction logs. The default value
of the tx-log-dir is $INSTANCE-ROOT/logs. If this attribute
is not explicitly specified in the <transaction-service>
element, 'tx' sub directory will be created under the path
specified in log-root attribute of <domain> element.
Used in:
config
-->
<!ELEMENT transaction-service (property*)>
<!ATTLIST transaction-service
automatic-recovery %boolean; "false"
timeout-in-seconds CDATA "0"
tx-log-dir CDATA #IMPLIED
heuristic-decision (rollback | commit) "rollback"
retry-timeout-in-seconds CDATA "600"
keypoint-interval CDATA "2048">
<!-- monitoring-service
Used in:
config
-->
<!ELEMENT monitoring-service (module-monitoring-levels?, property*)>
<!-- module-monitoring-levels
attributes
connector-connection-pool
monitoring level for all the connector-connection-pools used
by the runtime.
ejb-container
various ejbs deployed to the server, ejb-pools, ejb-caches
and ejb-methods.
http-service
http engine and the http listeners therein.
jdbc-connection-pool
monitoring level for all the jdbc-connection-pools used by
the runtime.
orb
specifies the level for connection managers of the orb, which
apply to connections to the orb
thread-pool
all the thread-pools used by the run time.
transaction-service
transaction subsystem.
Used in:
monitoring-service
-->
<!ELEMENT module-monitoring-levels (property*)>
<!ATTLIST module-monitoring-levels
thread-pool %monitoring-level; "OFF"
orb %monitoring-level; "OFF"
ejb-container %monitoring-level; "OFF"
web-container %monitoring-level; "OFF"
transaction-service %monitoring-level; "OFF"
http-service %monitoring-level; "OFF"
jdbc-connection-pool %monitoring-level; "OFF"
connector-connection-pool %monitoring-level; "OFF"
connector-service %monitoring-level; "OFF"
jms-service %monitoring-level; "OFF"
jvm %monitoring-level; "OFF">
<!-- java-config
Java Runtime environment configuration
attributes
bytecode-preprocessors
A comma separated list of classnames, each of which must
implement the com.sun.appserv.BytecodePreprocessor interface.
Each of the specified preprocessor class will be called in
the order specified. At the moment the comelling use is for a
3rd party Performance Profiling tool.
classpath-prefix
A java classpath string that is prefixed to server-classpath
classpath-suffix
A java classpath string that is appended to server-classpath
debug-enabled
If set to true, the server starts up in debug mode ready for
attaching with a JPDA based debugger.
debug-options
JPDA based debugging options string.
env-classpath-ignored
If set to false, the CLASSPATH environment variable will be
read and appended to the Application Server classpath, which
is constructed as described above. The CLASSPATH environment
variable will be added after the classpath-suffix, at the
very end.
javac-options
Options string passed to Java compiler, at application
deployment time.
java-home
Specifies the installation directory for Java runtime. JDK
1.4 or higher is supported.
native-library-path-prefix
is prepended to the native library path, which is constructed
internally.
Internally, the native library path is automatically constructed to be
a concatenation of Application Server installation relative path for
its native shared libraries, standard JRE native library path, the
shell environment setting (LD-LIBRARY-PATH on Unix) and any path that
may be specified in the profile element.
native-library-path-suffix
is appended to the native library path, which is constructed
as described above.
rmic-options
Options string passed to RMI compiler, at application
deployment time.
server-classpath
A java classpath string that specifies the classes needed by
the Application server. Do not expect users to change this
under normal conditions.
Used in:
config
-->
<!ELEMENT java-config (profiler?, (jvm-options | property)*)>
<!ATTLIST java-config
java-home CDATA "${com.sun.aas.javaRoot}"
debug-enabled %boolean; "false"
debug-options CDATA "-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n"
rmic-options CDATA "-iiop -poa -alwaysgenerate -keepgenerated -g"
javac-options CDATA "-g"
classpath-prefix CDATA #IMPLIED
classpath-suffix CDATA #IMPLIED
server-classpath CDATA #IMPLIED
native-library-path-prefix CDATA #IMPLIED
native-library-path-suffix CDATA #IMPLIED
bytecode-preprocessors CDATA #IMPLIED
env-classpath-ignored %boolean; "true">
<!-- jvm-options
String value for options that will be passed to the JVM
Used in:
java-config, profiler
-->
<!ELEMENT jvm-options (#PCDATA)>
<!-- profiler
Profilers could be one of jprobe, optimizeit, hprof, wily and so
on jvm-options and property elements are used to record the
settings needed to get a particular profiler going. A server
instance is tied to a particular profiler, by the profiler
element in java-config. Changing the profiler will require a
server restart.
The adminstrative graphical interfaces, could list multiple supported
profilers (incomplete at this point) and will populate server.xml
appropriately.
Used in:
java-config
-->
<!ELEMENT profiler ((jvm-options | property)*)>
<!ATTLIST profiler
name CDATA #REQUIRED
classpath CDATA #IMPLIED
native-library-path CDATA #IMPLIED
enabled %boolean; "true">
<!-- availability-service
SE/EE only: TBD Needs explanation
attributes
store-pool-name
This is the jndi-name for the JDBC Connection Pool used
potentially by both the Web Container and the EJB Stateful
Session Bean Container for use in checkpointing/passivation
when persistence-type = "ha". See sfsb-ha-persistence-type
and sfsb-persistence-type for more details. It will default
to "jdbc/hastore". This attribute can be over-ridden in
either web-container-availability (with
http-session-store-pool-name) and/or in
ejb-container-availability (with sfsb-store-pool-name). If
store-pool-name is not over-ridden then both containers will
share the same connection pool. If either container
over-rides then it may have its own dedicated pool. In this
case there must also be a new corresponding JDBC Resource and
JDBC Connection Pool defined for this new pool name.
Used in:
config
-->
<!ELEMENT availability-service
(web-container-availability?, ejb-container-availability?, property*)>
<!ATTLIST availability-service
availability-enabled %boolean; "true"
store-pool-name CDATA #IMPLIED>
<!-- web-container-availability
web-container-availability SE/EE only:
attributes
availability-enabled
This boolean flag controls whether availability is enabled
for HTTP session persistence. If this is "false", then
session persistence is disabled for all web modules in j2ee
apps and stand-alone web modules. If it is "true" (and
providing that the global availability-enabled in
availability-service is also "true", then j2ee apps and
stand-alone web modules may be ha enabled. Finer-grained
control exists at lower levels. If this attribute is missing,
it "inherits" the value of the global availability-enabled
under availability-service.
http-session-store-pool-name
This is the jndi-name for the JDBC Connection Pool used by
the HTTP Session Persistence Framework. If missing, internal
code will default it to value of store-pool-name under
availability-service (ultimately "jdbc/hastore").
persistence-frequency
The persistence frequency used by the session persistence
framework, when persistence-type = "ha". Values may be
"time-based" or "web-event". If it is missing, then the
persistence-type will revert to "memory".
persistence-scope
The persistence scope used by the session persistence
framework, when persistence-type = "ha". Values may be
"session", "modified-session", "modified-attribute". If it is
missing, then the persistence-type will revert to "memory".
persistence-store-health-check-enabled
Reserved for future use.
persistence-type
The persistence type used by the session persistence
framework.
sso-failover-enabled
This controls whether Single-Sign-On state will be made
available for failover.
Used in:
availability-service
-->
<!ELEMENT web-container-availability (property*)>
<!ATTLIST web-container-availability
availability-enabled %boolean; #IMPLIED
persistence-type %persistence-type; "memory"
persistence-frequency %session-save-frequency; #IMPLIED
persistence-scope %session-save-scope; #IMPLIED
persistence-store-health-check-enabled %boolean; "false"
sso-failover-enabled %boolean; "false"
http-session-store-pool-name CDATA #IMPLIED>
<!-- ejb-container-availability
attributes
availability-enabled
This boolean flag controls whether availability is enabled
for SFSB checkpointing (and potentially passivation). If this
is "false", then all SFSB checkpointing is disabled for all
j2ee apps and ejb modules. If it is "true" (and providing
that the global availability-enabled in availability-service
is also "true", then j2ee apps and stand-alone ejb modules
may be ha enabled. Finer-grained control exists at lower
levels. If this attribute is missing, it inherits the value
of the global availability-enabled under availability-service.
sfsb-checkpoint-enabled
This attribute is deprecated, replaced by
availability-enabled and will be ignored if present.
sfsb-ha-persistence-type
The persistence type used by the EJB Stateful Session Bean
Container for checkpointing and passivating
availability-enabled beans' state. Values may be "file" or
"ha". Default is "ha".
sfsb-quick-checkpoint-enabled
This attribute is deprecated and will be ignored if present.
sfsb-store-pool-name
This is the jndi-name for the JDBC Connection Pool used by
the EJB Stateful Session Bean Container for use in
checkpointing/passivation when persistence-type = "ha". See
sfsb-ha-persistence-type and sfsb-persistence-type for more
details. It will default to value of store-pool-name under
availability-service (ultimately "jdbc/hastore").
Used in:
availability-service
-->
<!ELEMENT ejb-container-availability (property*)>
<!ATTLIST ejb-container-availability
availability-enabled %boolean; #IMPLIED
sfsb-ha-persistence-type %sfsb-persistence-type; "ha"
sfsb-persistence-type %sfsb-persistence-type; "file"
sfsb-checkpoint-enabled %boolean; #IMPLIED
sfsb-quick-checkpoint-enabled %boolean; #IMPLIED
sfsb-store-pool-name CDATA #IMPLIED>
<!-- jdbc-connection-pool
jdbc-connection-pool defines configuration used to create and
manage a pool physical database connections. Pool definition is
named, and can be referred to by multiple jdbc-resource elements
(See <jdbc-resource>).
Each named pool definition results in a pool instantiated at server
start-up. Pool is populated when accessed for the first time. If two or
more jdbc-resource elements point to the same jdbc-connection-pool
element, they are using the same pool of connections, at run time.
children
property
Most JDBC 2.0 drivers permit use of standard property lists,
to specify User, Password and other resource configuration.
While these are optional properties, according to the
specification, several of these properties may be necessary
for most databases. See Section 5.3 of JDBC 2.0 Standard
Extension API.
The following are the names and corresponding values for these
properties
databaseName
Name of the Database
serverName
Database Server name.
port
Port where a Database server is listening for requests.
networkProtocol
Communication Protocol used.
user
default name of the database user with which connections
will be stablished. Programmatic database authentication
or default-resource-principal specified in vendor
specific web and ejb deployment descriptors will take
precedence, over this default. The details and caveats
are described in detail in the Administrator's guide.
password
password for default database user
roleName
The initial SQL role name.
datasourceName
used to name an underlying XADataSource, or
ConnectionPoolDataSource when pooling of connections is
done
description
Textual Description
When one or more of these properties are specified, they are passed as
is using set<Name>(
Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish sun-domain_1_1.dtd source code file: |
The search page
Other Glassfish source code examples at this package level
Click here to learn more about this project
