A
access-log
Defines access log settings for each 
http-access-log subelement of each virtual-server.
Superelements
http-service
Subelements
none
Attributes
The following table describes attributes for the access-log element.
access-log Attributes
|
|
|
|---|
|
%client.name% %auth-user-name% %datetime% %request% %status% %response.length% |
(optional) Specifies the format
of the access log. For a complete list of token values you can
use in the format, see the online help for the Access Log tab
of the HTTP Service page in the Administration Console. |
|
time |
(optional) Specifies the
condition that triggers log rotation. The only legal value is time, which rotates
log files at the rotation-interval-in-minutes interval. |
rotation-interval-in-minutes |
1440 |
(optional) Specifies the time interval between
log rotations if rotation-policy is set to time. |
|
yyyy-MM-dd |
|
|
true |
(optional) If true, enables
log rotation. |
|
admin-object-resource
Defines an administered object for a resource adapter.
Superelements
resources
Subelements
The following table describes subelements for the admin-object-resource element.
admin-object-resource Subelements
|
|
|
|---|
|
zero or one |
Contains
a text description of this element. |
|
zero or more |
Specifies a property or a
variable. |
|
Attributes
The following table describes attributes for the admin-object-resource element.
admin-object-resource Attributes
|
|
|
|---|
|
none |
Specifies the JNDI
name for the resource. |
|
none |
Specifies the fully qualified type of the resource. |
|
none |
Specifies the
name of the resource adapter, as specified in the name attribute of
a connector application element. |
|
user |
(optional) Defines the type of the resource. Allowed values are:
system-all - A system resource for all server instances and the domain application server. system-admin - A system resource only for the domain application server. system-instance - A system resource for all server instances only. user - A user resource.
|
enabled |
true |
(optional)
Determines whether this resource is enabled at runtime. |
|
Properties
Properties of the admin-object-resource element are the names of setter methods of the
class referenced by the adminobject-class element of the ra.xml file. Some of the
property names can be specified in the adminobjectType element.
admin-service
Contains configuration for JMX connectors, the domain admin server (DAS), and related properties.
Superelements
config
Subelements
The following table describes subelements for the admin-service element.
admin-service Subelements
|
|
|
|---|
|
zero or more |
Configures a
JSR 160/255 compliant remote JMX connector, which responds to JConsole port 8686. |
|
only one |
Defines
a domain administration server configuration. |
|
zero or more |
Specifies a property or a variable. |
|
Attributes
The following table describes attributes for the admin-service element.
admin-service Attributes
|
|
|
|---|
|
das-and-server |
Specifies whether the server
instance is a regular instance (server), a domain administration server (das), or a
combination (das-and-server). modifying this value is not recommended. |
system-jmx-connector-name |
none |
|
|
appclient-module
This element is deprecated. Use an application element instead.
Specifies a deployed application client container (ACC) module.
Superelements
applications
Subelements
The following table describes subelements for the appclient-module element.
appclient-module Subelements
|
|
|
|---|
|
zero or one |
Contains
a text description of this element. |
|
zero or more |
Specifies a property or a
variable. |
|
Attributes
The following table describes attributes for the appclient-module element.
appclient-module Attributes
|
|
|
|---|
|
none |
The name of the
ACC module. |
|
none |
A fully qualified or relative path to the directory to which the
contents of the client .jar file have been extracted. If relative, it is
relative to the following directory: domain-dir/applications/ |
|
false |
(optional) Specifies whether the application has been
deployed as a directory. |
|
true |
(optional) Specifies whether Java Web Start access is permitted for
this application client. |
|
application
Specifies a system application, a Java EE module or application, or an
application created using another supported technology such as JRuby.
The application element replaces the web-module, j2ee-application, appclient-module, connector-module, lifecycle-module, extension-module, and
ejb-module elements of previous releases, which are converted to application elements during the
upgrade process.
Superelements
system-applications, applications
Subelements
The following table describes subelements for the application element.
application Subelements
|
|
|
|---|
|
one or more |
Specifies a stand-alone
module or a component of a Java EE application. |
|
one or more |
Specifies an
engine. |
|
zero or more |
Specifies a property or a variable. |
|
Attributes
The following table describes attributes for the application element.
application Attributes
|
|
|
|---|
|
none |
The name of the
application. |
|
none |
(optional) Specifies a text description of this element. |
|
none |
(optional) The location of the
application in the Enterprise Server file system. If a relative path is specified,
it is relative to the domain-dir/applications/ directory.
Note - Deployment directories may change between Enterprise
Server releases.
|
|
none |
(optional) Specifies a comma-separated list of absolute or relative paths to libraries
specific to this module or application. A relative path is relative to domain-dir/lib/applibs. If
the path is absolute, the path must be accessible to the domain administration
server (DAS), which means it must be under domain-dir. The libraries are
made available to the application in the order in which they are specified. |
|
user |
(optional)
Defines the type of the resource. For an application, the only allowed value
is user. |
enabled |
true |
(optional) Determines whether the application is enabled. |
|
none |
(optional) The context root at
which the application is deployed. The context root can be the empty string
or just /. The context root can start with the / character, but
doesn’t have to. |
|
false |
(optional) Specifies whether the application has been deployed as a
directory. |
|
Properties
The following table describes properties for the application element. These properties are
specified during deployment using one of the following:
-
The -–property or -–properties option of the asadmin deploy command. For more information, see deploy(1).
-
The properties table on the deployment page for the application or module type in the Administration Console. For more information, see the Administration Console Online Help.
The properties that are valid for a given application depend on the sniffer
attribute values of the child or grandchild engine elements.
application Properties
|
|
|
|---|
|
true |
Specifies whether Java Web
Start access is permitted for an application client module. |
|
s1as |
Specifies the alias for
the security certificate with which the application client container JAR file is signed. Java
Web Start won't execute code requiring elevated permissions unless it resides in a
JAR file signed with a certificate that the user's system trusts. For your
convenience, Enterprise Server signs the JAR file automatically using the self-signed certificate from
the domain, s1as. Java Web Start then asks the user whether to trust the
code and displays the Enterprise Server certificate information. To sign this JAR file with
a different certificate, add the certificate to the domain keystore, then use this
property. To add a certificate to the domain keystore, see Administering JSSE Certificates in Sun GlassFish Enterprise Server v3 Administration Guide. For example, you
can use a certificate from a trusted authority, which avoids the Java Web
Start prompt, or from your own company, which users know they can trust. |
|
none |
The
fully qualified name of a lifecycle module class file. A lifecycle module class
must implement the com.sun.appserv.server.LifecycleListener interface. |
|
value of application-root attribute of domain element |
The classpath
for a lifecycle module. Specifies where the module is located. |
|
none |
Determines the order in
which lifecycle modules are loaded at startup. Modules with smaller integer values are
loaded sooner. Values can range from 101 to the operating system’s MAXINT.
Values from 1 to 100 are reserved. |
|
false |
Determines whether the server is
shut down if a lifecycle module fails. |
|
false |
If true, specifies that active sessions
of the application being redeployed are preserved and then restored when redeployment is complete. If
any active session of the application fails to be preserved or restored, none
of the sessions are available when the redeployment is complete. However, redeployment continues
and a warning is logged. To preserve active sessions, the Enterprise Server serializes
the sessions and saves them in memory. To restore the sessions, the class loader
of the newly redeployed application deserializes any sessions that were previously saved. |
|
none
(no backward compatibility) |
Specifies the Enterprise Server release with which to be backward compatible
in terms of JAR visibility requirements for applications. The only allowed value is
v2, which refers to GlassFish version 2 or Enterprise Server version 9.1 or
9.1.1. The Java EE 6 platform specification imposes stricter requirements than Java EE 5
did on which JAR files can be visible to various modules within an
EAR file. In particular, application clients must not have access to EJB JAR
files or other JAR files in the EAR file unless references use the
standard Java SE mechanisms (extensions, for example) or the Java EE library-directory mechanism.
Setting this property to v2 removes these Java EE 6 restrictions. |
|
as-install/jruby |
Specifies the directory
where JRuby itself (not the Enterprise Server JRuby container) is installed. Overrides the
jruby-home attribute of jruby-container. |
|
1 |
Specifies the initial number of JRuby runtimes to start. Must be
at greater than zero, at least jruby.runtime.min, and jruby.runtime.max or less. Overrides the
jruby-runtime attribute of jruby-runtime-pool. |
|
1 |
Specifies the minimum number of JRuby runtimes in the
pool. Must be greater than zero, jruby.runtime or less, and jruby.runtime.max or less. Overrides
the jruby-runtime-min attribute of jruby-runtime-pool. |
|
1 |
Specifies the maximum number of JRuby runtimes in
the pool. Must be greater than zero, at least jruby.runtime.min, and at least jruby.runtime.
Overrides the jruby-runtime-max attribute of jruby-runtime-pool. |
|
development |
Specifies the environment in which a JRuby
application such as Rails or Merb runs. Allowed values are development, production, or
test. |
|
Computed through auto-detection |
Specifies the name of a supported framework or the path
to a script that initializes the user's framework. Allowed values corresponding to supported frameworks
are rails, merb, or sinatra. Setting this property bypasses the normal, and potentially lengthy, auto-detection
process and forces deployment on the specified framework. If the deployed application is
not written for the specified framework, errors result. |
|
Computed through auto-detection |
If true, specifies that
a framework being started using jruby.applicationType is thread-safe and therefore does not need a
pool created for it. This property affects applications started using an auto-detected user-provided startup
script. If jruby.applicationType is set and jruby.MTsafe is not set or is set
to false, the application starts with a pool of application instances, and each
instance of the application is accessed by one thread at a time. This
property only affects frameworks being launched where the thread safety cannot be automatically
determined. Setting jruby.MTsafe to true does not cause an auto-detected Rails 2.1.x application
to be launched in thread-safe mode, nor can it be used to force
a thread-safe framework to start in pooled mode. |
|
application-ref
References an application or module deployed to the server.
Superelements
server
Subelements
none
Attributes
The following table describes attributes for the application-ref element.
application-ref Attributes
|
|
|
|---|
enabled |
true |
(optional) Determines whether the
application or module is enabled on the server on which it is deployed. |
|
all virtual servers |
(optional) In a comma-separated list, references id attributes of the virtual-server
elements to which the web application is deployed. If you deploy a web application
and don't specify any assigned virtual servers, the web application is assigned to
all currently defined virtual servers. If you then create additional virtual servers and want
to assign existing web applications to them, you must redeploy the web applications.
For more information about deployment, see the Sun GlassFish Enterprise Server v3 Application Deployment Guide. |
disable-timeout-in-minutes |
30 |
(optional) Specifies the time
it takes this application to reach a quiescent state after having been disabled. |
|
none |
References
the name attribute of an application element. |
|
applications
Contains deployed Java EE applications, Java EE modules, and applications created using other
supported technologies.
Superelements
domain
Subelements
The following table describes subelements for the applications element.
applications Subelements
|
|
|
|---|
|
zero or more |
Specifies an
application. The application element replaces the web-module, j2ee-application, appclient-module, connector-module, lifecycle-module, extension-module, and
ejb-module elements of previous releases, which are converted to application elements during the upgrade
process. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or
more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use
application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
audit-module
Specifies an optional plug-in module that implements audit capabilities. Audit modules collect
and store information on incoming requests (servlets, EJB components) and outgoing responses.
Superelements
security-service
Subelements
The following table describes subelements for the audit-module element.
audit-module Subelements
|
|
|
|---|
|
zero or more |
Specifies a
property or a variable. |
|
Attributes
The following table describes attributes for the audit-module element.
audit-module Attributes
|
|
|
|---|
|
default |
Specifies the name of
this audit module. |
|
com.sun.enterprise.security.Audit |
Specifies the Java class that implements this audit module. |
|
Properties
The following table describes properties for the audit-module element.
audit-module Properties
|
|
|
|---|
|
false |
If true, causes the
loading of the audit module and ensures that it is called by the
Enterprise Server’s audit library at audit points. |
|
auth-realm
Defines a realm for authentication.
Authentication realms require provider-specific properties, which vary depending on what a particular implementation
needs.
For more information about how to define realms, see the Sun GlassFish Enterprise Server v3 Administration Guide.
Here is an example of the default file realm:
<auth-realm name="file"
classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
<property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"/>
<property name="jaas-context" value="fileRealm"/>
</auth-realm>
Which properties an auth-realm element uses depends on the value of the auth-realm
element’s name attribute. The file realm uses file and jaas-context properties.
Other realms use different properties.
Superelements
security-service
Subelements
The following table describes subelements for the auth-realm element.
auth-realm Subelements
|
|
|
|---|
|
zero or more |
Specifies a
property or a variable. |
|
Attributes
The following table describes attributes for the auth-realm element.
auth-realm Attributes
|
|
|
|---|
|
none |
Specifies the name of
this realm. |
|
none |
Specifies the Java class that implements this realm. |
|
Properties
The standard realms provided with Enterprise Server have required and optional properties. A
custom realm might have different properties.
The following table describes properties for the auth-realm element.
auth-realm Properties
|
|
|
|---|
|
all |
Specifies the JAAS (Java
Authentication and Authorization Service) context. |
|
all |
(optional) If this property is set, its value is taken
to be a comma-separated list of group names. All clients who present valid
certificates are assigned membership to these groups for the purposes of authorization decisions in
the web and EJB containers. |
|
file |
Specifies the file that stores user names, passwords,
and group names. The default is domain-dir/config/keyfile. |
|
certificate |
If true, specifies that client authentication is
required for all applications that use the certificate realm. The default is false. To
require client authentication for a specific web application, set the method of authentication
in the web.xml file to CLIENT-CERT. |
|
ldap |
Specifies the LDAP URL to your server. |
|
ldap |
Specifies
the LDAP base DN for the location of user data. This base DN
can be at any level above the user data, since a tree
scope search is performed. The smaller the search tree, the better the performance. |
|
ldap |
(optional)
Specifies the search filter to use to find the user. The default is
uid=%s (%s expands to the subject name). |
|
ldap |
(optional) Specifies the base DN for the
location of groups data. By default, it is same as the base-dn, but it
can be tuned, if necessary. |
|
ldap |
(optional) Specifies the search filter to find
group memberships for the user. The default is uniquemember=%d (%d expands to the
user element DN). |
|
ldap |
(optional) Specifies the LDAP attribute name that contains group name entries.
The default is CN. |
|
ldap |
(optional) Specifies an optional DN used to authenticate to the
directory for performing the search-filter lookup. Only required for directories that do not
allow anonymous search. |
|
ldap |
(optional) Specifies the LDAP password for the DN given
in search-bind-dn . |
|
jdbc |
|
|
jdbc |
Specifies the
name of the user table in the database. |
|
jdbc |
Specifies the name of the
user name column in the database's user table. |
|
jdbc |
Specifies the name of the password
column in the database's user table. |
|
jdbc |
Specifies the name of the group table in
the database. |
|
jdbc |
Specifies the name of the group name column in the database's group
table. |
|
jdbc |
(optional) Allows you to specify the database user name in the realm instead
of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a
connection, and browsing the user table. By default, the jdbc-connection-pool configuration is
used. |
|
jdbc |
(optional) Allows you to specify the database password in the realm instead of
the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection,
and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional)
Specifies the digest algorithm. The default is MD5. You can use any
algorithm supported in the JDK, or none. |
|
jdbc |
(optional) Specifies the encoding. Allowed values
are Hex and Base64. If digest-algorithm is specified, the default is Hex. If
digest-algorithm is not specified, by default no encoding is specified. |
|
jdbc |
(optional) Specifies the charset
for the digest algorithm. |
|
