Sun GlassFish Enterprise Server v3 Prelude Administration Reference

V

virtual-server

Defines a virtual server. A virtual server, also called a virtual host, is a virtual web server that serves content targeted for a specific URL. Multiple virtual servers can serve content using the same or different host names, port numbers, or IP addresses. The HTTP service can direct incoming web requests to different virtual servers based on the URL.

When the Enterprise Server is first installed, a default virtual server is created. (You can also assign a default virtual server to each new http-listener you create.)


Note –

Virtual servers are not the same thing as server instances. Each server instance is a completely separate server that contains one or more virtual servers.


Before the Enterprise Server can process a request, it must accept the request via a listener, then direct the request to the correct virtual server. The virtual server is determined as follows:

If a virtual server is configured to an SSL listener, its hosts attribute is checked against the subject pattern of the certificate at server startup, and a warning is generated and written to the server log if they don’t match.

Superelements

http-service

Subelements

The following table describes subelements for the virtual-server element.

Table 1–106 virtual-server Subelements

Element 

Required 

Description 

http-access-log

zero or one 

Defines an access log file. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the virtual-server element.

Table 1–107 virtual-server Attributes

Attribute 

Default 

Description 

id

none 

Virtual server ID. This is a unique ID that allows lookup of a specific virtual server. A virtual server ID cannot begin with a number. 

http-listeners

none 

(optional) In a comma-separated list, references id attributes of http-listener elements that specify the connection(s) the virtual server uses. Required only for a virtual-server that is not referenced by the default-virtual-server attribute of an http-listener.

default-web-module

none 

(optional) References the name attribute of the default web application for this virtual server, which responds to requests that cannot be resolved to other web modules deployed to this virtual server (see the application-ref element).

hosts

${com.sun.aas.hostName}

A comma-separated list of values, each of which selects the current virtual server when included in the Host request header. Two or more virtual-server elements that reference or are referenced by the same http-listener cannot have any hosts values in common.

state

on

(optional) Determines whether a virtual-server is active (on) or inactive (off, disabled). The default is on (active). When inactive, a virtual-server does not service requests. If a virtual-server is disabled, only the global server administrator can turn it on.

docroot

domain-dir/docroot

(optional) Specifies the document root for this virtual server. 

log-file

server.log in the directory specified by the log-root attribute of the domain element

(optional) Writes this virtual server’s log messages to a log file separate from the server log. The file and directory in which the virtual server log is kept must be writable by the user account under which the server runs. See the log-service description for details about logs.

Properties

The following table describes properties for the virtual-server element.

Table 1–108 virtual-server Properties

Property 

Default 

Description 

sso-enabled

false

If true, single sign-on is enabled for web applications on this virtual server that are configured for the same realm. If false, single sign-on is disabled for this virtual server, and users must authenticate separately to every application on the virtual server. This setting overrides the sso-enabled property setting of the http-service element.

sso-max-inactive-seconds

300

Specifies the time after which a user’s single sign-on record becomes eligible for purging if no client activity is received. Since single sign-on applies across several applications on the same virtual server, access to any of the applications keeps the single sign-on record active. Higher values provide longer single sign-on persistence for the users at the expense of more memory use on the server. 

sso-reap-interval-seconds

60

Specifies the interval between purges of expired single sign-on records. 

ssoCookieSecure

dynamic

Sets the Secure attribute of any JSESSIONIDSSO cookies associated with the web applications deployed to this virtual server. Applicable only if the sso-enabled property is set to true. Allowed values are as follows:

  • true — Sets Secure to true.

  • false — Sets Secure to false.

  • dynamic — The JSESSIONIDSSO cookie inherits the Secure setting of the first session participating in SSO.

To set the Secure attribute of a JSESSIONID cookie, use the cookieSecure cookie-properties property in the sun-web.xml file. For details, see cookie-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.

setCacheControl

none 

Specifies a comma-separated list of Cache-Control response directives. For a list of valid directives, see section 14.9 of the document at http://www.ietf.org/rfc/rfc2616.txt.

accessLoggingEnabled

false

If true, enables access logging for this virtual server only. If false, disables access logging for this virtual server only.

accessLogBufferSize

32768

Specifies the size, in bytes, of the buffer where access log calls are stored. If the value is less than 5120, a warning message is issued, and the value is set to 5120. To set this property for all virtual servers, set it as a property of the parent http-service element.

accessLogWriterInterval

300

Specifies the number of seconds before the log is written to the disk. The access log is written when the buffer is full or when the interval expires. If the value is 0, the buffer is always written even if it is not full. This means that each time the server is accessed, the log message is stored directly to the file. To set this property for all virtual servers, set it as a property of the parent http-service element.

allowRemoteAddress

none 

Specifies a comma-separated list of regular expression patterns that the remote client's IP address is compared to. If this property is specified, the remote address must match for this request to be accepted. If this property is not specified, all requests are accepted unless the remote address matches a denyRemoteAddress pattern.

denyRemoteAddress

none 

Specifies a comma-separated list of regular expression patterns that the remote client's IP address is compared to. If this property is specified, the remote address must not match for this request to be accepted. If this property is not specified, request acceptance is governed solely by the allowRemoteAddress property.

allowRemoteHost

none 

Specifies a comma-separated list of regular expression patterns that the remote client's hostname (as returned by [java.net.]Socket.getInetAddress().getHostName()) is compared to. If this property is specified, the remote hostname must match for this request to be accepted. If this property is not specified, all requests are accepted unless the remote hostname matches a denyRemoteHost pattern.

denyRemoteHost

none 

Specifies a comma-separated list of regular expression patterns that the remote client's hostname (as returned by [java.net.]Socket.getInetAddress().getHostName()) is compared to. If this property is specified, the remote hostname must not match for this request to be accepted. If this property is not specified, request acceptance is governed solely by the allowRemoteHost property.

authRealm

none 

Specifies the name attribute of an auth-realm element, which overrides the server instance's default realm for stand-alone web applications deployed to this virtual server. A realm defined in a stand-alone web application's web.xml file overrides the virtual server's realm.

securePagesWithPragma

true

Set this property to false to ensure that for all web applications on this virtual server file downloads using SSL work properly in Internet Explorer.

You can set this property for a specific web application. For details, see sun-web-app in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.

alternatedocroot_n

none 

Specifies an alternate document root (docroot), where n is a positive integer that allows specification of more than one. Alternate docroots allow web applications to serve requests for certain resources from outside their own docroot, based on whether those requests match one (or more) of the URI patterns of the web application's alternate docroots.

If a request matches an alternate docroot's URI pattern, it is mapped to the alternate docroot by appending the request URI (minus the web application's context root) to the alternate docroot's physical location (directory). If a request matches multiple URI patterns, the alternate docroot is determined according to the following precedence order: 

  • Exact match

  • Longest path match

  • Extension match

For example, the following properties specify three alternate docroots. The URI pattern of the first alternate docroot uses an exact match, whereas the URI patterns of the second and third alternate docroots use extension and longest path prefix matches, respectively. 

<property name="alternatedocroot_1" 
   value="from=/my.jpg dir=/srv/images/jpg"/>
<property name="alternatedocroot_2" 
   value="from=*.jpg dir=/srv/images/jpg"/>
<property name="alternatedocroot_3" 
   value="from=/jpg/* dir=/src/images"/>

The value of each alternate docroot has two components: The first component, from, specifies the alternate docroot's URI pattern, and the second component, dir, specifies the alternate docroot's physical location (directory). Spaces are allowed in the dir component.

You can set this property for a specific web application. For details, see sun-web-app in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.

contextXmlDefault

none 

Specifies the location, relative to domain-dir, of the context.xml file for this virtual server, if one is used. For more information about the context.xml file, see Using a context.xml File in Sun GlassFish Enterprise Server v3 Prelude Developer’s Guide and The Context Container. Context parameters, environment entries, and resource definitions in context.xml are supported in the Enterprise Server.

allowLinking

false

If true, resources that are symbolic links in web applications on this virtual server are served. The value of this property in the sun-web.xml file takes precedence if defined. For details, see sun-web-app in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.


Caution – Caution –

Setting this property to true on Windows systems exposes JSP source code.


send-error_n

none 

Specifies custom error page mappings for the virtual server, which are inherited by all web applications deployed on the virtual server. A web application can override these custom error page mappings in its web.xml deployment descriptor. The value of each send-error_n property has three components, which may be specified in any order:

The first component, code, specifies the three-digit HTTP response status code for which the custom error page should be returned in the response.

The second component, path, specifies the absolute or relative file system path of the custom error page. A relative file system path is interpreted as relative to the domain-dir/config directory.

The third component, reason, is optional and specifies the text of the reason string (such as Unauthorized or Forbidden) to be returned.

For example: 

<property name="send-error_1"
   value="code=401 path=/myhost/401.html reason=MY-401-REASON"/>

This example property definition causes the contents of /myhost/401.html to be returned with 401 responses, along with this response line:


HTTP/1.1 401 MY-401-REASON

redirect_n

none 

Specifies that a request for an old URL is treated as a request for a new URL. These properties are inherited by all web applications deployed on the virtual server. The value of each redirect_n property has two components, which may be specified in any order:

The first component, from, specifies the prefix of the requested URI to match.

The second component, url-prefix, specifies the new URL prefix to return to the client. The from prefix is simply replaced by this URL prefix.

For example: 

<property name="redirect_1" 
value="from=/dummy url-prefix=http://etude"/>

valve_n

none 

Specifies a fully qualified class name of a custom valve, where n is a positive integer that allows specification of more than one. The valve class must implement the org.apache.catalina.Valve interface from Tomcat or previous Enterprise Server releases, or the org.glassfish.web.valve.GlassFishValve interface from the current Enterprise Server release. For example:

<property name="valve_1" 
   value="org.glassfish.extension.Valve"/>

You can set this property for a specific web application. For details, see sun-web-app in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.

listener_n

none 

Specifies a fully qualified class name of a custom Catalina listener, where n is a positive integer that allows specification of more than one. The listener class must implement the org.apache.catalina.ContainerListener or org.apache.catalina.LifecycleListener interface. For example:

<property name="listener_1" 
   value="org.glassfish.extension.MyLifecycleListener"/>

You can set this property for a specific web application. For details, see sun-web-app in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.