auth-realm

one or more 

Defines a realm for authentication. 

jacc-provider

one or more 

Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization. 

audit-module

zero or more 

Specifies an optional plug-in module that implements audit capabilities. 

message-security-config

zero or more 

Specifies configurations for message security providers. 

property

zero or more 

Specifies a property or a variable. 

default-realm

file

(optional) Specifies the active authentication realm (an auth-realm name attribute) for this server instance.

default-principal

none 

(optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation. 

default-principal-password

none 

(optional) The password of the default principal. This attribute need not be set for normal server operation. 

anonymous-role

ANYONE

(optional) Used as the name for default, or anonymous, role. The anonymous role is always assigned to all principals. This role value can be used in J2EE deployment descriptors to grant access to anyone. 

audit-enabled

false

(optional) If true, additional access logging is performed to provide audit information.

Audit information consists of: 

• Authentication success and failure events

• Servlet and EJB access grants and denials

jacc

default

(optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider.

audit-modules

default

(optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module.