test

Sun GlassFish Enterprise Server v2.1.1 Administration Reference

A

access-log

Defines access log settings for each http-access-log subelement of each virtual-server.

Superelements

http-service

Subelements

none

Attributes

The following table describes attributes for the access-log element.

Table 1–1 access-log Attributes

Attribute 

Default 

Description 

format

%client.name% %auth-user-name% %datetime% %request% %status% %response.length%

(optional) Specifies the format of the access log. For a complete list of token values you can use in the format, see the online help for the Access Log tab of the HTTP Service page in the Admin Console. 

rotation-policy

time

(optional) Specifies the condition that triggers log rotation. The only legal value is time, which rotates log files at the rotation-interval-in-minutes interval.

rotation-interval-in-minutes

15 (developer profile)

1440 (cluster and enterprise profiles)

(optional) Specifies the time interval between log rotations if rotation-policy is set to time.

rotation-suffix

yyyy-MM-dd (developer profile)

yyyyMMdd-HH'h'mm'm'ss's' (cluster and enterprise profiles)

(optional) Specifies the format of the timestamp appended to the access log name when log rotation occurs.  

For supported formats, see http://java.sun.com/javase/6/docs/api/java/text/SimpleDateFormat.html.

The following value is supported for backward compatibility. It results in the same format as the default. 

%YYYY;%MM;%DD;-%hh;h%mm;m%ss;s

rotation-enabled

true

(optional) If true, enables log rotation.

action

Specifies the action of a management rule. The action is implemented as an MBean.

Superelements

management-rule

Subelements

none

Attributes

The following table describes attributes for the action element.

Table 1–2 action Attributes

Attribute 

Default 

Description 

action-mbean-name

none 

Specifies the name of the mbean that performs the action of a management rule. This MBean must implement javax.management.NotificationListener.

admin-object-resource

Defines an administered object for an inbound resource adapter.

Superelements

resources

Subelements

The following table describes subelements for the admin-object-resource element.

Table 1–3 admin-object-resource Subelements

Element 

Required 

Description 

description

zero or one 

Contains a text description of this element. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the admin-object-resource element.

Table 1–4 admin-object-resource Attributes

Attribute 

Default 

Description 

jndi-name

none 

Specifies the JNDI name for the resource. 

res-type

none 

Specifies the fully qualified type of the resource. 

res-adapter

none 

Specifies the name of the inbound resource adapter, as specified in the name attribute of a connector-module element.

object-type

user

(optional) Defines the type of the resource. Allowed values are: 

  • system-all - A system resource for all server instances and the domain application server.

  • system-admin - A system resource only for the domain application server.

  • system-instance - A system resource for all server instances only.

  • user - A user resource.

enabled

true

(optional) Determines whether this resource is enabled at runtime. 

Properties

Properties of the admin-object-resource element are the names of setter methods of the adminobject-class specified in the adminobject element of the ra.xml file. Some of the property names can be specified in the adminobject element itself. For example, in jmsra, the resource adapter used to communicate with the Sun Java System Message Queue software, jmsra, Name and Description are valid properties.

For a complete list of the available properties (called administered object attributes in the Message Queue software), see the Sun GlassFish Message Queue 4.4 Administration Guide.

admin-service

Determines whether the server instance is a regular instance, a domain administration server, or a combination.

Superelements

config

Subelements

The following table describes subelements for the admin-service element.

Table 1–5 admin-service Subelements

Element 

Required 

Description 

jmx-connector

zero or more 

Configures a JSR 160/255 compliant remote JMX connector. 

das-config

only one (developer profile) 

zero or one (cluster and enterprise profiles) 

Defines a domain administration server configuration. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the admin-service element.

Table 1–6 admin-service Attributes

Attribute 

Default 

Description 

type

das-and-server (developer profile)

server (cluster and enterprise profiles)

Specifies whether the server instance is a regular instance (server), a domain administration server (das), or a combination (das-and-server). modifying this value is not recommended.

system-jmx-connector-name

none 

Specifies the name of the internal jmx-connector.

alert-service

Configures the alert service, which allows you to register for and receive system status alerts.

Superelements

config

Subelements

The following table describes subelements for the alert-service element.

Table 1–7 alert-service Subelements

Element 

Required 

Description 

alert-subscription

zero or more 

Configures a subscription to system status alerts. 

property

zero or more 

Specifies a property or a variable. 

alert-subscription

Configures a subscription to system status alerts.

Superelements

alert-service

Subelements

The following table describes subelements for the alert-subscription element.

Table 1–8 alert-subscription Subelements

Element 

Required 

Description 

listener-config

only one 

Configures the listener class that listens for alerts from notification emitters. 

filter-config

zero or one 

Configures the filter class that filters alerts from notification emitters. 

Attributes

The following table describes attributes for the alert-subscription element.

Table 1–9 alert-subscription Attributes

Attribute 

Default 

Description 

name

none 

Specifies the name of this alert subscription. 

appclient-module

Specifies a deployed application client container (ACC) module.

Superelements

applications

Subelements

The following table describes subelements for the appclient-module element.

Table 1–10 appclient-module Subelements

Element 

Required 

Description 

description

zero or one 

Contains a text description of this element. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the appclient-module element.

Table 1–11 appclient-module Attributes

Attribute 

Default 

Description 

name

none 

The name of the ACC module. 

location

none 

The location of the ACC module in the Enterprise Server file system. 

directory-deployed

false

(optional) Specifies whether the application has been deployed as a directory. 

java-web-start-enabled

true

(optional) Specifies whether Java Web Start access is permitted for this application client. 

application-ref

References an application or module deployed to the server instance or cluster.

Note –

Some topics in the documentation pertain to features that are available only in domains that are configured to support clusters. Examples of domains that support clusters are domains that are created with the cluster profile or the enterprise profile. For information about profiles, see Usage Profiles in Sun GlassFish Enterprise Server v2.1.1 Administration Guide.

Superelements

cluster, server

Subelements

none

Attributes

The following table describes attributes for the application-ref element.

Table 1–12 application-ref Attributes

Attribute 

Default 

Description 

enabled

true

(optional) Determines whether the application or module is enabled. 

virtual-servers

all virtual servers 

(optional) In a comma-separated list, references id attributes of the virtual-server elements to which the web-module or the web modules within this j2ee-application are deployed.

lb-enabled

false

(optional) If true, all load-balancers that reference this application consider it available to them.

disable-timeout-in-minutes

30

(optional) Specifies the time it takes this application to reach a quiescent state after having been disabled. 

ref

none 

References the name attribute of a lifecycle-module, j2ee-application, ejb-module, web-module, connector-module, appclient-module, or extension-module element.

applications

Contains deployed Java EE applications, Java EE modules, and Lifecycle modules.

Superelements

domain

Subelements

The following table describes subelements for the applications element.

Table 1–13 applications Subelements

Element 

Required 

Description 

lifecycle-module

zero or more 

Specifies a deployed lifecycle module. 

j2ee-application

zero or more 

Specifies a deployed Java EE application. 

ejb-module

zero or more 

Specifies a deployed EJB module. 

web-module

zero or more 

Specifies a deployed web module. 

connector-module

zero or more 

Specifies a deployed connector module. 

appclient-module

zero or more 

Specifies a deployed application client container (ACC) module. 

mbean

zero or more 

Specifies an MBean. 

extension-module

zero or more 

Specifies an extension module. 

Note –

Subelements of an applications element can occur in any order.

audit-module

Specifies an optional plug-in module that implements audit capabilities.

Superelements

security-service

Subelements

The following table describes subelements for the audit-module element.

Table 1–14 audit-module Subelements

Element 

Required 

Description 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the audit-module element.

Table 1–15 audit-module Attributes

Attribute 

Default 

Description 

name

default

Specifies the name of this audit module. 

classname

com.sun.enterprise.security.Audit

Specifies the Java class that implements this audit module. 

auth-realm

Defines a realm for authentication.

Authentication realms require provider-specific properties, which vary depending on what a particular implementation needs.

For more information about how to define realms, see the Sun GlassFish Enterprise Server v2.1.1 Administration Guide.

Here is an example of the default file realm:

<auth-realm name="file"
     classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
     <property name="file" value="domain-dir/config/keyfile"/>
     <property name="jaas-context" value="fileRealm"/>
 </auth-realm>

Which properties an auth-realm element uses depends on the value of the auth-realm element’s name attribute. The file realm uses file and jaas-context properties. Other realms use different properties.

Superelements

node-agent, security-service

Subelements

The following table describes subelements for the auth-realm element.

Table 1–16 auth-realm Subelements

Element 

Required 

Description 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the auth-realm element.

Table 1–17 auth-realm Attributes

Attribute 

Default 

Description 

name

none 

Specifies the name of this realm. 

classname

none 

Specifies the Java class that implements this realm. 

Properties

The standard realms provided with Enterprise Server have required and optional properties. A custom realm might have different properties.

The following table describes properties for the auth-realm element.

Table 1–18 auth-realm Properties

Property 

Realms 

Description 

jaas-context

file, ldap, jdbc, solaris

Specifies the JAAS (Java Authentication and Authorization Service) context. 

file

file

Specifies the file that stores user names, passwords, and group names. The default is domain-dir/config/keyfile.

assign-groups

certificate, file, jdbc, ldap, solaris

(optional) If this property is set, its value is taken to be a comma-separated list of group names. All clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers.

directory

ldap

Specifies the LDAP URL to your server. 

base-dn

ldap

Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. 

search-filter

ldap

(optional) Specifies the search filter to use to find the user. The default is uid=%s (%s expands to the subject name).

group-base-dn

ldap

(optional) Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary.

group-search-filter

ldap

(optional) Specifies the search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN).

group-target

ldap

(optional) Specifies the LDAP attribute name that contains group name entries. The default is CN.

search-bind-dn

ldap

(optional) Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search.

search-bind-password

ldap

(optional) Specifies the LDAP password for the DN given in search-bind-dn .

datasource-jndi

jdbc

Specifies the jndi-name of the jdbc-resource for the database.

user-table

jdbc

Specifies the name of the user table in the database. 

user-name-column

jdbc

Specifies the name of the user name column in the database's user table. 

password-column

jdbc

Specifies the name of the password column in the database's user table. 

group-table

jdbc

Specifies the name of the group table in the database. 

group-name-column

jdbc

Specifies the name of the group name column in the database's group table. 

db-user

jdbc

(optional) Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used.

db-password

jdbc

(optional) Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used.

digest-algorithm

jdbc

(optional) Specifies the digest algorithm. The default is MD5. You can use any algorithm supported in the JDK, or none.

encoding

jdbc

(optional) Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default is Hex. If digest-algorithm is not specified, by default no encoding is specified.

charset

jdbc

(optional) Specifies the charset for the digest algorithm. 

availability-service

Configures the availability service. Enables high-availability features, such as session state and stateful session bean state persistence. If the Sun Java System high-availability database (HADB) is installed and you have selected the enterprise profile, session state is persisted to the HADB.

Note –

Some topics in the documentation pertain to features that are available only in domains that are configured to support clusters. Examples of domains that support clusters are domains that are created with the cluster profile or the enterprise profile. For information about profiles, see Usage Profiles in Sun GlassFish Enterprise Server v2.1.1 Administration Guide.

Availability can be enabled or disabled at the following levels:

  1. The server instance (attribute of availability-service). Default is true (enabled).

  2. The EJB or web container (attribute of ejb-container-availability or web-container-availability). Default is true (enabled).

  3. The application (attribute of j2ee-application). Default is false (disabled).

  4. The stand-alone EJB or web module (attribute of ejb-module or web-module). Default is false (disabled).

  5. The stateful session bean. Default is false (disabled). See the Sun GlassFish Enterprise Server v2.1.1 Developer’s Guide.

For availability to be enabled at a given level, it must be enabled at all higher levels, as well. For example, to enable availability at the application level, you must also enable it at the server instance and container levels.

If the HADB is installed and the enterprise profile is selected, availability can also be enabled in the Java Message Service (attribute of jms-availability). The default is false (disabled). JMS availability is disabled if server instance availability is disabled. JMS availability neither affects nor is affected by any other availability levels.

Superelements

config

Subelements

The following table describes subelements for the availability-service element.

Table 1–19 availability-service Subelements

Element 

Required 

Description 

web-container-availability

zero or one 

Enables availability in the web container. 

ejb-container-availability

zero or one 

Enables availability in the EJB container. 

jms-availability

zero or one 

Enables availability in the Java Message Service. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the availability-service element.

Table 1–20 availability-service Attributes

Attribute 

Default 

Description 

availability-enabled

true

(optional) If set to true, high-availability features apply to all applications deployed to the server instance that do not have availability disabled. All instances in a cluster should have the same availability value to ensure consistent behavior.

ha-agent-hosts

none 

Specifies a comma-separated list of server host names or IP addresses where management agents for the high availability store are running. Applicable if HADB is installed and you have selected the enterprise profile. 

ha-agent-port

none 

Specifies the port number where management agents for the high availability store can be contacted. Applicable if HADB is installed and you have selected the enterprise profile. 

ha-agent-password

asadmin password

Specifies the password for access to management agents for the high availability store. Applicable if HADB is installed and you have selected the enterprise profile. 

ha-store-name

cluster name 

(optional) Specifies the HADB database name. Applicable if HADB is installed and you have selected the enterprise profile. 

auto-manage-ha-store

true

(optional) If true, the life cycle of the highly available store is matched with the life cycle of the highly available cluster. The store is started or stopped with the cluster. It is removed when the cluster is deleted. If false, the store life cycle must be manually managed by the administrator. Applicable if HADB is installed and you have selected the enterprise profile.

store-pool-name

jdbc/hastore

(optional) Specifies the jndi-name of the jdbc-resource used for connections to the HADB for session persistence. Applicable if HADB is installed and you have selected the enterprise profile.

For more information about setting up a connection pool and JDBC resource for the HADB, see the description of the configure-ha-cluster command in the Sun GlassFish Enterprise Server v2.1.1 Reference Manual.

ha-store-healthcheck-enabled

false

(optional) If true, periodic checking is done to detect if the HADB has become available again after a failure. If the health check succeeds, persistence to the HADB is resumed. Applicable if HADB is installed and you have selected the enterprise profile.

ha-store-healthcheck-interval-in-seconds

5

(optional) Specifies the interval at which the HADB's health is checked. The checking begins only after a failure is detected. Applicable if HADB is installed and you have selected the enterprise profile. 

Properties

The following table describes properties for the availability-service element. For more information about replicated session persistence, see web-container-availability and ejb-container-availability.

Table 1–21 availability-service Properties

Attribute 

Default 

Description 

replication_measurement_enabled

false

If true, logs measurements of replication times.

One of these messages appears in the sending instance's log: 


messageSendSucceeded: id = session-id fastAckTime = 8  
   to partner: instance-name
messageSendFailed: id = session-id fastAckTime = 8  
   to partner: instance-name

This message appears in the receiving instance's log: 


messageReceiptSucceeded: bulkId = 1 receiptTime =  12 
   from partner: instance-name

replication_measurement_interval

1

Specifies the frequency of measurement of replication. It must be a positive integer: 1 means every replication, 2 means once every 2 replications, 3 means once every 3 replications, and so on. Applicable only if replication_measurement_enabled is set to true.

rolling-upgrade-backup-directory

instance-dir/rollingupgrade

Specifies where the asadmin backup-session-store command backs up active and replica sessions.