Oracle® Containers for J2EE Servlet Developer's Guide 10g (10.1.3.1.0) Part Number B28959-01 |
|
|
View PDF |
This appendix contains reference information for the OC4J-specific Web module configuration files global-web-application.xml
(for global and default configuration) and orion-web.xml
(for application-level configuration). There is also an overview of these files and their relationship to the standard web.xml
file.
A Web descriptor specifies and configures a set of J2EE Web components: static pages, servlets, and JSP pages. The Web components can together form an independent Web application and be deployed in an independent WAR file. More typically, however, they will form just part of an overall J2EE application, being deployed in a WAR file within the EAR file of the J2EE application.
OC4J uses three categories of Web descriptors. The following sections discuss each of them and summarize the relationships between them:
The servlet specification defines the concept and XSD of a Web descriptor, called web.xml
, that you must include in the /WEB-INF
directory of the associated WAR file. The web.xml
file specifies and configures the Web components of the WAR file, as well as other components, such as EJBs, that the Web components may call. See the servlet specification for more information.
Here is sample web.xml
configuration specifying, among other things, a servlet, the servlet mapping, and a local EJB lookup:
<web-app> <display-name>stateful, web-app:</display-name> <description>no description</description> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <ejb-local-ref> <ejb-ref-name>CartBean</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <local-home>cart.CartHome</local-home> <local>cart.Cart</local> </ejb-local-ref> <servlet> <servlet-name>cart</servlet-name> <servlet-class>cart.CartServlet</servlet-class> <init-param> <param-name>param1</param-name> <param-value>1</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>cart</servlet-name> <url-pattern>/cart</url-pattern> </servlet-mapping> <security-role> <role-name>users</role-name> </security-role> </web-app>
The OC4J server.xml
file, through its <global-web-app-config>
element, specifies the OC4J global Web application descriptor. It is typically global-web-application.xml
, in the same directory as server.xml
. This descriptor defines default behavior for Web applications in OC4J.
The global Web application descriptor is defined by the XSD orion-web.xsd
. This is the same XSD as for the application-level, OC4J-specific Web descriptor, orion-web.xml
, described in the next section, "Oracle orion-web.xml Configuration File".
The orion-web
XSD is a superset of the standard XSD for web.xml
. A <web-app>
subelement of the <orion-web-app>
top-level element in the orion-web
XSD has the same specification as the top-level <web-app>
element of web.xml
. There are also many other subelements of <orion-web-app>
for specifying and configuring OC4J-specific features.
For any default settings you specify within the <web-app>
element in global-web-application.xml
, you can add to or, optionally, override these settings through <web-app>
settings in web.xml
. You can then add to or, optionally, override the resulting settings through <web-app>
settings in orion-web.xml
.
Note: Avoid using the<web-app> element in global-web-application.xml or orion-web.xml if possible. Because it is customary to look in web.xml for any <web-app> entries, having such entries elsewhere could be confusing and may cause difficulty during troubleshooting. |
For any default settings you specify outside the <web-app>
element in global-web-application.xml
, you can add to or, optionally, override these settings through parallel settings in orion-web.xml
.
For detailed information about the elements and attributes of the OC4J global Web application descriptor, see "Elements and Attributes of orion-web.xml, global-web-application.xml".
In addition to the standard Web descriptor, web.xml
, and the OC4J global Web application descriptor, global-web-application.xml
(which establishes default behavior), there is an OC4J-specific application-level Web descriptor, orion-web.xml
.
The orion-web.xml
descriptor is defined by a corresponding XSD. This is the same XSD as for the global Web application descriptor that was described in the previous section, "Oracle global-web-application.xml Configuration File".
You can provide an orion-web.xml
file as well as the web.xml
file, also in the /WEB-INF
directory of your WAR file. Use orion-web.xml
to add to or, optionally, override any default settings in global-web-application.xml
, as well as to add to or override any settings in web.xml
.
Including an orion-web.xml
file in your WAR file (inside the EAR file) is optional. If you include it, OC4J copies it into the deployment directory during deployment (under the j2ee/home/application-deployments
directory by default). Otherwise, OC4J generates orion-web.xml
for you in the deployment directory, using default settings from global-web-application.xml
. Additionally, some web.xml
settings will influence the generation of orion-web.xml
. For example, <resource-ref>
entries in web.xml
will result in corresponding <resource-ref-mapping>
entries in orion-web.xml
. .
Note: When OC4J copiesorion-web.xml , it may make changes to the file but these changes are transparent. For example, an attribute setting that specifies the default value may be ignored or removed. |
For detailed information about the elements and attributes of the OC4J-specific Web descriptor, see "Elements and Attributes of orion-web.xml, global-web-application.xml".
You can think of the relationship between global-web-application.xml
, web.xml
, and orion-web.xml
as follows:
The global-web-application.xml
file establishes defaults for any Web application in OC4J.
The web.xml
file overlays anything defined in the <web-app>
element of global-web-application.xml
, adding to and possibly overriding any Web components and other settings defined there.
The orion-web.xml
file overlays everything, adding to and possibly overriding any settings from global-web-application.xml
and web.xml
.
Here is an overview of the element hierarchy for the global-web-application.xml
and orion-web.xml
files.
Note: You cannot use an <ojsp-init> element inglobal-web-application.xml . |
This section is an alphabetical dictionary of elements of the orion-web.xml
and global-web-application.xml
files. See the preceding section, "Hierarchy of orion-web.xml and global-web-application.xml", if you are interested in the hierarchy.
The element descriptions in this section generally apply to either global-web-application.xml
or to an application-specific orion-web.xml
configuration file. The global-web-application.xml
file configures the global application and sets defaults; the orion-web.xml
file can override these defaults for a particular application deployment, as appropriate. See "Summary of Relationship Between Web Application Configuration Files" for a summary.
Notes:
|
Parent element: <orion-web-app>
Child elements: <host-access>, <ip-access>
Required? Optional; zero or one
Use subelements of <access-mask>
to specify optional access masks for this application. You can use host names or domains to filter clients, through <host-access>
subelements, or you can use IP addresses and subnets to filter clients, through <ip-access>
subelements, or you can do both.
Table B-1 <access-mask> Attributes
Name | Description |
---|---|
default |
Values: allow|deny Default: allow Specifies whether to allow requests from clients not identified through a |
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
Use this element to inform OC4J of additional code locations for Web application class loading—either library files or locations for individual class files.
Table B-2 <classpath> Attributes
Name | Description |
---|---|
path |
Values: String Default: n/a (required) You can specify one or more locations, separated by commas or semicolons, where a location can be either of the following:
In either case, you can use an absolute path or a path that is relative to the configuration file location ( If you specify a directory path, the classloader recognizes only individual class files in the specified directory, not JAR or ZIP files (unless those are specified separately). For example, assume the following setting in <classpath path= /abc/def/lib1.jar, /abc/def/zip1.jar, /abc/def,mydir /> The classloader recognizes the following:
|
Parent element: <lookup-context>
Child elements: None
Required? Required if you use <lookup-context>
; one or more
Each occurrence of this element specifies an attribute to send to a nondefault, such as third-party, JNDI context named in the parent <lookup-context>
element.
The only mandatory attribute in JNDI is java.naming.factory.initial
, which is the class name of the context factory implementation.
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
This element carries information in the content of the element itself, as follows:
In orion-web.xml
, a <context-param-mapping>
element overrides the value specified through a corresponding <context-param>
element in web.xml
, for a servlet context parameter. Use the name
attribute to match a <param-name>
setting in web.xml
, and use the element value to specify the new value:
<context-param-mapping name="..." >deploymentValue</context-param-mapping>
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
Use this element to declare a JNDI location for an EJB. This is in conjunction with a corresponding <ejb-ref>
or <ejb-local-ref>
element to declare the EJB in the web.xml
file. The <ejb-ref-mapping>
element name
attribute corresponds to an <ejb-ref-name>
element in web.xml
, and the location
attribute specifies a JNDI location.
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
In orion-web.xml
, an <env-entry-mapping>
element overrides the value specified through a corresponding <env-entry>
element in web.xml
, for an environment entry. Use the name
attribute to match an <env-entry-name>
setting in web.xml
, and use the element value to specify the new value:
<env-entry-mapping name="..." >deploymentValue</env-entry-mapping>
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
This element sets the expiration for a given set of resources; that is, how long before the resources would expire in the browser. (The browser reloads an expired resource upon the next request for it.) This is useful for caching policies, such as for not reloading images as frequently as documents.
Table B-7 <expiration-setting> Attributes
Name | Description |
---|---|
expires |
Values: String (integer, seconds) Default: 0 Specifies the number of seconds before expiration, or |
url-pattern |
Values: String Default: n/a (required) Specifies the URL pattern that the expiration applies to. This could be as in the following example: url-pattern="*.gif" |
Parent element: <security-role-mapping>
Child elements: None
Required? Optional; zero or more
Use this subelement of <security-role-mapping>
to specify a group to map to the security role specified in the parent <security-role-mapping>
element. All the members of the specified group are included in this role.
Parent element: <access-mask>
Child elements: None
Required? Optional; zero or more
This subelement of <access-mask>
specifies a host name or domain from which to allow or deny access.
Parent element: <access-mask>
Child elements: None
Required? Optional; zero or more
This subelement of <access-mask>
specifies an IP address and subnet mask from which to allow or deny access.
Table B-10 <ip-access> Attributes
Name | Description |
---|---|
ip |
Values: String Default: n/a (required) Specifies the IP address, as a 32-bit value (for example, |
netmask |
Values: String Default: No default Specifies the relevant subnet mask, if any (example: |
mode |
Values: allow|deny Default: n/a (required) Specifies whether to allow or deny access from the specified IP address and subnet mask. |
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or one
Use this element to configure the OracleAS JAAS Provider and Single Sign-On (SSO) properties for servlet execution. You must set these features appropriately to invoke a servlet under the privileges of a particular security subject.
When Oracle Identity Management is being used as the security provider for a Web application, with SSO for authentication, you can synchronize a servlet session with the OracleAS JAAS Provider user context through <jazn-web-app>
. To synchronize the session with the user context, set the sso.session.synchronize
property to "true
", the default, in a <property>
subelement under <jazn-web-app>
:
<jazn-web-app ...> <property name="sso.session.synchronize" value="true"/> </jazn-web-app>
Or you can set the property to "false".
For additional information about JAAS and the features described for this element, see the Oracle Containers for J2EE Security Guide. You can also refer to related Sun Microsystems documentation at the following location:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html
Table B-11 <jazn-web-app> Attributes
Name | Description |
---|---|
auth-method |
Values: BASIC|SSO|COREIDSSO Default: BASIC This is the method of HTTP client authentication. " Another value for Note: Use " |
runas-mode |
Values: Boolean Default: false This mode is deprecated in the OC4J 10.1.3 implementation, but still supported for backward compatibility. A new, consolidated JAAS mode replaces the Set With the default |
doasprivileged-mode |
Values: Boolean Default: true This mode is deprecated in the OC4J 10.1.3 implementation, but still supported for backward compatibility. A new, consolidated JAAS mode replaces the
When the |
Warning Issued for servlet.init() Not Working with run-as
For a Web application, when run-as
user
is specified in the web.xml
file, all method invocations except the Servlet.init()
method will be invoked as the specified user. With the JMS Router being the default application of OC4J, calls need to be authorized to the router's EJBs. This is done by defining the application role "jmsRouter"
, which is mapped to the JAAS "oc4j-administrators"
role, and specifying <method-permission>
for all methods of the router's EJBs.
The init()
method of the servlet within the router's Web model creates a router EJB object. Regardless of whether run-as
is specified in web.xml
for the servlet, a security exception is thrown:
@ oracle.oc4j.rmi.OracleRemoteException: anonymous is not allowed to call this EJB method, check your security settings (method-permission in ejb-jar.xml and security-role-mapping in orion-application.xml).
Workaround for run-as Warning
You can remove the security warning by commenting out '*'
in the <method-name>
element of <method-permission>
in ejb-jar.xml
and explicitly enumerating all methods in AdminMgrBean
that the jmsRouter
role can access, as follows.
<!-- <method-permission> <role-name>jmsRouter</role-name> <method> <ejb-name>AdminMgrBean</ejb-name> <method-name>*</method-name> </method> </method-permission> --> <method-permission> <role-name>jmsRouter</role-name> <method> <ejb-name>AdminMgrBean</ejb-name> <method-name>getConfig</method-name> </method> </method-permission> ...
runAsRoleName
is correctly parsed in ServletDescriptor.java
, stored in info
and thread
in HttpApplication.loadServlet()
.
Parent element: <resource-ref-mapping>
Child elements: <context-attribute>
Required? Optional; zero or one
This element, through its location
attribute, specifies an optional JNDI context that will be used instead of the default context in looking up the resource mapped in the parent <resource-ref-mapping>
element. This is useful when you are connecting to third-party modules, such as a third-party JMS server, for example. (Either use the JNDI context implementation supplied by the resource vendor, or, if none exists, write an implementation that negotiates with the vendor software.)
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
This element defines the path to a file containing MIME mappings to use.
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or one
This element sets the JSP configuration parameters (attributes) that Table B-14 lists. If you specify this element in the orion-web.xml
file for a Web application, the values of these attributes, including default values, override the values of any corresponding JSP configuration parameters specified in <init-param>
elements in the web.xml
deployment descriptor installed with the Web module. Any corresponding command-line options of the ojspc
pretranslation utility override the <ojsp-init>
attributes as well as any corresponding settings in web.xml
.
Note: You cannot use an <ojsp-init> element inglobal-web-application.xml . |
Table B-14 <ojsp-init> Attributes
Name | Description |
---|---|
debug-mode |
Values: Boolean Default: false Specifies whether or not to print the stack trace. Set to When this parameter is |
iso-8859-1-convert |
Values: Boolean Default: true Specifies whether or not to convert strings to the iso-8859-1 character set. If the value of |
jsr45-debug |
Values: none, class, file Default: none Specifies the method for JSR-45 support, which JSR-045: Debugging Support for Other Languages describes. Setting |
main-mode |
Values: recompile, reload, justrun Default: recompile Specifies whether JSP-generated classes are automatically reloaded or JSP pages are automatically retranslated when changes are made. If enabled, this feature allows new or modified JSP pages to be loaded into the OC4J runtime, without requiring the Web application to be redeployed or restarted. See Oracle Containers for J2EE Support for JavaServer Pages Developer's Guidefor additional information. If the value of If the value of If the value of |
precompile-check |
Values: Boolean Default: false Specifies whether to check the HTTP request for a standard If |
reduce-tag-code |
Values: Boolean Default: false If set to |
req-time-introspection |
Values: Boolean Default: false If set to As an example of a scenario for use of request-time introspection, assume a tag handler returns a generic An additional effect of this flag is to allow a bean to be declared twice, such as in different branches of an <% if (cond) { %> <jsp:useBean id="foo" class="pkgA.Foo1" /> <% } else { %> <jsp:useBean id="foo" class="pkgA.Foo2" /> <% } %> |
static-text-in-chars |
Values: Boolean Default: false If set to Enable this flag if your application requires the ability to change the character encoding dynamically during runtime, such as in the following example: <% response.setContentType("text/html; charset=UTF-8"); %> The |
tags-reuse |
Values: compiletime, compiletime-with-release, none Default: compiletime Specifies the mode for tag handler reuse, also known as tag pooling.
|
Table B-15 lists the <ojsp-init>
attributes with corresponding JSP servlet <init-param>
elements and ojspc
command-line options. For more information about JSP servlet <init-param>
elements, see the Oracle Containers for J2EE Support for JavaServer Pages Developer's Guide. For more information about JSP servlet ojspc
command-line options, see the Oracle Containers for J2EE JSP Tag Libraries and Utilities Reference.
Table B-15 JSP Servlet Configuration Parameters
<ojsp-init> Attribute | Equivalent JSP Servlet <init-param> | ojspc Command-Line Option |
---|---|---|
debug-mode |
debug_mode |
n/a |
iso-8859-1-convert |
iso-8859-1-convert |
n/a |
jsr45-debug |
debug |
-debug |
main-mode |
main_mode |
n/a |
precompile-check |
precompile_check |
n/a |
reduce-tag-code |
reduce_tag_code |
-reduceTagCode |
req-time-introspection |
req_time_instrospection |
-reqTimeIntrospection |
static-text-in-chars |
static-text-in-chars |
-staticTextInChars |
tags-reuse |
tags_reuse_default |
-tagReuse |
Parent element: n/a (root)
Child elements: <access-mask>, <classpath>, <context-param-mapping>, <ejb-ref-mapping>, <env-entry-mapping>, <expiration-setting>, <jazn-web-app>, <mime-mappings>, <ojsp-init>, <request-tracker>, <resource-env-ref-mapping>, <resource-ref-mapping>, <security-role-mapping>, <service-ref-mapping>, <servlet-chaining>, <session-tracking>, <virtual-directory>, <web-app>, <web-app-class-loader>
Required? Required; one only
This is the root element for specifying OC4J-specific configuration of a Web application.
Note: Thealways-redeploy , deployment-time , and deployment-version attributes are not supported for direct use, so are not documented, although deployment-time and deployment-version may receive container-generated values for the time of deployment and the OC4J version. Modifying these parameters has no effect. |
Table B-16 <orion-web-app> Attributes
Name | Description |
---|---|
autojoin-session |
Values: Boolean Default: true Specifies whether users should be assigned a session as soon as they log in to the application. |
default-buffer-size |
Values: Non-negative integer (bytes) Default: 2048 Specifies the default size of the output buffer for servlet responses, in bytes. |
default-charset |
Values: String Default: iso-8859-1 In 10.1.3.1 for JSP pages and for the servlet container, this attribute specifies the ISO character set to use by default. In general, for JSP 2.0 users, Oracle instead recommends standard |
default-mime-type |
Values: String Default: No default This specifies a default content type for servlet responses, for situations where the |
development |
Values: Boolean Default: false This attribute is a convenience flag to use during development. If The directory is determined by the setting of the Note that the OC4J JSP container does not take any special action for the |
directory-browsing |
Values: allow|deny Default: deny Specifies whether to allow directory browsing for a URL that ends in "
If If there is a defined welcome file or there is an |
Values: Boolean Default: true A " |
|
file-modification-check-interval |
Values: String (integer, milliseconds) Default: 1000 This attribute determines when to check a static file, such as an HTML file, to see whether its timestamp has changed and it should therefore be reloaded from the file system. When a static file is first accessed, it is loaded from the file system and also cached. For each subsequent access, there is the following logic:
Specify this value in milliseconds. Zero or a negative number specifies that the file timestamp is always checked. For performance reasons, a very large value (" |
Values: String Default: ./persistence (relative to the deployment directory of the application) This attribute specifies the JSP cache directory, which is used as a base directory for output files from the JSP translator. It is also used as a base directory for application-level TLD caching. |
|
Values: on|off|standard Default: standard This flag indicates whether persistent TLD caching is enabled for JSP pages. The " The " The " The " |
|
Values: Boolean Default: true Set this flag to " |
|
Values: String Default: See below If persistent TLD caching is enabled for JSP pages (through the You can specify any combination of absolute directory paths or relative directory paths. Relative paths would be under
Important: Use the |
|
Values: Non-negative integer (seconds) Default: 0 (no timeout) Specifies a period of time after which any JSP page will be removed from memory if it has not been requested. This frees up resources in situations in which some pages are called infrequently. |
|
persistence-path |
Values: String Default: No default (by default, no persistence) Indicates where to store servlet Session objects must be serializable (directly or indirectly implementing the Note: This attribute is ignored if OC4J clustering is enabled. |
schema-major-version |
Values: String Default: No default The major version number of the Note: This attribute does not appear directly in the XSD for |
schema-minor-version |
Values: String Default: No default The minor version number of the Note: This attribute does not appear directly in the XSD for |
servlet-webdir |
Values: String Default: /servlet/ (see note below) Use this attribute, in conjunction with a This feature is typically for use in an OC4J standalone environment during development and testing; it presents a significant security risk and should not be used in a production environment. (For production deployment, use the standard Here is an example of servlet invocation by class name, assuming a context path of " http://www.example.com:8888/servlet/foo.SessionServlet Invocation by class name is disabled by a setting of Note: Any |
Values: Boolean Default: false Set this to " |
|
source-directory |
Values: String Default: /WEB-INF/src (if it exists), or /WEB-INF/classes For situations in which the |
temporary-directory |
Values: String Default: ./temp This is the path to a temporary directory that can be used by servlets and JSP pages for scratch files. The path can be either absolute, or relative to the deployment directory. A servlet may use a temporary directory, for example, to write information to disk as a user is entering data in a form (perhaps for interim or short-term storage before the information is written to a database). The specified directory can then be recalled from the servlet context, where it is available through the attribute File file = (File)application.getAttribute ("javax.servlet.context.tempdir"); A |
Note: Processing related to the |
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
This element specifies a servlet to use as a request tracker. A request tracker is invoked for each separate request sent from a browser to the server, at the time that the corresponding response is committed (immediately before the response is actually sent). Request trackers are useful for logging information, for example.
You must define any request trackers in orion-web.xml
, not global-web-application.xml
, because a <request-tracker>
element points to a servlet defined within the same application. There can be multiple request trackers, each one defined in a separate <request-tracker>
element.
Table B-17 <request-tracker> Attributes
Name | Description |
---|---|
servlet-name |
Values: String Default: n/a (required) Specifies the servlet to invoke. You can specify either the designated servlet name or the class name, according to the corresponding |
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
Use this element to declare a JNDI location for an environment resource. This is in conjunction with a corresponding <resource-env-ref>
element in the web.xml
file, which declares the resource. The <resource-env-ref-mapping>
element name
attribute corresponds to a <resource-env-ref-name>
element in web.xml
, and the location
attribute specifies a JNDI location.
Parent element: <orion-web-app>
Child elements: <lookup-context>
Required? Optional; zero or more
Use this element to declare a JNDI location for an external resource, such as a data source, JMS queue, or mail session. This is in conjunction with a corresponding <resource-ref>
element in the web.xml
file, which declares the resource. The <resource-ref-mapping>
element name
attribute corresponds to a <res-ref-name>
element in web.xml
, and the location
attribute specifies the JNDI location.
Following is an example using this element and its subelements:
<resource-ref-mapping location="jdbc/HyperSonicDS" name="jdbc/myDS"> <lookup-context location="foreign/resource/location"> <context-attribute name="java.naming.factory.initial" value="classname" /> <context-attribute name="name" value="value" /> </lookup-context> </resource-ref-mapping>
Table B-19 <resource-ref-mapping> Attributes
Name | Description |
---|---|
name |
Values: String Default: n/a (required) Specifies the resource name, from name="jdbc/TheDSVar" |
location |
Values: String Default: n/a (required) Specifies a JNDI location from which to look up the resource. For example: location="jdbc/TheDS" |
Parent element: <orion-web-app>
Child elements: <group>, <user>
Required? Optional; zero or more
This element maps a security role to specified users and groups, or to all users. It maps to a security role of the same name specified through a <security-role>
element in the web.xml
file. Use either the impliesAll
attribute or an appropriate combination of subelements—<group>
, <user>
, or both.
See the Oracle Containers for J2EE Enterprise JavaBeans Developer's Guide for additional information about the <security-role-mapping>
element in OC4J configuration files.
Important: OC4J has an automatic security mapping feature. By default, if a security role defined inweb.xml has the same name as an OC4J group defined in system-jazn-data.xml (or other valid user manager), then OC4J maps them. However, this feature is completely disabled if you do any explicit mapping through the <security-role-mapping> element. If you use <security-role-mapping> at all, OC4J assumes that you want explicit mapping only. This is to prevent unintended implicit mappings when a user may intend to declare explicit mappings only. |
Table B-20 <security-role-mapping> Attributes
Name | Description |
---|---|
impliesAll |
Values: Boolean Default: false Specifies whether this mapping applies to all users. |
name |
Values: String Default: n/a (required) Specifies the name of the security role, matching a name specified in a |
Parent element: <orion-web-app>
Child elements: According to its own schema definition
Required? Optional; zero or more
This element is for use in conjunction with a <service-ref>
element that appears in the web.xml
file to declare a Web service. You can use it to specify OC4J-specific quality of service features for the corresponding Web service, such as security, logging, and auditing. See the Oracle Application Server Web Services Developer's Guide for complete information.
Note that as a <service-ref>
element can appear in a web.xml
, ejb-jar.xml
, or application-client.xml
file, a corresponding <service-ref-mapping>
element can appear in an orion-web.xml
, orion-ejb-jar.xml
, or orion-application-client.xml
file. Supported features of the <service-ref-mapping>
element are according to its own XSD, which is imported into the orion-web
, orion-ejb-jar
, and orion-application-client
XSDs.
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
This element specifies a servlet to call when the response of the current servlet is set to a specified MIME type. The specified servlet is called after the current servlet. This is known as servlet chaining, for filtering or transforming certain kinds of output.
Important: Servlet chaining is an older and proprietary mechanism with functionality similar to that of standard servlet filtering, which was introduced in version 2.3 of the servlet specification. Use servlet filtering instead. The OC4J<servlet-chaining> element is deprecated in the current release and will be desupported in the next release. |
Table B-21 <servlet-chaining> Attributes
Name | Description |
---|---|
mime-type |
Values: String Default: n/a (required) Specifies the MIME type to trigger the chaining (for example, |
servlet-name |
Values: String Default: n/a (required) Specifies the servlet to call when the specified MIME type is encountered. The servlet name is tied to a servlet class through its definition in the |
Parent element: <session-tracking>
Child elements: None
Required? Optional; zero or more
This subelement of <session-tracking>
specifies a servlet to use as a session tracker. A session tracker is invoked as soon as a session is created; specifically, at the same time as the invocation of the sessionCreated()
method of the HTTP session listener (an instance of a class implementing the javax.servlet.http.HttpSessionListener
interface). Session trackers are useful for logging information, for example.
You must define any session trackers in orion-web.xml
, not global-web-application.xml
, because a <session-tracker>
element points to a servlet defined within the same application. There can be multiple session trackers, each one defined in a separate <session-tracker>
element.
Table B-22 <session-tracker> Attributes
Name | Description |
---|---|
servlet-name |
Values: String Default: n/a (required) Specifies the servlet to invoke. You can specify either the designated servlet name or the class name, according to the corresponding |
set-secure |
Values: Boolean Default: false Specifies whether all session cookies generated by OC4J for an application will be returned by the client only when the HTTPS protocol is being used. If set-secure=" |
Parent element: <orion-web-app>
Child elements: <session-tracker>
Required? Optional; zero or one
This element specifies the session-tracking settings for this application. Session tracking is accomplished through cookies, assuming a cookie-enabled browser. The servlet to use as the session tracker is specified through the <session-tracker>
subelement.
Table B-23 <session-tracking> Attributes
Name | Description |
---|---|
cookies |
Values: enabled|disabled Default: enabled Specifies whether to send session cookies. The name of a session cookie is |
cookie-domain |
Values: String Default: No default Specifies the desired domain for <session-tracking cookie-domain=".us.oracle.com" /> In this case, the same session cookie is used and reused when the user visits any site that matches the " The domain specification must consist of at least two elements, such as " Here are two scenarios in which cookie domain functionality is useful:
|
cookie-path |
Values: String Default: No default You can use this to optionally specify the URL path value that applies to |
cookie-max-age |
Values: Non-negative integer (seconds) Default: No default This number is sent with |
Parent element: <security-role-mapping>
Child elements: None
Required? Optional; zero or more
Use this subelement of <security-role-mapping>
to specify a user to map to the security role specified in the parent <security-role-mapping>
element.
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or more
This element adds a virtual directory mapping for static content, working in a way that is conceptually similar to symbolic links on a UNIX system, for example. The virtual directory enables you to make the contents of the real document root directory available to the application without physically residing in the Web application WAR file. This would be useful, for example, to link an enterprise-wide error page into multiple WAR files.
Table B-25 <virtual-directory> Attributes
Name | Description |
---|---|
real-path |
Values: String Default: n/a (required) This is a real path, such as |
virtual-path |
Values: String Default: n/a (required) This is a virtual path to map to the specified real path. |
Parent element: <orion-web-app>
Child elements: According to its own schema definition in the servlet specification
Required? Optional; zero or one
This element is used as in the standard web.xml
file. See "Standard web.xml Configuration File" for an overview, or the servlet specification for complete information. You can establish defaults for <web-app>
settings in global-web-application.xml
. In web.xml
, application-specific <web-app>
settings can override the defaults. In orion-web.xml
, deployment-specific <web-app>
settings can override the settings in web.xml
.
Table B-26 <web-app> Attributes
Name | Description |
---|---|
id |
Values: ID Default: |
metadata-complete |
Values: Boolean Default: Specifies whether this deployment descriptor and other related deployment descriptors for this module (such as Web service descriptors) are complete or whether the class files available to this module and packaged with this application should be examined for annotations that specify deployment information. If |
version |
Values: web-app-versionType Default: n/a (required) |
Parent element: <orion-web-app>
Child elements: None
Required? Optional; zero or one
Use this element for class-loading instructions.
Table B-27 <web-app-class-loader> Attributes
Name | Description |
---|---|
search-local-classes-first |
Values: Boolean Default: false Set this to " |
include-war-manifest-class-path |
Values: Boolean Default: true Set this to " |
Notes:
|