Defines access log settings for each http-access-log subelement of each virtual-server.
none
The following table describes attributes for the access-log element.
Table 1–1 access-log Attributes
Attribute |
Default |
Description |
---|---|---|
%client.name% %auth-user-name% %datetime% %request% %status% %response.length% |
(optional) Specifies the format of the access log. For a complete list of token values you can use in the format, see the online help for the Access Log tab of the HTTP Service page in the Administration Console. |
|
time |
(optional) Specifies the condition that triggers log rotation. The only legal value is time, which rotates log files at the rotation-interval-in-minutes interval. |
|
1440 |
(optional) Specifies the time interval between log rotations if rotation-policy is set to time. |
|
yyyy-MM-dd |
(optional) Specifies the format of the timestamp appended to the access log name when log rotation occurs. For supported formats, see http://java.sun.com/javase/6/docs/api/java/text/SimpleDateFormat.html. The following value is supported for backward compatibility. It results in the same format as the default. %YYYY;%MM;%DD;-%hh;h%mm;m%ss;s |
|
true |
(optional) If true, enables log rotation. |
Defines an administered object for a resource adapter.
The following table describes subelements for the admin-object-resource element.
Table 1–2 admin-object-resource Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of this element. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the admin-object-resource element.
Table 1–3 admin-object-resource Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the JNDI name for the resource. |
|
none |
Specifies the fully qualified type of the resource. |
|
none |
Specifies the name of the resource adapter, as specified in the name attribute of a connector application element. |
|
user |
(optional) Defines the type of the resource. Allowed values are:
|
|
enabled |
true |
(optional) Determines whether this resource is enabled at runtime. |
Properties of the admin-object-resource element are the names of setter methods of the class referenced by the adminobject-class element of the ra.xml file. Some of the property names can be specified in the adminobjectType element.
Contains configuration for JMX connectors, the domain admin server (DAS), and related properties.
The following table describes subelements for the admin-service element.
Table 1–4 admin-service Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Configures a JSR 160/255 compliant remote JMX connector, which responds to JConsole port 8686. |
|
only one |
Defines a domain administration server configuration. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the admin-service element.
Table 1–5 admin-service Attributes
Attribute |
Default |
Description |
---|---|---|
das-and-server |
Specifies whether the server instance is a regular instance (server), a domain administration server (das), or a combination (das-and-server). modifying this value is not recommended. |
|
none |
Specifies the name of the internal jmx-connector. |
This element is deprecated. Use an application element instead.
Specifies a deployed application client container (ACC) module.
The following table describes subelements for the appclient-module element.
Table 1–6 appclient-module Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of this element. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the appclient-module element.
Table 1–7 appclient-module Attributes
Attribute |
Default |
Description |
---|---|---|
none |
The name of the ACC module. |
|
none |
A fully qualified or relative path to the directory to which the contents of the client .jar file have been extracted. If relative, it is relative to the following directory: domain-dir/applications/ |
|
false |
(optional) Specifies whether the application has been deployed as a directory. |
|
true |
(optional) Specifies whether Java Web Start access is permitted for this application client. |
Specifies a system application, a Java EE module or application, or an application created using another supported technology such as JRuby.
The application element replaces the web-module, j2ee-application, appclient-module, connector-module, lifecycle-module, extension-module, and ejb-module elements of previous releases, which are converted to application elements during the upgrade process.
system-applications, applications
The following table describes subelements for the application element.
Table 1–8 application Subelements
Element |
Required |
Description |
---|---|---|
one or more |
Specifies a stand-alone module or a component of a Java EE application. |
|
one or more |
Specifies an engine. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the application element.
Table 1–9 application Attributes
Attribute |
Default |
Description |
---|---|---|
none |
The name of the application. |
|
none |
(optional) Specifies a text description of this element. |
|
none |
(optional) The location of the application in the Enterprise Server file system. If a relative path is specified, it is relative to the domain-dir/applications/ directory. Note – Deployment directories may change between Enterprise Server releases. |
|
none |
(optional) Specifies a comma-separated list of absolute or relative paths to libraries specific to this module or application. A relative path is relative to domain-dir/lib/applibs. If the path is absolute, the path must be accessible to the domain administration server (DAS), which means it must be under domain-dir. The libraries are made available to the application in the order in which they are specified. |
|
user |
(optional) Defines the type of the resource. For an application, the only allowed value is user. |
|
enabled |
true |
(optional) Determines whether the application is enabled. |
none |
(optional) The context root at which the application is deployed. The context root can be the empty string or just /. The context root can start with the / character, but doesn’t have to. |
|
false |
(optional) Specifies whether the application has been deployed as a directory. |
The following table describes properties for the application element. These properties are specified during deployment using one of the following:
The -–property or -–properties option of the asadmin deploy command. For more information, see deploy(1).
The properties table on the deployment page for the application or module type in the Administration Console. For more information, see the Administration Console Online Help.
The properties that are valid for a given application depend on the sniffer attribute values of the child or grandchild engine elements.
Table 1–10 application Properties
Property |
Default |
Description |
---|---|---|
true |
Specifies whether Java Web Start access is permitted for an application client module. |
|
s1as |
Specifies the alias for the security certificate with which the application client container JAR file is signed. Java Web Start won't execute code requiring elevated permissions unless it resides in a JAR file signed with a certificate that the user's system trusts. For your convenience, Enterprise Server signs the JAR file automatically using the self-signed certificate from the domain, s1as. Java Web Start then asks the user whether to trust the code and displays the Enterprise Server certificate information. To sign this JAR file with a different certificate, add the certificate to the domain keystore, then use this property. To add a certificate to the domain keystore, see Administering JSSE Certificates in Sun GlassFish Enterprise Server v3 Administration Guide. For example, you can use a certificate from a trusted authority, which avoids the Java Web Start prompt, or from your own company, which users know they can trust. |
|
none |
The fully qualified name of a lifecycle module class file. A lifecycle module class must implement the com.sun.appserv.server.LifecycleListener interface. |
|
value of application-root attribute of domain element |
The classpath for a lifecycle module. Specifies where the module is located. |
|
none |
Determines the order in which lifecycle modules are loaded at startup. Modules with smaller integer values are loaded sooner. Values can range from 101 to the operating system’s MAXINT. Values from 1 to 100 are reserved. |
|
false |
Determines whether the server is shut down if a lifecycle module fails. |
|
false |
If true, specifies that active sessions of the application being redeployed are preserved and then restored when redeployment is complete. If any active session of the application fails to be preserved or restored, none of the sessions are available when the redeployment is complete. However, redeployment continues and a warning is logged. To preserve active sessions, the Enterprise Server serializes the sessions and saves them in memory. To restore the sessions, the class loader of the newly redeployed application deserializes any sessions that were previously saved. |
|
none (no backward compatibility) |
Specifies the Enterprise Server release with which to be backward compatible in terms of JAR visibility requirements for applications. The only allowed value is v2, which refers to GlassFish version 2 or Enterprise Server version 9.1 or 9.1.1. The Java EE 6 platform specification imposes stricter requirements than Java EE 5 did on which JAR files can be visible to various modules within an EAR file. In particular, application clients must not have access to EJB JAR files or other JAR files in the EAR file unless references use the standard Java SE mechanisms (extensions, for example) or the Java EE library-directory mechanism. Setting this property to v2 removes these Java EE 6 restrictions. |
|
as-install/jruby |
Specifies the directory where JRuby itself (not the Enterprise Server JRuby container) is installed. Overrides the jruby-home attribute of jruby-container. |
|
1 |
Specifies the initial number of JRuby runtimes to start. Must be at greater than zero, at least jruby.runtime.min, and jruby.runtime.max or less. Overrides the jruby-runtime attribute of jruby-runtime-pool. |
|
1 |
Specifies the minimum number of JRuby runtimes in the pool. Must be greater than zero, jruby.runtime or less, and jruby.runtime.max or less. Overrides the jruby-runtime-min attribute of jruby-runtime-pool. |
|
1 |
Specifies the maximum number of JRuby runtimes in the pool. Must be greater than zero, at least jruby.runtime.min, and at least jruby.runtime. Overrides the jruby-runtime-max attribute of jruby-runtime-pool. |
|
development |
Specifies the environment in which a JRuby application such as Rails or Merb runs. Allowed values are development, production, or test. |
|
Computed through auto-detection |
Specifies the name of a supported framework or the path to a script that initializes the user's framework. Allowed values corresponding to supported frameworks are rails, merb, or sinatra. Setting this property bypasses the normal, and potentially lengthy, auto-detection process and forces deployment on the specified framework. If the deployed application is not written for the specified framework, errors result. |
|
Computed through auto-detection |
If true, specifies that a framework being started using jruby.applicationType is thread-safe and therefore does not need a pool created for it. This property affects applications started using an auto-detected user-provided startup script. If jruby.applicationType is set and jruby.MTsafe is not set or is set to false, the application starts with a pool of application instances, and each instance of the application is accessed by one thread at a time. This property only affects frameworks being launched where the thread safety cannot be automatically determined. Setting jruby.MTsafe to true does not cause an auto-detected Rails 2.1.x application to be launched in thread-safe mode, nor can it be used to force a thread-safe framework to start in pooled mode. |
References an application or module deployed to the server.
none
The following table describes attributes for the application-ref element.
Table 1–11 application-ref Attributes
Attribute |
Default |
Description |
---|---|---|
enabled |
true |
(optional) Determines whether the application or module is enabled on the server on which it is deployed. |
all virtual servers |
(optional) In a comma-separated list, references id attributes of the virtual-server elements to which the web application is deployed. If you deploy a web application and don't specify any assigned virtual servers, the web application is assigned to all currently defined virtual servers. If you then create additional virtual servers and want to assign existing web applications to them, you must redeploy the web applications. For more information about deployment, see the Sun GlassFish Enterprise Server v3 Application Deployment Guide. |
|
30 |
(optional) Specifies the time it takes this application to reach a quiescent state after having been disabled. |
|
none |
References the name attribute of an application element. |
Contains deployed Java EE applications, Java EE modules, and applications created using other supported technologies.
The following table describes subelements for the applications element.
Table 1–12 applications Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies an application. The application element replaces the web-module, j2ee-application, appclient-module, connector-module, lifecycle-module, extension-module, and ejb-module elements of previous releases, which are converted to application elements during the upgrade process. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
|
zero or more |
Deprecated. Use application instead. |
Specifies an optional plug-in module that implements audit capabilities. Audit modules collect and store information on incoming requests (servlets, EJB components) and outgoing responses.
The following table describes subelements for the audit-module element.
Table 1–13 audit-module Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the audit-module element.
Table 1–14 audit-module Attributes
Attribute |
Default |
Description |
---|---|---|
default |
Specifies the name of this audit module. |
|
com.sun.enterprise.security.Audit |
Specifies the Java class that implements this audit module. |
The following table describes properties for the audit-module element.
Table 1–15 audit-module Properties
Attribute |
Default |
Description |
---|---|---|
false |
If true, causes the loading of the audit module and ensures that it is called by the Enterprise Server’s audit library at audit points. |
Defines a realm for authentication.
Authentication realms require provider-specific properties, which vary depending on what a particular implementation needs.
For more information about how to define realms, see the Sun GlassFish Enterprise Server v3 Administration Guide.
Here is an example of the default file realm:
<auth-realm name="file" classname="com.sun.enterprise.security.auth.realm.file.FileRealm"> <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"/> <property name="jaas-context" value="fileRealm"/> </auth-realm>
Which properties an auth-realm element uses depends on the value of the auth-realm element’s name attribute. The file realm uses file and jaas-context properties. Other realms use different properties.
The following table describes subelements for the auth-realm element.
Table 1–16 auth-realm Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the auth-realm element.
Table 1–17 auth-realm Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the name of this realm. |
|
none |
Specifies the Java class that implements this realm. |
The standard realms provided with Enterprise Server have required and optional properties. A custom realm might have different properties.
The following table describes properties for the auth-realm element.
Table 1–18 auth-realm Properties
Property |
Realms |
Description |
---|---|---|
all |
Specifies the JAAS (Java Authentication and Authorization Service) context. |
|
all |
(optional) If this property is set, its value is taken to be a comma-separated list of group names. All clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers. |
|
file |
Specifies the file that stores user names, passwords, and group names. The default is domain-dir/config/keyfile. |
|
certificate |
If true, specifies that client authentication is required for all applications that use the certificate realm. The default is false. To require client authentication for a specific web application, set the method of authentication in the web.xml file to CLIENT-CERT. |
|
ldap |
Specifies the LDAP URL to your server. |
|
ldap |
Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. |
|
ldap |
(optional) Specifies the search filter to use to find the user. The default is uid=%s (%s expands to the subject name). |
|
ldap |
(optional) Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary. |
|
ldap |
(optional) Specifies the search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN). |
|
ldap |
(optional) Specifies the LDAP attribute name that contains group name entries. The default is CN. |
|
ldap |
(optional) Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search. |
|
ldap |
(optional) Specifies the LDAP password for the DN given in search-bind-dn . |
|
jdbc |
Specifies the jndi-name of the jdbc-resource for the database. |
|
jdbc |
Specifies the name of the user table in the database. |
|
jdbc |
Specifies the name of the user name column in the database's user table. |
|
jdbc |
Specifies the name of the password column in the database's user table. |
|
jdbc |
Specifies the name of the group table in the database. |
|
jdbc |
Specifies the name of the group name column in the database's group table. |
|
jdbc |
(optional) Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional) Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional) Specifies the digest algorithm. The default is MD5. You can use any algorithm supported in the JDK, or none. |
|
jdbc |
(optional) Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default is Hex. If digest-algorithm is not specified, by default no encoding is specified. |
|
jdbc |
(optional) Specifies the charset for the digest algorithm. |