S

principal

one or more 

Contains the principal of the servlet or EJB client. 

user-group

one or more 

Contains the group to which the principal belongs. 

backend-principal

only one 

Specifies the user name and password required by the EIS. 

name

none 

Specifies a name for the security mapping. 

auth-realm

one or more 

Defines a realm for authentication. 

jacc-provider

one or more 

Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization. 

audit-module

zero or more 

Specifies an optional plug-in module that implements audit capabilities. 

message-security-config

zero or more 

Specifies configurations for message security providers. 

identity-assertion-trust

zero or more 

Specifies identity assertion trust domain configuration information. 

property

zero or more 

Specifies a property or a variable. 

default-realm

file

(optional) Specifies the active authentication realm (an auth-realm name attribute) for this server instance.

default-principal

none 

(optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation. 

default-principal-password

none 

(optional) The password of the default principal. This attribute need not be set for normal server operation. 

anonymous-role

attribute is deprecated

(optional) Deprecated. Do not use. 

audit-enabled

false

(optional) If true, additional access logging is performed to provide audit information.

Audit information consists of: 

• Authentication success and failure events

• Servlet and EJB access grants and denials

jacc

default

(optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider.

audit-modules

default

(optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module. 

activate-default-principal-to-role-mapping

false

(optional) Applies a default principal for role mapping to any application that does not have an application-specific mapping defined. Every role is mapped to an instance of a java.security.Principal implementation class defined by mapped-principal-class. This class has the same name as the role.

mapped-principal-class

com.sun.enterprise.deployment.Group

(optional) Customizes the java.security.Principal implementation class used when activate-default-principal-to-role-mapping is set to true.

IdentityValidatorConfiguration

none 

Specifies a comma-separated list of parameter=value pairs that configure the identity authentication module (RFC 4474). Parameters are as follows:

• maxClockSkew — Specifies the maximum difference in milliseconds allowed between the system clocks of the sender and recipient. The default is 0 (zero).

• timestampFreshnessLimit — Specifies the maximum duration of time in milliseconds after which the timestamp becomes stale. The default is 600000 (600 seconds or 10 minutes).

• enableRevocationCheck — If set to true, uses the default revocation checking mechanism of the underlying PKIX service provider. The default is false.

• certificateValidator — Specifies the class name of a custom certificate validator implementation. This class must implement the org.glassfish.comms.api.security.auth.CertificateValidator interface.

PrincipalMapper

none 

Specifies the name of a custom class that converts user names to a format understood by the SIP container. The class must implement the com.sun.enterprise.security.auth.PrincipalMapper interface.

The Communications Server provides a default PrincipalMapper implementation. Each application using P-asserted identity authentication creates its own instance of the PrincipalMapper implementation class.

NonceManager

none 

Specifies the Nonce Manager configuration. Identity authentication and SIP digest authentication modules need the Nonce Manager to cache nonce and call-id values respectively. The syntax for the property's value attribute is as follows:

id=identity-nonce-config,maxNonceAge=millis;id=sip-nonce-config,maxNonceAge=millis

You can specify identity-nonce-config, sip-nonce-config, or both. The maxNonceAge parameter units are milliseconds. The default for the identity-nonce-config maxNonceAge is 3600000 (1 hour). The default for the sip-nonce-config maxNonceAge is 600000 (10 minutes).

application-ref

zero or more 

References an application or module deployed to the server instance. 

resource-ref

zero or more 

References a resource deployed to the server instance. 

system-property

zero or more 

Specifies a system property. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of the server instance. 

config-ref

default config element’s name, server-config

(optional) References the name of the config used by the server instance.

node-agent-ref

node agent created when the server instance was created 

(optional) References the name of the node-agent used by the server instance.

lb-weight

100

(optional) Specifies a server instance's relative weight for load balancing. 

Each server instance in a cluster has a weight, which represents the relative processing capacity of that instance. Weighted load balancing policies use this weight for load balancing requests within the cluster. It is the responsibility of the administrator to set the relative weights correctly, keeping in mind deployed hardware capacity. 

health-checker

zero or one 

Defines a health checker for the referenced server instance. 

ref

none 

References the name attribute of a server element.

disable-timeout-in-minutes

30

(optional) Specifies the time it takes this server instance to reach a quiescent state after having been disabled. 

lb-enabled

false

(optional) If true, all load-balancers that reference this server instance consider it available to them.

enabled

true

(optional) Determines whether the server instance is enabled. 

server

only one (developer profile) 

zero or more (cluster profile) 

Defines a server instance. 

session-manager

zero or one 

Specifies session manager configuration information. 

session-properties

zero or one 

Specifies session properties. 

manager-properties

zero or one 

Specifies session manager properties. 

store-properties

zero or one 

Specifies session persistence (storage) properties. 

property

zero or more 

Specifies a property or a variable. 

timeout-in-seconds

600

(optional) Specifies the default maximum inactive interval (in seconds) for all sessions created in this web or SIP module. If set to 0 or less, sessions in this web or SIP module never expire.

If a session-timeout element is specified in the web.xml or sip.xmlfile, the session-timeout value overrides any timeout-in-seconds value. If neither session-timeout nor timeout-in-seconds is specified, the timeout-in-seconds default is used.

Note that the session-timeout element in web.xml or sip.xmlis specified in minutes, not seconds.

enableCookies

true

Uses cookies for session tracking if set to true.

enableURLRewriting

true

Enables URL rewriting. This provides session tracking via URL rewriting when the browser does not accept cookies. You must also use an encodeURL or encodeRedirectURL call in the servlet or JavaServer Pages^TM (JSP^TM) page.

idLengthBytes

128

Specifies the number of bytes in this web or SIP extension module’s session ID. 

session-config

zero or one 

Specifies session configuration information for the SIP container. 

stack-config

zero or one 

Specifies the configuration of a stack of layers, typically related to protocols such as SIP. 

property

zero or more 

Specifies a property or a variable. 

external-address

determined by SIP container based on network interfaces 

Specifies the address that is externally visible to clients. The clients see the entire cluster. In some cases, when providing addresses to clients, the servers must use this address to make sure the client can call back the load-balanced cluster instead of the individual server instance that provided the callback. 

external-sip-port

SIP port of default sip-listener (developer profile)

Specifies the SIP port that is externally visible to clients for call backs.  

external-sips-port

SIPS port of default sip-listener (developer profile)

Specifies the secure SIP (SIPS) port that is externally visible to clients for call backs. 

timeoutBasedQuarantineTime

0

Specifies the quarantine timeout in seconds for 503 responses. A value of zero disables this timeout. See also the udpStaleConnectionsTimeout property of sip-service.

defaultQuarantineTime

1

Specifies the quarantine timeout in seconds for 408 responses. A value of zero disables this timeout. See also the udpStaleConnectionsTimeout property of sip-service.

olpInserted

true

Always true. Use the enabled attribute of overload-protection-service instead.

CpuOverloadRegulation

false

Deprecated. Use the cpu-overload-protection attribute of overload-protection-service instead.

MemOverloadRegulation

false

Deprecated. Use the memory-overload-protection attribute of overload-protection-service instead.

SampleRate

2

Deprecated. Use the sample-rate attribute of overload-protection-service instead.

NumberOfSamples

5

Deprecated. Use the number-of-samples attribute of overload-protection-service instead.

SrThreshold

90

Deprecated. Use the cpu-sr-threshold attribute of overload-protection-service instead.

IrThreshold

70

Deprecated. Use the cpu-ir-threshold attribute of overload-protection-service instead.

MemIrThreshold

85

Deprecated. Use the mem-ir-threshold attribute of overload-protection-service instead.

HttpThreshold

70

Deprecated. Use the cpu-http-threshold attribute of overload-protection-service instead.

MemHttpThreshold

85

Deprecated. Use the mem-http-threshold attribute of overload-protection-service instead.

MmThreshold

90

Deprecated. Use the cpu-mm-threshold attribute of overload-protection-service instead.

MemMmThreshold

99

Deprecated. Use the mem-mm-threshold attribute of overload-protection-service instead.

property

zero or more 

Specifies a property or a variable. 

availability-enabled

true

(optional) If set to true, and if availability is enabled for the server instance (see availability-service), high-availability features apply to all SIP extension modules deployed to the server instance that do not have availability disabled. All instances in a cluster should have the same availability value to ensure consistent behavior.

persistence-type

memory (availability disabled)

replicated (availability enabled)

(optional) Specifies the session persistence mechanism for SIP extension modules that have availability enabled. Allowed values are memory (no persistence) and replicated (other servers).

persistence-frequency

sip-transaction

(optional) Specifies how often the session state is stored. The default, sip-transaction, is the only allowed value. The session state is stored at the end of each request prior to sending a response back to the client. This provides the best guarantee that the session state is fully updated in case of failure.

persistence-scope

session

(optional) Specifies how much of the session state is stored. The default, session, is the only allowed value. The entire session state is stored every time.

repair-during-failure

false

(optional) Deprecated. If true, specifies that a forward and reverse repair should be performed on an instance that has joined or rejoined the cluster.

uuid-impl-class

none 

Specifies the name of the class that generates session IDs. If this property is not specified, the Communications Server's internal session ID generator is used. 

It is the developer's responsibility to ensure that generated IDs are universally unique even when running on multiple JVMs on multiple machines in a cluster. Failure to ensure this in the algorithm results in nondeterministic behavior and likely corruption of session data. 

connection-alive-timeout-in-seconds

120

(optional) Specifies the number of seconds of inactivity allowed before the connection is closed. 

max-queue-length

50

(optional) Specifies the maximum number of simultaneous write requests or connect requests, or both, that can be waiting to write on a link. 

write-timeout-in-millis

10

(optional) Specifies the timeout in milliseconds for a single write operation. Allowed values are between 1 and 50.

write-timeout-retries

25

(optional) Specifies the number of retries allowed for a single write operation. Allowed values are between 1 and 25.

SipLinkWaitLockTimeout

5000

Specifies the maximum time a thread can wait to get an exclusive lock for a sip link.  

ssl

zero or one 

Defines Secure Socket Layer (SSL) parameters. 

property

zero or more 

Specifies a property or a variable. 

id

none 

The unique listener name. A sip-listener name cannot begin with a number.

address

none 

IP address of the listener. Can be in dotted-pair or IPv6 notation. Can be any (for INADDR_ANY) to listen on all IP addresses. Can be a hostname.

port

5060 (non-TLS)

5061 (TLS)

Port number on which the listener listens. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges.

transport

udp_tcp

(optional) Specifies the type of transport layer protocol. Allowed values are udp_tcp and tls.

enabled

true

(optional) Determines whether the listener is active. If set to false, any attempts to connect to the listener result in a socket exception (java.net.ConnectException).

type

default

Specifies the listener type for machines with multiple IP addresses that have separate internal and external communication. Allowed values are as follows: 

• internal — Used strictly for proxying by the load balancer.

• external — Used only by user agents and not by the load balancer.

• default — Can be used by user agents or the load balancer.

external-sip-address

none 

Specifies the external address for a listener with a type of external.

external-sip-port

none 

Specifies the external port for a listener with a type of external.

DisableTimeout

0

Specifies the number of seconds after a sip-listener is disabled for the listener to complete in-flight transactions. During this timeout period no new requests are accepted.

CloseServerSocketDuringDisable

false

If true, specifies that the server socket (5060) has to be closed during the DisableTimeout period.

sip-link

zero or one 

Configures the SIP connection. Not implemented in this release. 

sip-timers

zero or one 

Configures SIP timers. 

property

zero or more 

Specifies a property or a variable. 

error-response-enabled

false

(optional) If true, responds with a 400 error code to a bad request or drop. If false, sends no error response.

default-tcp-transport

false

(optional) If true, transport=tcp is inserted in the URI of the contact and record-route headers.

Eas503Disabled

false

If false, the request is sent to an alternative server when a 503 Service Unavailable error response is received, according to the RFC standard.

If true, no alternative server is considered, so when a 503 Service Unavailable error response is received, it is returned to the sender of the request.

access-log

zero or one 

Defines access log settings. 

sip-listener

one or more 

Defines a SIP listen socket. 

request-processing

zero or one 

Configures request processing threads. 

keep-alive

zero or one 

Configures keep-alive threads. 

connection-pool

zero or one 

Defines a pool of client HTTP connections. 

sip-protocol

zero or one 

Configures SIP protocol settings. 

property

zero or more 

Specifies a property or a variable. 

smiServletAdapter

none 

Specifies a Java class file that writes SIP Message Inspection messages from the servlet reporter to the server log. This class must implement the org.jvnet.glassfish.comms.admin.reporter.smi.SmiLogMessageAdapter interface. The format of this property's value is as follows:

local-classpath;fully-qualified-class-name

The local classpath and semicolon delimiter are optional. The local classpath can be an additional classpath outside the container classpath or a local file system path to the class that doesn't include package names. 

smiNetworkManagerAdapter

none 

Specifies a Java class file that writes SIP Message Inspection messages from the network manager reporter to the server log. This class must implement the org.jvnet.glassfish.comms.admin.reporter.smi.SmiLogMessageAdapter interface. The format of this property's value is as follows:

local-classpath;fully-qualified-class-name

The local classpath and semicolon delimiter are optional. The local classpath can be an additional classpath outside the container classpath or a local file system path to the class that doesn't include package names. 

udpStaleConnectionsTimeout

0

Specifies the interval in seconds after which UDP connections are removed. A value of zero disables UDP connection removal. See also the defaultQuarantineTime and timeoutBasedQuarantineTime properties of sip-container.

sslHandshakeTimeout

10

Specifies the interval in seconds that the network layer waits to complete a handshake with an SSL client. 

t1-in-millis

500

(optional) Specifies the duration of the SIP timer T1 (round trip time estimate) in milliseconds. For unreliable transports, such as UDP, the client transaction retransmits requests at an interval that starts at T1 seconds and doubles after every retransmission. T1 is an estimate of the round-trip time (RTT). Nearly all of the SIP transaction timers scale with T1, and changing T1 adjusts their values. 

t2-in-millis

4000

(optional) Specifies the duration of the SIP timer T2 (maximum retransmit interval for non-INVITE requests and INVITE responses) in milliseconds. For unreliable transports, requests are retransmitted at an interval which starts at T1 and doubles until it reaches T2. If a provisional response is received, retransmissions continue for unreliable transports, but at an interval of T2. T2 represents the amount of time a non-INVITE server transaction takes to respond to a request if it does not respond immediately. 

t4-in-millis

5000

(optional) Specifies the duration of the SIP timer T4 in milliseconds. T4 represents the amount of time the network takes to clear messages between client and server transactions. 

cert-nickname

s1as

The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional.

ssl2-enabled

false

(optional) Determines whether SSL2 is enabled. 

If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

ssl2-ciphers

none 

(optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3.

ssl3-enabled

true

(optional) Determines whether SSL3 is enabled. The default is true .

If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

ssl3-tls-ciphers

none 

(optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5 . Allowed values are SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_RC4_128_SHA, and SSL_RSA_WITH_NULL_SHA. Values available in previous releases are supported for backward compatibility.

tls-enabled

true

(optional) Determines whether TLS is enabled. 

tls-rollback-enabled

true

(optional) Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. For more information, see theSun GlassFish Communications Server 2.0 Administration Guide.

client-auth-enabled

false

(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.

ssl

only one 

Defines SSL parameters. 

stack-layer

zero or more 

Specifies a layer of a stack. 

property

zero or more 

Specifies a property or a variable. 

layer-order

none 

Specifies a comma-separated list of stack-layer id values indicating the order of the stack layers.

property

zero or more 

Specifies a property or a variable. A property is a JavaBean property injected in the layer class, if a corresponding JavaBean setter exists in the layer class. 

id

none 

Specifies a unique identifier for the stack-layer element.

class-name

none 

Specifies the fully qualified name of the layer class. 

property

zero or more 

Specifies a property or a variable. 

directory

domain-dir/generated/jsp/j2ee-apps/appname/appname_war

(optional) Specifies the absolute or relative pathname of the directory into which individual session files are written. A relative path is relative to the temporary work directory for this web application. Applicable only if the persistence-type attribute of the web-container-availability element is file.

reap-interval-in-seconds

60

(optional) Not implemented. Use the reap-interval-in-seconds attribute of the manager-properties element instead.

description

zero or one 

Contains a text description of this element. 

name

none 

Specifies the name of the system property. 

value

none 

Specifies the value of the system property. 

com.sun.aas.installRoot

depends on operating system 

Specifies the directory where the Communications Server is installed. 

com.sun.aas.instanceRoot

depends on operating system 

Specifies the top level directory for a server instance. 

com.sun.aas.hostName

none 

Specifies the name of the host (machine). 

com.sun.aas.javaRoot

depends on operating system 

Specifies the installation directory for the Java runtime. 

com.sun.aas.imqLib

depends on operating system 

Specifies the library directory for the Sun GlassFish Message Queue software. 

com.sun.aas.configName

server-config

Specifies the name of the config used by a server instance.

com.sun.aas.instanceName

server1

Specifies the name of the server instance. This property is not used in the default configuration, but can be used to customize configuration. 

com.sun.aas.clusterName

cluster1

Specifies the name of the cluster. This property is only set on clustered server instances. This property is not used in the default configuration, but can be used to customize configuration. 

com.sun.aas.domainName

domain1

Specifies the name of the domain. This property is not used in the default configuration, but can be used to customize configuration.