This section describes the elements in the server.xml file in alphabetical order.
The access-log element configures an HTTP access log. This element may appear zero or more times within the server element and zero or more times within the virtual-server element. For more information, see server, and virtual-server.
The access-log element can contain the following subelements:
Table 3–1 List of access-log Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server writes to this access log. The default value is true. | 
| name | 0 or 1 | The name that uniquely identifies the access log. If you specify a name, the server will not automatically log to this access log. Instead, you should explicitly configure this access log in an obj.conf AddLog directive. | 
| file | 1 | The file name of the access log. If a relative path is used, it is relative to the server's config directory. For example, ../logs/access. | 
| format | 0 or 1 | The format of the access log entries. The default format is the CLF (common log file) format. For more information on the access log format, see Appendix C, Using the Custom Log File Format. | 
The access-log-buffer element configures the access log buffering subsystem. This element may appear zero or one time within the server element. For more information, see server.
The access-log-buffer element can contain the following subelements:
Table 3–2 List of access-log-buffer Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server buffers the access log entries. The default value is true. | 
| buffer-size | 0 or 1 | The size (in bytes) of individual access log buffers. The value can be from 4096 to 1048576. | 
| max-buffers | 1 | The maximum number of access log buffers per server. The value can be from 1 to 65536. | 
| max-buffers-per-file | 0 or 1 | The maximum number of access log buffers per access log file. The value can be from 1 to 128. | 
| max-age | 0 or 1 | The maximum time (in seconds) to buffer a given access log entry. The value can be from 0.001 to 3600. | 
The acl-cache element configures the Access Control List (ACL) cache. This element may appear zero or one time within the server element. For more information, see server.
The acl-cache element can contain the following subelements:
Table 3–3 List of acl-cache Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server caches ACLs and information about authenticated users. The default value is true. | 
| max-users | 0 or 1 | The maximum number of users for which the server will cache the authentication information. The value can be from 1 to 1048576. | 
| max-groups-per-user | 0 or 1 | The maximum number of groups per user for which the server will cache the membership information. The value can be from 1 to 1024. | 
| max-age | 0 or 1 | The maximum time (in seconds) required to cache the authentication information. The value can be from 0.001 to 3600. | 
The acl-db element configures the WebDAV Access Control Protocol ACL database. This element may appear zero or one time within the dav element and zero or one time within the dav-collection element. For more information, see dav and dav-collection.
The acl-db element can contain the following subelements:
Table 3–4 List of acl-db Subelements| Element | Occurrences | Description | 
|---|---|---|
| max-entries | 0 or 1 | The maximum number of Access Control Entries (ACE) that can be allowed on a single resource. The value can be from 0 to 2147483647, or -1 for no limit. | 
| max-size | 0 or 1 | The maximum size (in bytes) of memory representation of the WebDAV ACL database for a collection. If the memory limit specified using this subelement is exceeded, the server will not cache the WebDAV ACLs. The value can be from 0 to 2147483647, or -1 for no limit. | 
| update-interval | 0 or 1 | The interval (in seconds) at which the WebDAV ACL databases are synchronized to the disk. The value can be from 0.001 to 3600, or 0 to disable caching of WebDAV ACLs. | 
The acl–file element defines a file that controls access to the server. This element may appear zero or more times within the server element and zero or more times within the virtual-server element. For more information, see server, and virtual-server.
The value of this element is the file name of the ACL file. If a relative path is used, it is relative to the server's config directory. This element does not contain any subelements.
The audit-accesses element determines whether authentication and authorization events are logged. This element may appear zero or one time within the server element. For more information, see server. The default value is false. This element does not contain any subelements.
The auth element configures WebDAV Access Control Protocol authentication. This element may appear zero or one time within the dav element and zero or one time within the dav-collection element. For more information, see dav and dav-collection.
The auth element can contain the following subelements:
Table 3–5 List of auth Subelements| Element | Occurrences | Description | 
|---|---|---|
| auth-db-name | 0 or 1 | The ACL authentication database to use. The value is the name from an auth-db element. The default value is the value of the default-auth-db-name element. For more information, see auth-db. | 
| method | 0 or 1 | The authentication method to use. The value can be basic, digest, or ssl. The default value is basic. | 
| prompt | 0 or 1 | The prompt that is displayed to clients when they request authentication. The default prompt is Sun Java System Web Server WebDAV. | 
The auth-db element configures an ACL authentication database. This element may appear zero or more times within the server element and zero or more times within the virtual-server element. For more information, see server, and virtual-server.
The auth-db element can contain the following subelements:
Table 3–6 List of auth-db Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the ACL authentication database is enabled at runtime. The default value is true. | 
| name | 1 | The name that uniquely identifies the ACL authentication database for use in ACL files. | 
| url | 1 | The URL of the ACL authentication database. The type of ACL authentication database is specified in the URL scheme. For example, ldap://ds.example.com/dc=example,dc=com configures a LDAP directory server as an ACL authentication database. | 
| auth-expiring-url | 0 or 1 | The URL to which the server redirects the client if the supplied password is about to expire. | 
| property | 0 or more | Configures the ACL authentication database properties. For more details, see property. | 
| description | 0 or 1 | The description of the ACL authentication database. The value is in text format. | 
The auth-realm element configures a Servlet container authentication realm, which is used to authenticate access to web applications. This element may appear zero or more times within the server element. For more information, see server.
The auth-realm element can contain the following subelements:
Table 3–7 List of auth-realm Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name that uniquely identifies the Servlet container authentication realm. | 
| type | 0 or 1 | The type of a built-in authentication realm. Only applicable when class is omitted. The value can be file, ldap, pam, certificate, or native. | 
| class | 0 or 1 | The class that implements a Servlet container authentication realm. Only applicable when type is omitted. The value is a class name. | 
| property | 0 or more | The Servlet container authentication realm properties. For more details, see property. | 
The cgi element configures the CGI execution subsystem. This element may appear zero or one time within the server element. For more information, see server.
The cgi element can contain the following subelements:
Table 3–8 List of cgi Subelements| Element | Occurrences | Description | 
|---|---|---|
| timeout | 0 or 1 | The timeout (in seconds) after which the server will terminate a CGI program. The value can be from 0.001 to 3600, or -1 for no timeout. | 
| idle-timeout | 0 or 1 | The timeout (in seconds) after which the server will terminate a nonresponsive CGI program. The value can be from 0.001 to 3600. | 
| cgistub-path | 0 or 1 | The path to the Cgistub binary. If a relative path is used, it is relative to the server's config directory. | 
| cgistub-idle-timeout | 0 or 1 | The timeout (in seconds) after which an unused Cgistub process will be terminated. The value can be from 0.001 to 3600. | 
| min-cgistubs | 0 or 1 | The minimum number of Cgistub processes the server keeps on hand, waiting to run the CGI programs. The value can be from 0 to 4096. | 
| max-cgistubs | 0 or 1 | The maximum number of Cgistub processes the server keeps on hand, waiting to run the CGI programs. The value can be from 1 to 4096. | 
| env-variable | 0 or more | Configures the CGI program environment variables. For more details, see env-variable. | 
The cluster element defines the cluster to which the server belongs. This element may appear zero or one time within the server element. For more information, see server.
The cluster element can contain the following subelements:
Table 3–9 List of cluster Subelements| Element | Occurrences | Description | 
|---|---|---|
| local-host | 1 | Defines the network address of an instance. The value is the host value from an instance element. For more details, see instance. | 
| instance | 1 or more | Defines a member of the server cluster. For more details, see instance. | 
| session-replication | 0 or 1 | Configures the Servlet session replication for the server cluster. For more details, see session-replication. | 
The connection-creation-property element configures the properties that are set when a JDBC connection (java.sql.Connection) is created. This element may appear zero or more times within the jdbc-resource element. For more information, see jdbc-resource.
The connection-creation-property element can contain the following subelements:
Table 3–10 List of connection-creation-property Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name of the property | 
| value | 1 | The value of the property | 
| description | 0 or 1 | The description of the property | 
The connection-lease-property element configures the properties that are set each time a JDBC connection (java.sql.Connection) is leased to an application. This element may appear zero or more times within the jdbc-resource element. For more information, see jdbc-resource.
The connection-lease-property element can contain the following subelements:
Table 3–11 List of connection-lease-property Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name of the property | 
| value | 1 | The value of the property | 
| description | 0 or 1 | The description of the property | 
The convert element determines the type of documents that are converted prior to indexing. This element may appear zero or one time within the search-collection element. Documents with the pdf file extension are always converted to HTML prior to indexing. For more information, see search-collection.
The convert element can contain the following subelements:
Table 3–12 List of convert Subelements| Element | Occurrences | Description | 
|---|---|---|
| extension | 0 or more | The file extension of a document type that should be converted to HTML. | 
The custom-resource element configures a resource implemented by a custom Java class. This element may appear zero or more times within the server element. For more information, see server.
The custom-resource element can contain the following subelements:
Table 3–13 List of custom-resource Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the custom resource is enabled at runtime. The default value is true. | 
| jndi-name | 1 | The JNDI name of the custom resource. | 
| res-type | 1 | The type of custom resource. The value is a class name. | 
| factory-class | 1 | The class that instantiates a naming context which is used to look up the external resource. The value is a name of a class that implements javax.naming.spi.ObjectFactory. | 
| property | 0 or more | Configures the optional resource-specific properties. For more details, see property. | 
| description | 0 or 1 | The description of the custom resource. The value of this element is in text format. | 
The dav element configures WebDAV. This element may appear zero or one time within the server element. For more information, see server.
The dav element can contain the following subelements:
Table 3–14 List of dav Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether WebDAV is enabled at runtime. The default value is true. | 
| default-owner | 0 or 1 | Defines the name of the default owner of the resource. | 
| min-lock-timeout | 0 or 1 | The minimum expiration time (in seconds) for WebDAV locks. The value can be from 0.001 to 3600, or 0 for no limit. | 
| max-xml-request-body-size | 0 or 1 | The maximum size (in bytes) allowed for WebDAV XML request bodies. The value can be from 0 to 2147483647, or -1 for no limit. | 
| max-propfind-depth | 0 or 1 | The maximum depth of PROPFIND requests sent to collections. The value can be 0, 1, or infinity. | 
| max-expand-property-depth | 0 or 1 | The maximum depth allowed for WebDAV expand-property REPORT responses. The value can be from 0 to 100. | 
| max-report-response-elements | 0 or 1 | The maximum number of response elements a REPORT response body can have. The value can be from 0 to 2147483647. The default value is 1000. | 
| auth | 0 or 1 | Configures the WebDAV Access Control Protocol authentication. For more details, see auth. | 
| acl-db | 0 or 1 | Configures the WebDAV Access Control Protocol ACL database. For more details, see acl-db. | 
| lock-db | 0 or 1 | Configures the WebDAV lock database. For more details, see lock-db. | 
| property-db | 0 or 1 | Configures the WebDAV property database. For more details, see property-db. | 
The dav-collection element configures a WebDAV collection. This element may appear zero or more times within the virtual-server element. For more information, see virtual-server.
The dav-collection element can contain the following subelements:
Table 3–15 List of dav–collection Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether WebDAV is enabled at runtime. The default value is true. | 
| default-owner | 0 or 1 | The name of the default owner of the resource. | 
| uri | 1 | The existing root URI on which the WebDAV should be enabled. | 
| source-uri | 0 or 1 | The URI which the WebDAV clients can use to access the source code of content. | 
| min-lock-timeout | 0 or 1 | The minimum expiration time (in seconds) for WebDAV locks. The value can be from 0.001 to 3600, or –1 for no limit. | 
| max-xml-request-body-size | 0 or 1 | The maximum size (in bytes) allowed for WebDAV XML request bodies. The value can be from 0 to 2147483647, or -1 for no limit. | 
| max-propfind-depth | 0 or 1 | The maximum depth of PROPFIND requests sent to collections. The value can be 0, 1, or infinity. | 
| max-expand-property-depth | 0 or 1 | The maximum depth allowed for WebDAV expand-property REPORT responses. The value can be from 0 to 100. | 
| max-report-response-elements | 0 or 1 | The maximum number of response elements a REPORT response body can have. The value can be from 0 to 2147483647. The default value is 1000. | 
| auth | 0 or 1 | Configures the WebDAV Access Control Protocol authentication. For more details, see auth. | 
| acl-db | 0 or 1 | Configures the WebDAV Access Control Protocol ACL database. For more details, see acl-db. | 
| lock-db | 0 or 1 | Configures the WebDAV lock database. For more details, see lock-db. | 
| property-db | 0 or 1 | Configures the WebDAV property database. For more details, see property-db. | 
| description | 0 or 1 | The description of the WebDAV collection. | 
The default-auth-db-name element specifies the name of the default ACL authentication database. This element may appear zero or one time within the server element. For more information, see server. This element does not contain any subelements.
The default-auth-realm-name element specifies the name of the default Servlet container authentication realm. This element may appear zero or one time within the server element. For more information, see server. This element does not contain any subelements.
The default-soap-auth-provider-name element specifies the name of the default Simple Object Access Protocol (SOAP) message-level authentication provider. This element may appear zero or one time within the server element. For more information, see server. This element does not contain any subelements.
The display-name element specifies a human-readable name for the collection to be used while displaying the collection to the end user. This element does not contain any subelements.
The dns element configures how the server uses the domain name system (DNS). This element may appear zero or one time within the server element. For more information, see server.
The dns element can contain the following subelements:
Table 3–16 List of dns Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server does DNS lookups. The default value is false. | 
| async | 0 or 1 | Determines whether the server uses its own asynchronous DNS resolver instead of the operating system's synchronous resolver. The default value is true. | 
| timeout | 0 or 1 | The timeout (in seconds) for asynchronous DNS lookups. The value can be from 0.001 to 3600. | 
The dns-cache element configures the DNS cache. This element may appear zero or one time within the server element. For more information, see server.
The dns-cache element can contain the following subelements:
Table 3–17 List of dns-cache Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server caches DNS lookup results. The default value is true. | 
| max-age | 0 or 1 | The maximum amount of time (in seconds) to cache a DNS lookup result. The value can be from 1 to 31536000. | 
| max-entries | 0 or 1 | The maximum number of DNS lookup results to cache. The value can be from 32 to 32768. | 
The env-variable element defines an environment variable. This element may appear zero or one time within the cgi element. For more information, see cgi.
The env-variable element can contain the following subelements:
Table 3–18 List of env-variable Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name of the environment variable | 
| value | 1 | The value of the environment variable | 
| description | 0 or 1 | The description of the environment variable | 
The event element configures a recurring event. This element may appear zero or more times within the server element. For more information, see server.
The event element can contain the following subelements:
Table 3–19 List of event Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the event is enabled at runtime. The default value is true. | 
| time | 0 or more | Configures a specific time when the event occurs. For more details, see time. | 
| interval | 0 or 1 | The interval (in seconds) at which the event occurs. The value can be from 60 to 86400. | 
| rotate-log | 0 or 1 | Rotates the log files. The default value is false. | 
| rotate-access-log | 0 or 1 | Rotates the access log files. The default value is false. | 
| command | 0 or more | The command to execute when the event runs. | 
| reconfig | 0 or 1 | Dynamically reconfigures the server. The default value is false. | 
| restart | 0 or 1 | Restarts the server. The default value is false. | 
| description | 0 or 1 | The description of the event. The value of this element is in text format. | 
The external-jndi-resource element configures a resource provided by an external JNDI repository. This element may appear zero or more times within the server element. For more information, see server.
The external-jndi-resource element can contain the following subelements:
Table 3–20 List of external-jndi-resource Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the event is enabled at runtime. The default value is true. | 
| jndi-name | 1 | The JNDI name of the resource. | 
| jndi-lookup-name | 1 | The JNDI lookup name of the resource. | 
| res-type | 1 | The type of the external JNDI resource. The default value is a class name. | 
| factory-class | 1 | The class that instantiates resources of this type. The default value is a class name that implements javax.naming.spi.InitialContextFactory. | 
| property | 0 or more | Configures the optional resource-specific properties. For more details, see property. | 
| description | 0 or 1 | The description of the resource. The value of this element should be in text format. | 
The file-cache element configures the file cache. This element may appear zero or one time within the server element. For more information, see server.
The file-cache element can contain the following subelements:
Table 3–21 List of file-cache Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server cache is enabled. The default value is true. Whether file content is cached in addition to meta information is controlled by the cache-content subelement. | 
| max-age | 0 or 1 | The maximum amount of time (in seconds) to cache file content and meta information. The value can be from –1 to3600. The value -1 indicates that the file cache entries do not expire. | 
| max-entries | 0 or 1 | The maximum number of paths to cache content and/or meta information. The value can be from 1 to 1048576. | 
| max-open-files | 0 or 1 | The maximum number of file descriptors the file cache will keep open. The value can be from 1 to 1048576. | 
| sendfile | 0 or 1 | Determines whether the server will attempt to use the operating system's sendfile, sendfilev, send_file, or TransmitFile system call. The default value is true on Windows and false on other platforms. | 
| copy-files | 0 or 1 | Determines whether the server copies cached files to a temporary directory. The default value is true on Windows and false on other platforms. | 
| copy-path | 0 or 1 | The temporary directory that is used when copy-files is true. If a relative path is used, it is relative to the server's config directory. | 
| replacement | 0 or 1 | The cache entry replacement algorithm. The value can be false, lru, or lfu. | 
| cache-content | 0 or 1 | Determines whether the server caches file content in addition to the meta information. The default value is true. | 
| max-heap-file-size | 0 or 1 | The maximum size (in bytes) of files to cache on the heap. The value can be from 0 to 2147483647. | 
| max-heap-space | 0 or 1 | The maximum amount (in bytes) of heap to use for caching files. The value can be from 0 to 9223372036854775807. | 
| max-mmap-file-size | 0 or 1 | The maximum size (in bytes) of files to mmap. The value can be from 0 to 2147483647. | 
| max-mmap-space | 0 or 1 | The maximum amount (in bytes) of mmap address space to use for caching files. The value can be from 0 to 9223372036854775807. | 
The http element configures miscellaneous HTTP protocol options. This element may appear zero or one time within the server element. For more information, see server.
The http element can contain the following subelements:
Table 3–22 List of http Subelements| Element | Occurrences | Description | 
|---|---|---|
| version | 0 or 1 | The highest HTTP protocol version the server supports. The default HTTP version string is HTTP/1.1. | 
| server-header | 0 or 1 | The server header information, such as the name of the server software and version. The default server header is Sun-Java-System-Web-Server/7.0. | 
| request-header-buffer-size | 0 or 1 | The size (in bytes) of the buffer used to read HTTP request headers. The value can be from 0 to 2147483647. | 
| strict-request-headers | 0 or 1 | Determines whether the server rejects certain malformed HTTP request headers. The default value is false. | 
| max-request-headers | 0 or 1 | The maximum number of header fields to allow in an HTTP request header. The value can be from 1 to 512. | 
| output-buffer-size | 0 or 1 | The size (in bytes) of buffer used to buffer HTTP responses. The value can be from 0 to 2147483647. | 
| max-unchunk-size | 0 or 1 | The maximum size (in bytes) of a chunked HTTP request body that the server will unchunk. The value can be from 0 to 2147483647. | 
| unchunk-timeout | 0 or 1 | The maximum time (in seconds) that the server waits for a chunked HTTP request body to arrive. The value can be from 0 to 3600, or -1 for no timeout. | 
| io-timeout | 0 or 1 | The maximum time (in seconds) that the server waits for an individual packet. The value can be from 0 to 3600, or -1 for no timeout. | 
| request-header-timeout | 0 or 1 | The maximum time (in seconds) that the server waits for a complete HTTP request header. The value can be from 0 to 604800, or -1 for no timeout. | 
| request-body-timeout | 0 or 1 | The maximum time (in seconds) that the server waits for a complete HTTP request body. The value can be from 0 to 604800, or -1 for no timeout. | 
| favicon | 0 or 1 | Determines whether the server replies to requests for favicon.ico with its own built-in icon file. The default value is true. | 
| etag | 0 or 1 | Controls whether the server includes an Etag header field in its responses. The default value is true. | 
The http-listener element configures an HTTP listener. This element may appear zero or more times within the server element. For more information, see server.
The http-listener element can contain the following subelements:
Table 3–23 List of http-listener Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the HTTP listener is enabled at runtime. The default value is true. | 
| name | 1 | The name that uniquely identifies the HTTP listener. | 
| ip | 0 or 1 | The IP address on which to listen. The value of this element is a specific IP address, or * to listen on all IP addresses. | 
| port | 1 | The port on which to listen. The value of this element is the port number. | 
| acceptor-threads | 0 or 1 | The number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128. | 
| server-name | 1 | The default server name. The value can include a scheme prefix (for example, http://) and port suffix (for example, :80). | 
| blocking-io | 0 or 1 | Determines whether the server uses blocking IO. The default value is false. | 
| family | 0 or 1 | The name of the protocol family. | 
| handle-protocol-mismatch | 0 or 1 | Controls the server's response to SSL or non-SSL protocol mismatches in client requests. A mismatch occurs when a client uses SSL to send a request to a non-SSL listener, or when a client sends a request to an SSL listener without using SSL. The default is true, which means that the server attempts to detect SSL or non-SSL protocol mismatches and sends an HTTP redirect or SSL alert when a mismatch is detected. | 
| listen-queue-size | 0 or 1 | The maximum size (in bytes) of the operating system listen queue backlog. The value of this element can be from 1 to 65535. | 
| receive-buffer-size | 0 or 1 | The size (in bytes) of the operating system socket receive buffer. The value of this element can be from 1 to 1048576. | 
| send-buffer-size | 0 or 1 | The size (in bytes) of the operating system socket send buffer. The value of this element can be from 1 to 1048576. | 
| default-virtual-server-name | 1 | The name of the virtual server that processes requests that do not match a host. The value of this element is the name value from a virtual-server element. For more details, see virtual-server. | 
| ssl | 0 or 1 | Configures SSL/TLS. For more details, see ssl. | 
| description | 0 or 1 | The description of the HTTP listener. The value of this element should be in a text format. | 
The include element configures the document types that should be indexed. This element may appear zero or one time within the search-collection element. For more information, see search-collection.
If the include element is not present, only documents matching the *.html, *.htm, *.txt, *.pdf, patterns are indexed. Documents with the jar, sxc, sxg, sxi, sxm, sxw, war, and zip file extensions are never indexed.
The include element can contain the following subelement:
Table 3–24 List of include Subelements| Element | Occurrences | Description | 
|---|---|---|
| pattern | 0 or more | Specifies the wildcard pattern of files to be indexed | 
The index element configures the document fields that are indexed for searching. This element may appear zero or one time within the search-collection element. For more information, see search-collection.
The index element can contain the following subelement:
Table 3–25 List of index subelement| Element | Occurrences | Description | 
|---|---|---|
| meta-tag | 0 or more | The name of the HTML meta tag that should be indexed | 
The instance element defines a member of a server cluster. This element may appear one or more times within the cluster element. For more information, see cluster.
The instance element can contain the following subelements:
Table 3–26 List of instance Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the instance is enabled at runtime. The default value is true. | 
| host | 1 | The network address of the instance. The value is the host name or the IP address. | 
| session-replication | 0 or 1 | Configures the Servlet session replication for the instance. For more details, see session-replication. | 
The jdbc-resource element configures a Java Database Connectivity (JDBC) resource. This element may appear zero or more times within the server element. For more information, see server.
The jdbc-resource element can contain the following subelements:
Table 3–27 List of jdbc-resource Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the resource is enabled at runtime. The default value is true. | 
| jndi-name | 1 | The JNDI name of the resource. | 
| datasource-class | 1 | The JDBC driver class. The value is a name of the class that implements java.sql.DataSource and java.sql.XADataSource. | 
| min-connections | 1 | The minimum number of concurrent connections to maintain to the database server. The value can be from 1 to 4096. | 
| max-connections | 1 | The maximum number of concurrent connections to maintain to the database server. The value can be from 1 to 4096. | 
| idle-timeout | 1 | The timeout (in seconds) after which an idle connection to the database server will be closed. The value can be from 0 to 3600, or -1 for no timeout. | 
| wait-timeout | 1 | The timeout (in seconds) after which a caller waiting for an available connection to the database server will receive an error. The value can be from 0.001 to 3600, or -1 for no timeout. | 
| isolation-level | 0 or 1 | Specifies the transaction isolation level. The value can be read-uncommitted, read-committed, repeatable-read, or serializable. | 
| isolation-level-guaranteed | 0 or 1 | Determines whether the server sets the isolation level each time a connection is leased to an application. The default value is false. | 
| connection-validation | 0 or 1 | Specifies how the server validates a connection before leasing it to an application. The value can be false, auto-commit, meta-data, or table. | 
| connection-validation-table-name | 0 or 1 | The name of the table used when connection-validation is table. The value is the database table name. | 
| fail-all-connections | 0 or 1 | Determines whether all connections are immediately closed and reestablished when there is an error validating an individual connection. The default value is false. | 
| property | 0 or more | Configures the JDBC driver (java.sql.DataSource and java.sql.XADataSource) properties. For more details, see property. | 
| connection-creation-property | 0 or more | Configures the JDBC connection (java.sql.Connection) properties, when a new connection is created. For more details, see connection-creation-property. | 
| connection-lease-property | 0 or more | Configures the JDBC connection (java.sql.Connection) properties each time a connection is leased to an application. For more details, see connection-lease-property. | 
| description | 0 or 1 | The description of the resource. | 
The jvm element configures the Java Virtual Machine (JVM). This element may appear zero or one time within the server element. For more information, see server.
The jvm element can contain the following subelements:
Table 3–28 List of jvm Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server creates a JVM. The default value is true. | 
| java-home | 1 | The location of the JDK. If relative path is used, it is relative to the server's config directory. | 
| class-path-prefix | 0 or 1 | The prefix for the system classpath. Because this classpath takes precedence over the server classpath, changing it can prevent the server from working properly. To add classes to the system classpath, use the class-path-suffix element instead. | 
| server-class-path | 0 or 1 | The classpath containing server classes. Changing this classpath can prevent the server from working properly. To add classes to the system class path, use the class-path-suffix element instead. | 
| class-path-suffix | 0 or 1 | The suffix for the system classpath. | 
| env-class-path-ignored | 0 or 1 | Determines whether the server ignores the CLASSPATH environment variable. The default value is true. | 
| native-library-path-prefix | 0 or 1 | The prefix for the operating system native library path. | 
| sticky-attach | 0 or 1 | Determines whether the server attaches each HTTP request processing thread to the JVM only once or attaches and detaches on each request. The default value is true. | 
| debug | 0 or 1 | Determines whether JVM is started in debug mode, ready for attachment with a Java Platform Debugger Architecture (JPDA) debugger. The default value is false. | 
| debug-jvm-options | 0 or more | Defines the JPDA options. For more details, see http://java.sun.com/products/jpda/doc/conninv.html#Invocation | 
| jvm-options | 0 or more | Defines the server-wide JVM options. For more details, see http://java.sun.com/docs/hotspot/VMOptions.html | 
| bytecode-preprocessor-class | 0 or more | The name of the bytecode preprocessor class. The value is a name of a class that implements com.sun.appserv.BytecodePreprocessor. | 
| profiler | 0 or 1 | Configures a Java profiler. For more details, see profiler. | 
The keep-alive element configures the HTTP keep-alive subsystem. This element may appear zero or one time within the server element. For more information, see server.
The keep-alive element can contain the following subelements:
Table 3–29 List of keep-alive Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the keep-alive subsystem is enabled at runtime. The default value is true. | 
| threads | 0 or 1 | The number of keep-alive subsystem threads. The value can be from 1 to 128. The default value is 1. | 
| max-connections | 0 or 1 | The maximum number of concurrent keep-alive connections that the server supports. The value can be from 1 to 1048576. The default value is 200. | 
| timeout | 0 or 1 | The timeout (in seconds) after which an inactive keep-alive connection can be closed. The value can be from 0.001 to 3600. The default value is 30 seconds. | 
| poll-interval | 0 or 1 | The interval (in seconds) between polls. The value can be from 0.001 to 1. The default value is .001. | 
The lifecycle-module element configures a Java server lifecycle module, a user-defined class that implements com.sun.appserv.server.LifecycleListener. This element may appear zero or more times within the server element. For more information, see server.
The lifecycle-module element can contain the following subelements:
Table 3–30 List of lifecycle-modules Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the lifecycle module is enabled at runtime. The default value is true. | 
| name | 1 | The name that uniquely identifies the lifecycle module. | 
| class | 1 | The class that implements the lifecycle module. The value is the name of a class that implements com.sun.appserv.server.LifecycleListener. | 
| load-order | 0 or 1 | The order in which the lifecycle module is loaded. It is recommended that you choose a load-order value that is greater than or equal to 100 to avoid conflicts with internal lifecycle modules. The value can be from 0 to 2147483647. Values from 0 to 99 are reserved for internal use. | 
| is-failure-fatal | 0 or 1 | Determines whether the server should treat exceptions thrown during lifecycle module initialization as fatal. The default value is true. | 
| class-path | 0 or 1 | The classpath for the lifecycle module. | 
| property | 0 or more | Configures optional lifecycle-module-specific properties. For more details, see property. | 
| description | 0 or 1 | The description of the resource. | 
The localization element configures how the server chooses the language in which it presents information to the client. This element may appear zero or one time within the server element, and zero or one time within the virtual-server element. For more information, see server, and virtual-server.
The localization element can contain the following subelements:
Table 3–31 List of localization Subelements| Element | Occurrences | Description | 
|---|---|---|
| default-language | 0 or 1 | The default language in which the messages and content are displayed. The value is a language tag. | 
| negotiate-client-language | 0 or 1 | Determines whether the server attempts to use the Accept-language HTTP header to negotiate the content language with clients. The default value is false. | 
The lock-db element configures the WebDAV lock database. This element may appear zero or one time within the dav element, and zero or one time within the dav-collection element. For more information, see dav and dav-collection.
The lock-db element can contain the following subelements:
Table 3–32 List of lock-db Subelements| Element | Occurrences | Description | 
|---|---|---|
| path | 0 or 1 | The path of the WebDAV lock database. If a relative path is used, it is relative to the server's config directory. | 
| update-interval | 0 or 1 | The interval (in seconds) at which WebDAV lock databases are synchronized to disk. The value can be from 0.001 to 3600, or 0 to disable caching of WebDAV lock information. | 
The log element configures the logging subsystem. This element may appear zero or one time within the server element. For more information, see server.
The log element can contain the following subelements:
Table 3–33 List of log Subelements| Element | Occurrences | Description | 
|---|---|---|
| log-stdout | 0 or 1 | Determines whether the server logs data that applications write to stdout. The default value is true. | 
| log-stderr | 0 or 1 | Determines whether the server logs data that applications write to stderr. The default value is true. | 
| log-virtual-server-name | 0 or 1 | Determines whether the server includes the virtual server name in log messages. The default value is false. | 
| create-console | 0 or 1 | Determines whether the server creates a console window (Windows only). The default value is false. | 
| log-to-console | 0 or 1 | Determines whether the server writes log messages to the console. The default value is true. | 
| log-to-syslog | 0 or 1 | Determines whether the server writes log messages to syslog (UNIX only ) or Event Viewer (Windows only). The default value is false. | 
| date-format | 0 or 1 | The date format for log message timestamps. The default value is %d/%b/%Y:%H:%M:%S. For more information, see Appendix D, Using Time Formats. | 
| archive-suffix | 0 or 1 | The suffix appended to rotated log file names. The default value is %Y%m%d%H%M. | 
| archive-command | 0 or 1 | The command executed after the server rotates a log file. The program is passed the post-rotation file name of the log file as an argument. The value is a program command line. For example, <archive-command>gzip</archive-command> or <archive-command>"c:\Program Files\Perl\perl.exe" archive.pl</archive-command> | 
| log-level | 0 or 1 | The log verbosity for the server. The value can be finest (most verbose), finer, fine, info, warning, failure, config, security, or catastrophe (least verbose). | 
| log-file | 0 or 1 | Defines the log file for the server. The value is the file name of the log file, for example, ../logs/errors. If a relative path is used, it is relative to the server's config directory. | 
The mail-resource element configures a mail store resource. This element may appear zero or more times within the server element. For more information, see server.
The mail-resource element can contain the following subelements:
Table 3–34 List of mail-resource Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the mail resource is enabled at runtime. The default value is true. | 
| jndi-name | 1 | The JNDI name of the resource. | 
| description | 0 or 1 | The description of the resource | 
| property | 0 or more | Configures optional mail-resource-specific properties. The properties are the standard JavaMailTM properties For more details, see the JavaMail API Specification at http://java.sun.com/products/javamail/JavaMail-1.2.pdf, and property. | 
| store-protocol | 0 or 1 | The protocol used to retrieve messages. | 
| store-protocol-class | 0 or 1 | The storage service provider implementation for store-protocol. The value is a name of a class that implements store-protocol. The default value is com.sun.mail.imap.IMAPStore. | 
| transport-protocol | 0 or 1 | The protocol used to send messages. | 
| transport-protocol-class | 0 or 1 | The transport service provider implementation for transport-protocol. The value is a name of a class that implements transport-protocol. The default value is com.sun.mail.smtp.SMTPTransport. | 
| host | 1 | The mail server host name. | 
| user | 1 | The mail server username. | 
| from | 1 | The email address from which the server sends email. | 
| description | 0 or 1 | The description of the mail resource. | 
The mime-file element defines a file that configures the MIME type mappings for the server. This element may appear zero or more times within the server element and zero or more times within the virtual-server element. For more information, see server, and virtual-server.
The value of this element is the file name of a MIME types file. If a relative path is used, it is relative to the server's config directory. This element does not contain any subelements.
For more information, see Chapter 8, MIME Types.
The pkcs11 element configures the PKCS #11 subsystem. This element may appear zero or one time within the server element. For more information, see server.
The pkcs11 element can contain the following subelements:
Table 3–35 List of pkcs11 Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server initializes PKCS #11 tokens, prompting for Personal Identification Numbers (PINs) as necessary. The default value is true if SSL is enabled and false if SSL is not enabled. | 
| crl-path | 0 or 1 | The directory that contains dynamically updated CRL files. The value is the name of the directory. If a relative path is used, it is relative to the server's config directory. | 
| token | 0 or more | Configures a PKCS #11 token. For more details, see token. | 
The profiler element configures a JVM profiler. This element may appear zero or one time within the jvm element. For more information, see jvm.
The profiler element can contain the following subelements:
Table 3–36 List of profiler Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the profiler is enabled at runtime. The default value is true. | 
| class-path | 0 or 1 | The classpath for the profiler. | 
| native-library-path | 0 or 1 | The native library path for the profiler. The value is the operating system library path. | 
| jvm-options | 0 or more | 
The property element defines a name-value pair. The effect of defining a property name-value pair depends on the context in which the property element appears as described below:
Properties defined at the auth-db level configure ACL authentication databases. For more information, see auth-db.
Properties defined at the soap-auth-provider level configure SOAP message-level authentication providers. For more information, see soap-auth-provider.
Properties defined at the auth-realm level configure Servlet container authentication realms. For more information, see auth-realm.
Properties defined at the jdbc-resource level configure JDBC drivers. For more information, see jdbc-resource.
Properties defined at the custom-resource and external-jndi-resource levels configure JNDI resources. For more information, see custom-resource and external-jndi-resource.
Properties defined at the mail-resource level configure standard Java mail properties. For more information, see mail-resource.
The property element can contain the following subelements:
Table 3–37 List of property Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name of the property. | 
| value | 1 | The value of the property. | 
| encoded | 0 or 1 | Determines whether the property value has been encoded using the uunencode algorithm. The default value is false. | 
| description | 0 or 1 | The description of the property. | 
The property-db element configures the WebDAV property database. This element may appear zero or one time within the dav element and zero or one time within the dav-collection element. For more information, see dav, and dav-collection.
The property-db element can contain the following subelements:
Table 3–38 List of property-db Subelements| Element | Occurrences | Description | 
|---|---|---|
| max-size | 0 or 1 | The maximum size (in bytes) of WebDAV property database files. The value can be from 0 to 2147483647, or -1 for no limit. | 
| update-interval | 0 or 1 | The interval (in seconds) at which the WebDAV property databases are synchronized to disk. The value can be from 0.001 to 3600, or 0 to disable caching of WebDAV properties. | 
The qos element configures the Quality of Service (QoS) statistics collection subsystem. This element may appear zero or one time within the server element. For more information, see server.
The qos element can contain the following subelements:
Table 3–39 List of qos Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the system tracks the QOS information. The default value is true if qos-limits are enabled, and false if qos-limits are not enabled. For details, see qos-limits. | 
| interval | 0 or 1 | The interval (in seconds) over which the QOS information is averaged. The value can be from 0.001 to 3600. | 
The qos-limits element configures QOS (Quality of Service) limits. This element may appear zero or one time within the server element, and zero or one time within the virtual-server element. For more information, see server, and virtual-server.
The qos-limits element can contain the following subelements:
Table 3–40 List of qos-limits Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the QOS limits are enforced at runtime. The default value is true. | 
| max-bps | 0 or 1 | The maximum transfer rate (bytes per second). The value can be from 1 to 2147483647. | 
| max-connections | 0 or 1 | The maximum number of concurrent connections. The value can be from 1 to 1048576. | 
The request-policy element configures the authentication policy requirements for web services requests. This element may appear zero or one time within the soap-auth-provider element. For more information, see soap-auth-provider.
The request-policy element can contain the following subelements:
Table 3–41 List of request-policy Subelements| Element | Occurrences | Description | 
|---|---|---|
| auth-source | 0 or 1 | Specifies a requirement for message layer sender authentication. For example, username and password, or content authentication such as a digital signature. | 
| auth-recipient | 0 or 1 | Specifies a requirement for message layer authentication of the receiver of a message to its sender, for example, by XML encryption. The value can be before-content or after-content. | 
The response-policy element configures the authentication policy requirements for web services responses. This element may appear zero or one time within the soap-auth-provider element. For more information, see soap-auth-provider.
The response-policy element can contain the following subelements:
Table 3–42 List of response-policy Subelements| Element | Occurrences | Description | 
|---|---|---|
| auth-source | 0 or 1 | Defines a requirement for message layer sender authentication. For example, username and password, or content authentication such as a digital signature. | 
| auth-recipient | 0 or 1 | Defines a requirement for message layer authentication of the receiver of a message to its sender, for example, by XML encryption. The value can be before-content or after-content. | 
The search-app element configures the built-in search web application. This element may appear zero or one time within the virtual-server element. For more information, see virtual-server.
The search-app element can contain the following subelements:
Table 3–43 List of search-app Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the search application is enabled at runtime. The default value is true. | 
| max-hits | 0 or 1 | The maximum number of search results to return in response to a single search query. The value can be from 0 to 10000. | 
| uri | 1 | The root URI for the search web application. | 
The search-collection element configures a collection of searchable documents. This element may appear zero or more times within the virtual-server element. For more information, see virtual-server.
The search-collection element can contain the following subelements:
Table 3–44 List of search-collection Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the collection can be searched. The default value is true. | 
| name | 1 | The name that uniquely identifies the search collection. | 
| display-name | 0 or 1 | The description of the search collection displayed to end users. | 
| uri | 1 | The root URI for the searchable documents. | 
| document-root | 1 | The file system root for the searchable documents. If a relative path is used, it is relative to the server's config directory. | 
| path | 1 | The file system path where search collection meta data is stored. If a relative path is used, it is relative to the server's config directory. | 
| index | 0 or 1 | Configures the document fields to be indexed. For more details, see index. | 
| convert | 0 or 1 | Configures the document type to be converted. For more details, see convert. | 
| include | 0 or 1 | Configures document types that should be included. For more details, see include. | 
| description | 0 or 1 | The description of the search collection. | 
The server element defines a server. This is the root element, and there can be only one server element in the server.xml file.
The server element has the following subelements:
Table 3–45 List of server Subelements| Element | Occurrences | Description | 
|---|---|---|
| cluster | 0 or 1 | The server cluster to which the server belongs. For more details, see cluster. | 
| log | 0 or 1 | Configures the logging subsystem. For more details, see log. | 
| user | 0 or 1 | The account the server runs as (UNIX only). The value is the user account. If the server is started as root, any UNIX account can be specified. If the server is started by a non-root account, only that non-root account should be specified. | 
| platform | 0 or 1 | Determines whether the server runs as a 32-bit or 64-bit process. The value can be 32 or 64. | 
| temp-path | 0 or 1 | The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's config directory. The directory must be owned by the account that the server runs as. | 
| variable | 0 or more | Defines a variable for use in expressions, log formats, and obj.conf parameters. For more details, see variable. | 
| localization | 0 or 1 | Configures localization. For more details, see localization. | 
| http | 0 or 1 | Configures the HTTP protocol options. For more details, see http. | 
| keep-alive | 0 or 1 | Configures the HTTP keep-alive subsystem. For more details, see keep-alive. | 
| thread-pool | 0 or 1 | Configures the HTTP request processing threads. For more details, see thread-pool. | 
| pkcs11 | 0 or 1 | Configures the PKCS #11 subsystem. For more details, see pkcs11. | 
| stats | 0 or 1 | Configures the statistics collection subsystem. For more details, see stats. | 
| cgi | 0 or 1 | Configures the CGI subsystem. For more details, see cgi. | 
| qos | 0 or 1 | Configures the QOS subsystem. For more details, see qos. | 
| dns | 0 or 1 | Configures the server's use of DNS. For more details, see dns. | 
| dns-cache | 0 or 1 | Configures the DNS cache. For more details, see dns-cache. | 
| file-cache | 0 or 1 | Configures the file cache. For more details, see file-cache. | 
| acl-cache | 0 or 1 | Configures the ACL cache. For more details, see acl-cache. | 
| ssl-session-cache | 0 or 1 | Configures the SSL/TLS session cache. For more details, see ssl-session-cache. | 
| access-log-buffer | 0 or 1 | Configures the access log buffering subsystem. For more details, see access-log-buffer. | 
| dav | 0 or 1 | Configures WebDAV. For more details, see dav. | 
| snmp | 0 or 1 | Configures SNMP. For more details, see snmp. | 
| qos-limits | 0 or 1 | Configures the QOS limits for the server. For more details, see qos-limits. | 
| audit-accesses | 0 or 1 | Specifies whether authentication and authorization events are logged. The default value is false. | 
| jvm | 0 or 1 | Configures JVM. For more details, see jvm. | 
| servlet-container | 0 or 1 | Configures the Servlet container. For more details, see servlet-container. | 
| lifecycle-module | 0 or more | Configures a Java server lifecycle module. For more details, see lifecycle-module. | 
| custom-resource | 0 or more | Configures a resource implemented by a custom class. For more details, see custom-resource. | 
| external-jndi-resource | 0 or more | Configures a resource provided by an external JNDI repository. For more details, see external-jndi-resource. | 
| jdbc-resource | 0 or more | Configures a JDBC resource. For more details, see jdbc-resource. | 
| mail-resource | 0 or more | Configures a mail store. For more details, see mail-resource. | 
| default-soap-auth-provider-name | 0 or 1 | The name of the default SOAP message-level authentication provider. The value is the name value from a soap-auth-provider element. For more details, see default-soap-auth-provider-name | 
| soap-auth-provider | 0 or more | Configures a SOAP message-level authentication provider. For more details, see soap-auth-provider. | 
| default-auth-realm-name | 0 or 1 | The name of the default Servlet container authentication realm. The value is the name value from an auth-realm element. For more details, see auth-realm. | 
| auth-realm | 0 or more | Configures a Servlet container authentication realm. For more details, see auth-realm. | 
| default-auth-db-name | 0 or 1 | The name of the default ACL authentication database. The value is the name value from an auth-db element, and the default value is default. For more details, see auth-db. | 
| auth-db | 0 or more | Configures an ACL authentication database for the server. For more details, see auth-db. | 
| acl-file | 0 or more | The ACL file that controls access to the server. The value is the name of an ACL file. For more details, see acl-file. | 
| mime-file | 0 or more | The mime.types file that configures MIME mappings for the server as a whole. The value is the name of a mime.types file. For more details, seemime-file. | 
| access-log | 0 or more | Configures an HTTP access log for the server. For more details, see access-log. | 
| http-listener | 0 or more | Configures an HTTP listener. For more details, see http-listener. | 
| virtual-server | 0 or more | Configures a virtual server. For more details, see virtual-server. | 
| event | 0 or more | Configures a recurring event. For more details, see event. | 
The servlet-container element configures the Servlet container. This element may appear zero or one time within the server element. For more information, see server.
The servlet-container element can contain the following subelements:
Table 3–46 List of servlet-container Subelements
The session-replication element configures Servlet session replication within a server cluster. This element may appear zero or one time within the cluster element, and zero or one time within the instance element. For more information, see cluster, and instance.
The session-replication element can contain the following subelements:
Table 3–47 List of session-replication Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the session replication is enabled at runtime. The default value is true. | 
| port | 0 or 1 | Specifies the port on which the server will listen. The default port number is 1099. | 
| instance-id | 0 or 1 | (Only applicable at the instance level.) The value that uniquely identifies the instance for use in cookies. | 
| key | 0 or 1 | (Only applicable at the cluster level.) The shared secret which members of the cluster use to authenticate to each other. The value of this subelement should be in text format. | 
| encrypted | 0 or 1 | (Only applicable at the cluster level.) Determines whether the session data is encrypted prior to replication. The default value is false. | 
| protocol | 0 or 1 | (Only applicable at the cluster level.) The protocol used for session replication. The value can be http or jrmp. | 
| async | 0 or 1 | (Only applicable at the cluster level.) Determines whether session replication is asynchronous from HTTP request/response processing. The default value is false. | 
| getAttribute-triggers-replication | 0 or 1 | (Only applicable at the cluster level.) Determines whether a call to the HttpSession.getAttribute method should cause a session to be backed up. The default value is true. | 
| replica-discovery-max-hops | 0 or 1 | (Only applicable at the cluster level.) The maximum number of instances that should be contacted while attempting to find the backup of a session. The value can be from 1 to 2147483647, or -1 for no limit. | 
| startup-discovery-timeout | 0 or 1 | (Only applicable at the cluster level.) The maximum time (in seconds) that an instance spends trying to contact its designated backup instance. The value can be from 0.001 to 3600. | 
| cookie-name | 0 or 1 | (Only applicable at the cluster level.) The name of the cookie that tracks which instance owns a session. | 
| cipher | 0 or 1 | (Only applicable at the cluster level.) The value of a JCE cipher. JCE ciphers are specified using the form algorithm/mode/padding. The value should be in text format. The default value is AES/CBC/PKCS5Padding. | 
The single-sign-on element configures a single authentication mapping across multiple Java web applications sharing the same realm. This element may appear zero or one time within the virtual-server element. For more information, see virtual-server.
The single-sign-on element can contain the following subelements:
Table 3–48 List of single-sign-on Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the single-sign-on feature is enabled at runtime. The default value is false. | 
| idle-timeout | 0 or 1 | The timeout (in seconds) after which a user's single sign-on records becomes eligible for purging if no activity is seen. The value can be from 0.001 to 3600, or -1 for no timeout. The default value is 300 seconds. | 
The snmp element configures the server's SNMP subagent. This element may appear zero or more times within the server element. For more information, see server.
The snmp element can contain the following subelements:
Table 3–49 List of snmp Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether SNMP is enabled at runtime. The default value is true. | 
| master-host | 0 or 1 | The network address of the SNMP master agent. The value is a host name or IP address. | 
| description | 1 | The description of the server. The value should be in text format. | 
| organization | 1 | The name of the organization responsible for the server. The value should be in text format. | 
| location | 1 | The location of the server. The value should be in text format. | 
| contact | 1 | The contact information of the person responsible for the server. The value should be in text format. | 
The soap-auth-provider element configures a SOAP message-level authentication provider for web services. This element may appear zero or more times within the server element. For more information, see server.
The soap-auth-provider element can contain the following subelements:
Table 3–50 List of soap-auth-provider Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name that uniquely identifies the SOAP message-level authentication provider for use in default-soap-auth-provider-name and sun-web.xml. | 
| class | 1 | The class that implements the provider realm. The value is a name of a class that implements javax.security.auth.XXX. | 
| request-policy | 0 or 1 | Configures the authentication policy requirements for requests. For more details, see request-policy. | 
| response-policy | 0 or 1 | Configures the authentication policy requirements for responses. For more details, see response-policy. | 
| property | 0 or more | Configures the optional provider-specific properties. For more details, see property. | 
The ssl element configures the SSL/TLS settings. This element may appear zero or one time within the http-listener element. For more information, see http-listener.
The ssl element can contain the following subelements:
Table 3–51 List of ssl Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether SSL/TLS is enabled at runtime. The default value is true. | 
| server-cert-nickname | 0 or more | The nickname of the certificate that server presents to the clients. You can specify zero or one RSA certificates, plus zero or one ECC certificates. | 
| ssl2 | 0 or 1 | Determines whether SSL2 connections are accepted. The default value is false. | 
| ssl3 | 0 or 1 | Determines whether SSL3 connections are accepted. The default value is true. | 
| tls | 0 or 1 | Determines whether TLS connections are accepted. The default value is true. | 
| tls-rollback-detection | 0 or 1 | Determines whether the server detects and blocks TLS version rollback attacks. The default value is true. | 
| ssl2-ciphers | 0 or 1 | Configures the SSL2 cipher suites. For more details, see ssl2-ciphers. | 
| ssl3-tls-ciphers | 0 or 1 | Configures the SSL3 and TLS cipher suites. For more details, see ssl3-tls-ciphers. | 
| client-auth | 0 or 1 | The method of client certificate authentication. The value can be required, optional, or false. | 
| client-auth-timeout | 0 or 1 | The timeout (in seconds) after which client authentication handshake fails. The value can be from 0.001 to 3600. | 
| max-client-auth-data | 0 or 1 | The maximum amount of application-level data to buffer during a client authentication handshake. The value can be from 0 to 2147483647. | 
The ssl2-ciphers element configures SSL2 cipher suites. This element may appear zero or one time within the ssl element. For more information, see ssl.
The ssl2-ciphers element can contain the following subelements:
Table 3–52 List of ssl2-ciphers Subelements| Element | Occurrences | Description | 
|---|---|---|
| SSL_RC4_128_WITH_MD5 | 0 or 1 | Determines whether the SSL_RC4_128_WITH_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_RC4_128_EXPORT40_WITH_MD5 | 0 or 1 | Determines whether the SSL_RC4_128_EXPORT40_WITH_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_RC2_128_CBC_WITH_MD5 | 0 to 1 | Determines whether the SSL_RC2_128_CBC_WITH_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_RC2_128_CBC_EXPORT40_WITH_MD5 | 0 or 1 | Determines whether the SSL_RC2_128_CBC_EXPORT40_WITH_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_DES_64_CBC_WITH_MD5 | 0 to 1 | Determines whether the SSL_DES_64_CBC_WITH_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_DES_192_EDE3_CBC_WITH_MD5 | 0 to 1 | Determines whether the SSL_DES_192_EDE3_CBC_WITH_MD5 cipher suite is enabled at runtime. The default value is true. | 
The ssl3-tls-ciphers element configures SSL3 and TLS cipher suites. This element may appear zero or one time within the ssl element. For more information, see ssl.
The ssl3-tls-ciphers element can contain the following subelements:
Table 3–53 List of ssl3-tls-ciphers Subelements| Element | Occurrences | Description | 
|---|---|---|
| SSL_RSA_WITH_RC4_128_MD5 | 0 or 1 | Determines whether the SSL_RSA_WITH_RC4_128_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_WITH_DES_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_DES_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_EXPORT_WITH_RC4_40_MD5 | 0 or 1 | Determines whether the SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 0 or 1 | Determines whether the SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_WITH_NULL_MD5 | 0 or 1 | Determines whether the SSL_RSA_WITH_NULL_MD5 cipher suite is enabled at runtime. The default value is false. | 
| SSL_RSA_WITH_NULL_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_NULL_SHA cipher suite is enabled at runtime. The default value is false. | 
| SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| SSL_RSA_FIPS_WITH_DES_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_FIPS_WITH_DES_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDH_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDH_RSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the TLS_ECDH_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | 0 or 1 | Determines whether the TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | 0 or 1 | Determines whether the TLS_RSA_EXPORT1024_WITH_RC4_56_SHA cipher suite is enabled at runtime. The default value is true. | 
| TLS_RSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| TLS_RSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is true. | 
| TLS_ECDHE_ECDSA_WITH_NULL_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_NULL_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_RSA_WITH_NULL_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_NULL_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_RSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is false. | 
The ssl-session-cache element configures the SSL/TLS session cache. This element may appear zero or one time within the server element. For more information, see server.
The ssl-session-cache element can contain the following subelements:
Table 3–54 List of ssl-session-cache Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server caches SSL/TLS sessions. The default value is true. | 
| max-entries | 0 or 1 | The maximum number of SSL/TLS sessions the server will cache. The value can be from 1 to 524288. | 
| max-ssl2-session-age | 0 or 1 | The maximum amount of time to cache an SSL2 session. The value can be from 5 to 100. | 
| max-ssl3-tls-session-age | 0 or 1 | The maximum amount of time to cache an SSL3/TLS session. The value can be from 5 to 86400. | 
The stats element configures the statistics collection subsystem. This element may appear zero or one time within the server element. For more information, see server.
The stats element can contain the following subelements:
Table 3–55 List of stats Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server collects statistics. The default value is true. | 
| interval | 0 or 1 | Interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600. | 
| profiling | 0 or 1 | Determines whether the performance buckets, used to track NSAPI function execution time, are enabled at runtime. The default value is true. | 
The thread-pool element configures the threads used to process HTTP requests. This element may appear zero or one time within the server element. For more information, see server.
The thread-pool element can contain the following subelements:
Table 3–56 List of thread-pool Subelements| Element | Occurrences | Description | 
|---|---|---|
| min-threads | 0 or 1 | The minimum number of HTTP request processing threads. The value can be from 1 to 4096. | 
| max-threads | 0 or 1 | The maximum number of HTTP request processing threads. The value can be from 1 to 4096. | 
| stack-size | 0 or 1 | The stack size (in bytes) for HTTP request processing threads. The value can be from 8192 to 67108864. | 
| queue-size | 0 or 1 | The maximum number of concurrent HTTP connections that can be queued waiting for processing. The value can be from 1 to 1048576. | 
The time element configures the time when an event will occur. This element may appear zero or more times within the event element. For more information, see event.
The time element can contain the following subelements:
Table 3–57 List of time Subelements| Element | Occurrences | Description | 
|---|---|---|
| time-of-day | 1 | The time when the event will occur. The value should be in the hh:mm format. | 
| day-of-week | 0 or 1 | The day of the week. The value can be Sun, Mon, Tue, Wed, Thu, Fri, or Sat. | 
| day-of-month | 0 or 1 | The day of month. The value can be from 1 to 31. | 
| month | 0 or 1 | The name of the month. The value can be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec. | 
The token element configures a PKCS #11 token. This element may appear zero or more times within the pks11 element. For more information, see pkcs11.
The token element can contain the following subelements:
Table 3–58 List of token Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the server initializes this PKCS #11 token, prompting for a PIN if necessary. The default value is true. | 
| name | 1 | The name of the token. The server's built-in token is named internal. | 
| pin | 0 or 1 | The PIN required to initialize the token. | 
The variable element defines a variable for use in expressions, log formats, and obj.conf parameters. This element may appear zero or more times within the server element, and zero or more times within the virtual-server element. For more information, see server, and virtual-server.
The variable element can contain the following subelements:
Table 3–59 List of variable Subelements| Element | Occurrences | Description | 
|---|---|---|
| name | 1 | The name of the variable. The value should be in text format. | 
| value | 1 | The value of the variable. The value should be in text format. | 
| description | 0 or 1 | The description of the variable. The value should be in text format. | 
The virtual-server element configures an HTTP virtual server. Each server would typically have at least one virtual server. This element may appear zero or more times within the server element. For more information, see server.
The virtual-server element can contain the following subelements:
Table 3–60 List of virtual-server Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the virtual server is enabled at runtime. The default value is true. | 
| name | 1 | A name that uniquely identifies the virtual server. | 
| http-listener-name | 0 or more | The name of an HTTP listener associated with one or more of the virtual server's host names. The value is the name from an http-listener element. For more details, see http-listener. | 
| host | 0 or more | The host name that the virtual server services. Host comparisons are not case sensitive. The value can be a host name or a wildcard pattern. For more information on wildcards, see Appendix B, Using Wildcard Patterns | 
| canonical-server-name | 0 or 1 | The canonical name of the virtual server. Requests using a different name will be redirected to the canonical name. The value is a host name or URL prefix. | 
| acl-file | 0 or more | The name of the ACL file that controls access to the virtual server. | 
| mime-file | 0 or more | The mime.types file that configures MIME mappings for the virtual server. | 
| object-file | 1 | The obj.conf file that controls request processing for the virtual server. | 
| default-object-name | 0 or 1 | The name of the root obj.conf object. The default value is default. | 
| document-root | 1 | The document root for the virtual server. | 
| localization | 0 or 1 | Configures localization. For more details, see localization. | 
| qos-limits | 0 or 1 | Configures QOS limits for the virtual server. For more details, see qos-limits. | 
| search-app | 0 or 1 | Configures the built-in search web application for the virtual server. For more details, see search-app. | 
| access-log | 0 or more | Configures an HTTP access log for the virtual server. For more details, see access-log. | 
| auth-db | 0 or more | Configures an ACL authentication database for the virtual server. For more details, see auth-db. | 
| search-collection | 0 or more | Configures a collection of searchable documents for the virtual server. For more details, see search-collection. | 
| dav-collection | 0 or more | Configures a WebDAV collection for the virtual server. For more details, see dav-collection. | 
| web-app | 0 or more | Configures the Java web application mappings for the virtual server. For more details, see web-app. | 
| log-file | 0 or 1 | The log file for the virtual server. The value is the log file name, for example, ../logs/errors. | 
| variable | 0 or more | Defines an obj.conf variable for the virtual server. For more details, see variable. | 
| description | 0 or 1 | The description of the virtual server. | 
| single-sign-on | 0 or 1 | Configures single sign-on for Java web applications within the virtual server. For more details, see single-sign-on. | 
The web-app element configures a Java web application mapping. This element may appear zero or more times within the virtual-server element. For more information, see virtual-server.
The web-app element can contain the following subelements:
Table 3–61 List of web-app Subelements| Element | Occurrences | Description | 
|---|---|---|
| enabled | 0 or 1 | Determines whether the web application is enabled at runtime. The default value is true. | 
| uri | 1 | The root URI for the web application. | 
| path | 1 | The path where the web application is stored. If a relative path is used, it is relative to the server's config directory. | 
| description | 0 or 1 | The description of the web application. |