Chapter 5
Other Configuration Files
This chapter summarizes the Purpose, Location, and Contents or Syntax of important configuration files not discussed in other chapters, then briefly describes all directives or parameters allowed in each file (if any) in a table. Cross references are listed after See Also headings when other chapters or manuals describe some of the directives or parameters in more detail. Configuration files that should never be modified are not listed in this chapter.
The following configuration files are described in alphabetical order:
dbswitch.conf
Purpose
Specifies the LDAP directory that Sun ONE Application Server uses.
|
Note
|
The dbswitch.conf interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.
|
|
Location
instance_dir/config
Syntax
directory name LDAP_URL
name:property1 [value1]
name:property2 [value2]
...
The default contents of this file are as follows:
directory default null:///none
Edit the file as follows for anonymous binding over SSL:
directory default ldaps://directory.sun.com:636:/dc%3Dcom
Edit the file as follows for anonymous binding not over SSL:
directory default ldap://directory.sun.com:389:/dc%3Dcom
See Also
“User Database Selection”
The following table describes properties in the dbswitch.conf file.
Table 5-1 dbswitch.conf Properties
Property
|
Allowed Values
|
Default Value
|
Description
|
nsessions
|
A positive integer
|
8
|
The number of LDAP connections for the database.
|
dyngroups
|
off, on, recursive
|
on
|
Determines how dynamic groups are handled. If off, dynamic groups are not supported. If on, dynamic groups are supported. If recursive, dynamic groups can contain other groups.
|
binddn
|
A valid DN
|
|
The DN used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.
|
bindpw
|
|
|
The password used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.
|
dcsuffix
|
A valid DN (relative to the LDAP URL)
|
none
|
If present, the default value of the base DN for the request’s virtual server is determined by a DC tree lookup, starting at the dcsuffix DN, of the virtual server’s hosts attribute that matches the client-supplied Host header. If no hosts attribute matches, the server-name attribute of the parent http-listener is used.
If not present, the default value of the base DN is the base DN value in the LDAP URL.
The basedn attribute of an auth-db element in the server.xml file overrides this value.
|
digestauth
|
off, on
|
off
|
Specifies whether the database can do digest authentication. If on, a special Directory Server plug-in is required. For information about how to install this plug-in, see the Sun ONE Application Server Administrator’s Guide.
|
If an LDAP database is schema compliant, the base DN of the access is computed using a DC tree lookup of the virtual-server element’s hosts attribute that matches the client-supplied Host header. If no hosts attribute matches, the server-name attribute of the parent http-listener is used. The result must contain an inetDomainBaseDN attribute that contains the base DN. This base DN is taken as is and is not relative to any of the base DN values.
Deployment Descriptors
Purpose
Configures features specific to the Sun ONE Application Server for deployed modules and applications.
Location
The META-INF or WEB-INF directory of a module or application.
See Also
The following table shows where to find more information about Sun ONE Application Server deployment descriptors.
Table 5-2 Sun ONE Application Server Descriptors
Deployment Descriptor
|
Where to Find More Information
|
sun-application.xml
|
Sun ONE Application Server Developer’s Guide
|
sun-web.xml
|
Sun ONE Application Server Developer’s Guide to Web Applications
|
sun-ejb-jar.xml and sun-cmp-mapping.xml
|
Sun ONE Application Server Developer’s Guide to Enterprise JavaBeans Technology
|
sun-application-client.xml and sun-acc.xml
|
Sun ONE Application Server Developer’s Guide to Clients
|
sun-ra.xml
|
Sun ONE J2EE CA Service Provider Implementation Administrator’s Guide
|
generated.instance.acl
Purpose
Sets permissions for access to the server instance. This is the default ACL file; you can create and use others.
|
Note
|
The ACL file interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.
|
|
Location
instance_dir/config
See Also
Sun ONE Application Server Administrator’s Guide to Security
loadbalancer.xml
Purpose
Configures clusters and load balancing.
|
Note
|
The loadbalancer.xml interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.
|
|
Location
The loadbalancer.xml file is located in the front-end web server.
Syntax
Most of the file has the following basic XML syntax, with nested elements:
<ELEMENT attribute="value" attribute="value" ... >
<SUBELEMENT attribute="value" attribute="value" ... />
</ELEMENT>
In the "loadbalancer.xml Elements and Attributes" table, elements are in bold to distinguish them from attributes.
See Also
Sun ONE Application Server Administrator’s Guide
Sun ONE Web Server documentation set
The following tables describe elements, attributes, and properties in the loadbalancer.xml file.
Table 5-3 loadbalancer.xml Elements and Attributes
Element/Attribute
|
Subelements or Default Values
|
Description
|
loadbalancer
|
cluster, property
|
Defines a load balancer.
|
cluster
|
instance, web-module, health-checker
|
Defines a cluster of application server instances.
|
name
|
none
|
Specifies the name of the cluster. Within a load balancer, cluster names must be unique.
|
instance
|
none
|
Defines an application server instance.
|
name
|
none
|
Specifies the name of the server instance. Within a cluster, instance names must be unique.
|
enabled
|
true
|
(optional) Specifies whether instance is active (enabled) for requests to be load balanced to it.
|
disable-timeout-in-minutes
|
31
|
(optional) Specifies the quiescing timeout interval, at which the load balancer disables the instance and closes all its open connections.
|
listeners
|
none
|
Specifies a space-delimited list of the URLs of the instance’s listeners. Within a cluster, listener URLs must be unique.
|
web-module
|
none
|
Defines a web module.
|
context-root
|
none
|
Specifies the context root of the web module. Within a cluster, context roots must be unique.
|
enabled
|
true
|
(optional) Specifies whether web module is active (enabled) for requests to be load balanced to it.
|
disable-timeout-in-minutes
|
31
|
(optional) Specifies the quiescing timeout interval, at which the load balancer disables the web module and closes all its open connections.
|
health-checker
|
none
|
Configures the cluster’s health checker.
|
url
|
/
|
(optional) Specifies the URL to ping to determine the health state of a listener.
|
interval-in-seconds
|
30
|
(optional) Specifies the interval at which health checks of instances occur.
|
timeout-in-seconds
|
10
|
(optional) Specifies the timeout interval within which a response must be obtained for a listener to be considered healthy.
|
property
|
description
|
Defines a property.
|
name
|
none
|
Specifies the name of the property.
|
value
|
none
|
Specifies the value of the property.
|
description
|
|
Defines a text description of a property.
|
Table 5-4 loadbalancer.xml Properties
Property Name
|
Default Value
|
Description
|
response-timeout-in-seconds
|
60
|
Specifies the timeout interval within which a response must be obtained for a request that is load balanced, or the instance is considered unhealthy.
|
reload-poll-interval-in-seconds
|
0
|
Specifies the interval at which the load balancer checks whether the loadbalancer.xml time stamp has changed. If it has changed, the load balancer reloads the file. If 0, polling is disabled.
|
https-routing
|
false
|
Specifies whether the load balancer routes incoming HTTPS requests to the instance as HTTPS requests.
|
require-monitor-data
|
false
|
Specifies whether load balancer monitoring is enabled.
|
nsfc.conf
Purpose
Sets file cache parameters. This file is present only if file cache parameters have been changed from their defaults.
|
Note
|
The nsfc.conf interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.
|
|
Location
instance_dir/config
Syntax
parameter=value
See Also
Sun ONE Application Server Performance Tuning Guide
The following table describes parameters in the nsfc.conf file.
Table 5-5 nsfc.conf Parameters
Parameter
|
Allowed Values
|
Default Value
|
Description
|
FileCacheEnable
|
on, off
|
on
|
Enables the file cache.
|
CacheFileContent
|
on, off
|
on
|
Enables caching of file contents as well as file information for files smaller than MediumFileSizeLimit (smaller than SmallFileSizeLimit if TransmitFiles is on).
|
MaxAge
|
Number of seconds
|
30
|
The maximum age of a valid cache entry. This setting controls how long cached information is used once a file has been cached. An entry older than MaxAge is replaced by a new entry for the same file.
|
MediumFileSizeLimit
|
Limited by available memory
|
537600 (525K)
|
(UNIX only) Maximum size of a file that can be cached as a memory-mapped file (if TransmitFiles is off).
|
MediumFileSpace
|
Limited by available memory
|
10485760 (10 M)
|
Total size of all files that are cached as memory-mapped files (if TransmitFiles is off).
|
SmallFileSizeLimit
|
Limited by available memory
|
2048 (2K)
|
(UNIX only) Maximum size of a file that can be read into memory.
|
SmallFileSpace
|
Limited by available memory
|
1048576 (UNIX, 1 M)
|
Total size of all files that are read into memory.
|
TransmitFiles
|
on, off
|
off (UNIX)
|
Enables use of the TransmitFile system call. Not supported on IRIX, Compaq, or Linux.
|
MaxFiles
|
|
1024
|
Maximum number of files in the file cache.
|
HashInitSize
|
Limited by available memory
|
0
|
Initial number of hash buckets. If 0, the number of hash buckets is dynamically determined as 2 * MaxFiles + 1.
|
TempDir
|
A path
|
system_temp/instance
|
Specifies a temporary directory for the file cache if CopyFiles is on.
|
password.conf
Purpose
By default, the application server prompts the administrator for the SSL key database password before starting up. If you want the application server to be able to restart unattended, you need to save the password in a password.conf file. Be sure that your system is adequately protected so that this file and the key databases are not compromised.
Location
instance_dir/config
This file is not present by default. You must create it if you need it.
Syntax
PKCS#11_module_name:password
If you are using the internal PKCS#11 software encryption module that comes with the server, type the following:
internal:password
If you are using a different PKCS#11 module, for example for hardware encryption or hardware accelerators, you will need to specify the name of the PKCS#11 module, followed by the password, for example:
internal:password
See Also
Sun ONE Application Server Administrator’s Guide
server.policy
Purpose
Controls what access applications have to resources. This is the standard J2SE policy file.
Location
instance_dir/config
Syntax
grant [codeBase "path"] {
permission permission_class "package", "permission_type";
...
};
See Also
Sun ONE Application Server Developer’s Guide
http://java.sun.com/docs/books/tutorial/security1.2/tour2/index.html