Defines access log settings for each http-access-log subelement of each virtual-server.
none
The following table describes attributes for the access-log element.
Table 1–1 access-log Attributes
Attribute |
Default |
Description |
---|---|---|
%client.name% %auth-user-name% %datetime% %request% %status% %response.length% |
(optional) Specifies the format of the access log. For a complete list of token values you can use in the format, see the online help for the Access Log tab of the HTTP Service page in the Administration Console. |
|
time |
(optional) Specifies the condition that triggers log rotation. The only legal value is time, which rotates log files at the rotation-interval-in-minutes interval. |
|
15 |
(optional) Specifies the time interval between log rotations if rotation-policy is set to time. |
|
yyyy-MM-dd |
(optional) Specifies the format of the timestamp appended to the access log name when log rotation occurs. For supported formats, see http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html. The following value is supported for backward compatibility. It results in the same format as the default. %YYYY;%MM;%DD;-%hh;h%mm;m%ss;s |
|
true |
(optional) If true, enables log rotation. |
Contains configuration for JMX connectors, the domain admin server (DAS), and related properties.
The following table describes subelements for the admin-service element.
Table 1–2 admin-service Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Configures a JSR 160/255 compliant remote JMX connector, which responds to JConsole port 8686. |
|
only one |
Defines a domain administration server configuration. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the admin-service element.
Table 1–3 admin-service Attributes
Attribute |
Default |
Description |
---|---|---|
das-and-server |
Specifies whether the server instance is a regular instance (server), a domain administration server (das), or a combination (das-and-server). modifying this value is not recommended. |
|
none |
Specifies the name of the internal jmx-connector. |
Specifies a system application or a Java EE module.
An engine runs a sniffer during deployment, which is responsible for identifying a type of deployment artifact (such as a WAR file) and setting up the associated container (such as the web container). Multiple engines, each with its own sniffer, can be associated with a given application.
The application element replaces the web-module and ejb-module elements of previous releases.
For GlassFish v3 Prelude, EJB modules are not supported unless the optional EJB container add-on component is downloaded from the Update Tool. Only stateless session beans with local interfaces and entity beans that use the Java Persistence API are supported. Stateful, message-driven, and EJB 2.0 and 2.1 entity beans are not supported. Remote interfaces and remote business interfaces for any of the bean types are not supported.
Web services are not supported unless the optional Metro (JSR 109) add-on component is downloaded from the Update Tool. Without the Metro component, a servlet or EJB module cannot be a web service endpoint.
JRuby applications are not supported unless the optional JRuby add-on component is downloaded from the Update Tool.
For information about the Update Tool, see the Sun GlassFish Enterprise Server v3 Prelude Installation Guide.
system-applications, applications
The following table describes subelements for the application element.
Table 1–4 application Subelements
Element |
Required |
Description |
---|---|---|
one or more |
Configures an engine. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the application element.
Table 1–5 application Attributes
References a module deployed to the server.
none
The following table describes attributes for the application-ref element.
Table 1–6 application-ref Attributes
Attribute |
Default |
Description |
---|---|---|
enabled |
true |
(optional) Determines whether the application or module is enabled. |
all virtual servers |
(optional) In a comma-separated list, references id attributes of the virtual-server elements to which the web application is deployed. If you deploy a web application and don't specify any assigned virtual servers, the web application is assigned to all currently defined virtual servers. If you then create additional virtual servers and want to assign existing web applications to them, you must redeploy the web applications. For more information about deployment, see the Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide. |
|
30 |
(optional) Specifies the time it takes this application to reach a quiescent state after having been disabled. |
|
none |
References the name attribute of an application element. |
Contains deployed Java EE modules.
The following table describes subelements for the applications element.
Table 1–7 applications Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies an application. |
Specifies an optional plug-in module that implements audit capabilities.
The following table describes subelements for the audit-module element.
Table 1–8 audit-module Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the audit-module element.
Table 1–9 audit-module Attributes
Attribute |
Default |
Description |
---|---|---|
default |
Specifies the name of this audit module. |
|
com.sun.enterprise.security.Audit |
Specifies the Java class that implements this audit module. |
Defines a realm for authentication.
Authentication realms require provider-specific properties, which vary depending on what a particular implementation needs.
For more information about how to define realms, see the Sun GlassFish Enterprise Server v3 Prelude Administration Guide.
Here is an example of the default file realm:
<auth-realm name="file" classname="com.sun.enterprise.security.auth.realm.file.FileRealm"> <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"/> <property name="jaas-context" value="fileRealm"/> </auth-realm>
Which properties an auth-realm element uses depends on the value of the auth-realm element’s name attribute. The file realm uses file and jaas-context properties. Other realms use different properties.
The following table describes subelements for the auth-realm element.
Table 1–10 auth-realm Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the auth-realm element.
Table 1–11 auth-realm Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the name of this realm. |
|
none |
Specifies the Java class that implements this realm. |
The standard realms provided with Enterprise Server have required and optional properties. A custom realm might have different properties.
The following table describes properties for the auth-realm element.
Table 1–12 auth-realm Properties
Property |
Realms |
Description |
---|---|---|
all |
Specifies the JAAS (Java Authentication and Authorization Service) context. |
|
file |
Specifies the file that stores user names, passwords, and group names. The default is domain-dir/config/keyfile. |
|
all |
(optional) If this property is set, its value is taken to be a comma-separated list of group names. All clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers. |
|
ldap |
Specifies the LDAP URL to your server. |
|
ldap |
Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. |
|
ldap |
(optional) Specifies the search filter to use to find the user. The default is uid=%s (%s expands to the subject name). |
|
ldap |
(optional) Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary. |
|
ldap |
(optional) Specifies the search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN). |
|
ldap |
(optional) Specifies the LDAP attribute name that contains group name entries. The default is CN. |
|
ldap |
(optional) Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search. |
|
ldap |
(optional) Specifies the LDAP password for the DN given in search-bind-dn . |
|
jdbc |
Specifies the jndi-name of the jdbc-resource for the database. |
|
jdbc |
Specifies the name of the user table in the database. |
|
jdbc |
Specifies the name of the user name column in the database's user table. |
|
jdbc |
Specifies the name of the password column in the database's user table. |
|
jdbc |
Specifies the name of the group table in the database. |
|
jdbc |
Specifies the name of the group name column in the database's group table. |
|
jdbc |
(optional) Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional) Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional) Specifies the digest algorithm. The default is MD5. You can use any algorithm supported in the JDK, or none. |
|
jdbc |
(optional) Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default is Hex. If digest-algorithm is not specified, by default no encoding is specified. |
|
jdbc |
(optional) Specifies the charset for the digest algorithm. |