Sun Java System Application Server Platform Edition 8.2 Administration Reference

S

security-map

Maps the principal received during servlet or EJB authentication to the credentials accepted by the EIS.

Superelements

connector-connection-pool

Subelements

The following table describes subelements for the security-map element.

Table 1–106 security-map Subelements

Element 

Required 

Description 

principal

one or more 

Contains the principal of the servlet or EJB client. 

user-group

one or more 

Contains the group to which the principal belongs. 

backend-principal

only one 

Specifies the user name and password required by the EIS. 

Attributes

The following table describes attributes for the security-map element.

Table 1–107 security-map Attributes

Attribute 

Default 

Description 

name

none 

Specifies a name for the security mapping. 

security-service

Defines parameters and configuration information needed by the J2EE security service.

Superelements

config

Subelements

The following table describes subelements for the security-service element.

Table 1–108 security-service Subelements

Element 

Required 

Description 

auth-realm

one or more 

Defines a realm for authentication. 

jacc-provider

one or more 

Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization. 

audit-module

zero or more 

Specifies an optional plug-in module that implements audit capabilities. 

message-security-config

zero or more 

Specifies configurations for message security providers. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the security-service element.

Table 1–109 security-service Attributes

Attribute 

Default 

Description 

default-realm

file

(optional) Specifies the active authentication realm (an auth-realm name attribute) for this server instance.

default-principal

none 

(optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation. 

default-principal-password

none 

(optional) The password of the default principal. This attribute need not be set for normal server operation. 

anonymous-role

ANYONE

(optional) Used as the name for default, or anonymous, role. The anonymous role is always assigned to all principals. This role value can be used in J2EE deployment descriptors to grant access to anyone. 

audit-enabled

false

(optional) If true, additional access logging is performed to provide audit information.

Audit information consists of: 

  • Authentication success and failure events

  • Servlet and EJB access grants and denials

jacc

default

(optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider.

audit-modules

default

(optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module. 

server

Defines a server instance.


Note –

Server instances are not the same thing as virtual servers. Each server instance is a completely separate server that contains one or more virtual servers.


Superelements

servers

Subelements

The following table describes subelements for the server element.

Table 1–110 server Subelements

Element 

Required 

Description 

application-ref

zero or more 

References an application or module deployed to the server instance. 

resource-ref

zero or more 

References a resource deployed to the server instance. 

system-property

zero or more 

Specifies a system property. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the server element.

Table 1–111 server Attributes

Attribute 

Default 

Description 

name

none 

Specifies the name of the server instance. 

config-ref

default config element’s name, server-config

(optional) References the name of the config used by the server instance. For the Platform Edition, the default is the only value allowed.

servers

Contains server instances. In the Platform Edition, there is only one server instance.

Superelements

domain

Subelements

The following table describes subelements for the servers element.

Table 1–112 servers Subelements

Element 

Required 

Description 

server

only one 

Defines a server instance. 

session-config

Specifies session configuration information for the entire web container. Individual web applications can override these settings using the corresponding elements in their sun-web.xml files.

Superelements

web-container

Subelements

The following table describes subelements for the session-config element.

Table 1–113 session-config Subelements

Element 

Required 

Description 

session-manager

zero or one 

Specifies session manager configuration information. 

session-properties

zero or one 

Specifies session properties. 

session-manager

Specifies session manager information.


Note –

The session manager interface is unstable. An unstable interface might be experimental or transitional, and hence might change incompatibly, be removed, or be replaced by a more stable interface in the next release.


Superelements

session-config

Subelements

The following table describes subelements for the session-manager element.

Table 1–114 session-manager Subelements

Element 

Required 

Description 

manager-properties

zero or one 

Specifies session manager properties. 

store-properties

zero or one 

Specifies session persistence (storage) properties. 

session-properties

Specifies session properties.

Superelements

session-config

Subelements

The following table describes subelements for the session-properties element.

Table 1–115 session-properties Subelements

Element 

Required 

Description 

property

zero or more 

Specifies a property or a variable. 

Attributes

Table 1–116 session-properties Attributes

Attribute 

Default 

Description 

timeout-in-seconds

600

(optional) Specifies the default maximum inactive interval (in seconds) for all sessions created in this web module. If set to 0 or less, sessions in this web module never expire.

If a session-timeout element is specified in the web.xml file, the session-timeout value overrides any timeout-in-seconds value. If neither session-timeout nor timeout-in-seconds is specified, the timeout-in-seconds default is used.

Note that the session-timeout element in web.xml is specified in minutes, not seconds.

Properties

The following table describes properties for the session-properties element.

Table 1–117 session-properties Properties

Property 

Default 

Description 

enableCookies

true

Uses cookies for session tracking if set to true.

enableURLRewriting

true

Enables URL rewriting. This provides session tracking via URL rewriting when the browser does not accept cookies. You must also use an encodeURL or encodeRedirectURL call in the servlet or JavaServerTM Pages (JSPTM) page.

idLengthBytes

128

Specifies the number of bytes in this web module’s session ID. 

ssl

Defines SSL (Secure Socket Layer) parameters.

An ssl element is required inside an http-listener or iiop-listener element that has its security-enabled attribute set to on.

In Platform Edition, SSL is globally disabled.

Superelements

http-listener, iiop-listener, ssl-client-config

Subelements

none

Attributes

The following table describes attributes for the ssl element.

Table 1–118 ssl Attributes

Attribute 

Default 

Description 

cert-nickname

none 

The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional.

ssl2-enabled

false

(optional) Determines whether SSL2 is enabled. 

If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

ssl2-ciphers

none 

(optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3.

ssl3-enabled

true

(optional) Determines whether SSL3 is enabled. The default is true .

If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

ssl3-tls-ciphers

none 

(optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +rsa_des_sha . Allowed SSL3 values are rsa_rc4_128_md5, rsa_3des_sha , rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5. Allowed TLS values are rsa_des_56_sha, rsa_rc4_56_sha.

tls-enabled

true

(optional) Determines whether TLS is enabled. 

client-auth-enabled

false

(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.

ssl-client-config

Defines SSL parameters for the ORB when it makes outbound SSL connections and behaves as a client.

Superelements

iiop-service

Subelements

The following table describes subelements for the ssl-client-config element.

Table 1–119 ssl-client-config Subelements

Element 

Required 

Description 

ssl

only one 

Defines SSL parameters. 

store-properties

Specifies session persistence (storage) properties.

Superelements

session-manager

Subelements

The following table describes subelements for the store-properties element.

Table 1–120 store-properties Subelements

Element 

Required 

Description 

property

zero or more 

Specifies a property or a variable. 

Attributes

Table 1–121 store-properties Attributes

Attribute 

Default 

Description 

directory

domain-dir/generated/jsp/j2ee-apps/appname/appname_war

(optional) Specifies the absolute or relative pathname of the directory into which individual session files are written. A relative path is relative to the temporary work directory for this web application. 

reap-interval-in-seconds

60

(optional) Not implemented. Use the reap-interval-in-seconds attribute of the manager-properties element instead.

system-property

Specifies a system property. A system property defines a common value for a setting at one of these levels, from highest to lowest: domain, server, or config. A value set at a higher level can be overridden at a lower level. Some system properties are predefined; see system-property. You can also create system properties using this element.

The following example shows the use of a predefined system property:

<log-service file="${com.sun.aas.instanceRoot}/logs/server.log">
    <module-log-levels admin=INFO .../>
</log-service>

The following example shows the creation and use of a system property:

<config name="config1">
    ...
    <http-service>
        ...
        <http-listener id="ls1" host="0.0.0.0" port="${ls1-port}"/>
        ...
    </http-service>
    ...
    <system-property name="ls1-port" value="8080"/>
</config>

Superelements

config, domain, server

Subelements

The following table describes subelements for the system-property element.

Table 1–122 system-property Subelements

Element 

Required 

Description 

description

zero or one 

Contains a text description of this element. 

Attributes

The following table describes attributes for the system-property element.

Table 1–123 system-property Attributes

Attribute 

Default 

Description 

name

none 

Specifies the name of the system property. 

value

none 

Specifies the value of the system property. 

Properties

The following table lists predefined system properties.

Table 1–124 Predefined System Properties

Property 

Default 

Description 

com.sun.aas.installRoot

depends on operating system 

Specifies the directory where the Application Server is installed. 

com.sun.aas.instanceRoot

depends on operating system 

Specifies the top level directory for a server instance. 

com.sun.aas.hostName

none 

Specifies the name of the host (machine). 

com.sun.aas.javaRoot

depends on operating system 

Specifies the J2SE installation directory. 

com.sun.aas.imqLib

depends on operating system 

Specifies the library directory for Sun Java System Message Queue. 

com.sun.aas.configName

server-config

Specifies the name of the config used by a server instance.

com.sun.aas.instanceName

server1

Specifies the name of the server instance. This property is not used in the default configuration, but can be used to customize configuration. 

com.sun.aas.domainName

domain1

Specifies the name of the domain. This property is not used in the default configuration, but can be used to customize configuration.