Defines access log settings for each http-access-log subelement of each virtual-server.
none
The following table describes attributes for the access-log element.
Table 1–1 access-log Attributes
Attribute |
Default |
Description |
---|---|---|
%client.name% %auth-user-name% %datetime% %request% %status% %response.length% |
(optional) Specifies the format of the access log. For a complete list of token values you can use in the format, see the online help for the Access Log tab of the HTTP Service page in the Admin Console. |
|
time |
(optional) Specifies the condition that triggers log rotation. The only legal value is time, which rotates log files at the rotation-interval-in-minutes interval. |
|
15 (developer profile) 1440 (cluster and enterprise profiles) |
(optional) Specifies the time interval between log rotations if rotation-policy is set to time. |
|
yyyy-MM-dd (developer profile) yyyyMMdd-HH'h'mm'm'ss's' (cluster and enterprise profiles) |
(optional) Specifies the format of the timestamp appended to the access log name when log rotation occurs. For supported formats, see http://java.sun.com/javase/6/docs/api/java/text/SimpleDateFormat.html. The following value is supported for backward compatibility. It results in the same format as the default. %YYYY;%MM;%DD;-%hh;h%mm;m%ss;s |
|
true |
(optional) If true, enables log rotation. |
Specifies the action of a management rule. The action is implemented as an MBean.
none
The following table describes attributes for the action element.
Table 1–2 action Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the name of the mbean that performs the action of a management rule. This MBean must implement javax.management.NotificationListener. |
Defines an administered object for an inbound resource adapter.
The following table describes subelements for the admin-object-resource element.
Table 1–3 admin-object-resource Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of this element. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the admin-object-resource element.
Table 1–4 admin-object-resource Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the JNDI name for the resource. |
|
none |
Specifies the fully qualified type of the resource. |
|
none |
Specifies the name of the inbound resource adapter, as specified in the name attribute of a connector-module element. |
|
user |
(optional) Defines the type of the resource. Allowed values are:
|
|
enabled |
true |
(optional) Determines whether this resource is enabled at runtime. |
Properties of the admin-object-resource element are the names of setter methods of the adminobject-class specified in the adminobject element of the ra.xml file. Some of the property names can be specified in the adminobject element itself. For example, in jmsra, the resource adapter used to communicate with the Sun Java System Message Queue software, jmsra, Name and Description are valid properties.
For a complete list of the available properties (called administered object attributes in the Message Queue software), see the Sun Java System Message Queue 4.3 Administration Guide.
Determines whether the server instance is a regular instance, a domain administration server, or a combination.
The following table describes subelements for the admin-service element.
Table 1–5 admin-service Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Configures a JSR 160/255 compliant remote JMX connector. |
|
only one (developer profile) zero or one (cluster and enterprise profiles) |
Defines a domain administration server configuration. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the admin-service element.
Table 1–6 admin-service Attributes
Attribute |
Default |
Description |
---|---|---|
das-and-server (developer profile) server (cluster and enterprise profiles) |
Specifies whether the server instance is a regular instance (server), a domain administration server (das), or a combination (das-and-server). modifying this value is not recommended. |
|
none |
Specifies the name of the internal jmx-connector. |
Configures the alert service, which allows you to register for and receive system status alerts.
The following table describes subelements for the alert-service element.
Table 1–7 alert-service Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Configures a subscription to system status alerts. |
|
zero or more |
Specifies a property or a variable. |
Configures a subscription to system status alerts.
The following table describes subelements for the alert-subscription element.
Table 1–8 alert-subscription Subelements
Element |
Required |
Description |
---|---|---|
only one |
Configures the listener class that listens for alerts from notification emitters. |
|
zero or one |
Configures the filter class that filters alerts from notification emitters. |
The following table describes attributes for the alert-subscription element.
Table 1–9 alert-subscription Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the name of this alert subscription. |
Specifies a deployed application client container (ACC) module.
The following table describes subelements for the appclient-module element.
Table 1–10 appclient-module Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Contains a text description of this element. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the appclient-module element.
Table 1–11 appclient-module Attributes
Attribute |
Default |
Description |
---|---|---|
none |
The name of the ACC module. |
|
none |
The location of the ACC module in the Enterprise Server file system. |
|
false |
(optional) Specifies whether the application has been deployed as a directory. |
|
true |
(optional) Specifies whether Java Web Start access is permitted for this application client. |
References an application or module deployed to the server instance or cluster.
Some topics in the documentation pertain to features that are available only in domains that are configured to support clusters. Examples of domains that support clusters are domains that are created with the cluster profile or the enterprise profile. For information about profiles, see Usage Profiles in Sun GlassFish Enterprise Server 2.1 Administration Guide.
none
The following table describes attributes for the application-ref element.
Table 1–12 application-ref Attributes
Attribute |
Default |
Description |
---|---|---|
enabled |
true |
(optional) Determines whether the application or module is enabled. |
all virtual servers |
(optional) In a comma-separated list, references id attributes of the virtual-server elements to which the web-module or the web modules within this j2ee-application are deployed. |
|
false |
(optional) If true, all load-balancers that reference this application consider it available to them. |
|
30 |
(optional) Specifies the time it takes this application to reach a quiescent state after having been disabled. |
|
none |
References the name attribute of a lifecycle-module, j2ee-application, ejb-module, web-module, connector-module, appclient-module, or extension-module element. |
Contains deployed Java EE applications, Java EE modules, and Lifecycle modules.
The following table describes subelements for the applications element.
Table 1–13 applications Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a deployed lifecycle module. |
|
zero or more |
Specifies a deployed Java EE application. |
|
zero or more |
Specifies a deployed EJB module. |
|
zero or more |
Specifies a deployed web module. |
|
zero or more |
Specifies a deployed connector module. |
|
zero or more |
Specifies a deployed application client container (ACC) module. |
|
zero or more |
Specifies an MBean. |
|
zero or more |
Specifies an extension module. |
Subelements of an applications element can occur in any order.
Specifies an optional plug-in module that implements audit capabilities.
The following table describes subelements for the audit-module element.
Table 1–14 audit-module Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the audit-module element.
Table 1–15 audit-module Attributes
Attribute |
Default |
Description |
---|---|---|
default |
Specifies the name of this audit module. |
|
com.sun.enterprise.security.Audit |
Specifies the Java class that implements this audit module. |
Defines a realm for authentication.
Authentication realms require provider-specific properties, which vary depending on what a particular implementation needs.
For more information about how to define realms, see the Sun GlassFish Enterprise Server 2.1 Administration Guide.
Here is an example of the default file realm:
<auth-realm name="file" classname="com.sun.enterprise.security.auth.realm.file.FileRealm"> <property name="file" value="domain-dir/config/keyfile"/> <property name="jaas-context" value="fileRealm"/> </auth-realm>
Which properties an auth-realm element uses depends on the value of the auth-realm element’s name attribute. The file realm uses file and jaas-context properties. Other realms use different properties.
The following table describes subelements for the auth-realm element.
Table 1–16 auth-realm Subelements
Element |
Required |
Description |
---|---|---|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the auth-realm element.
Table 1–17 auth-realm Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies the name of this realm. |
|
none |
Specifies the Java class that implements this realm. |
The standard realms provided with Enterprise Server have required and optional properties. A custom realm might have different properties.
The following table describes properties for the auth-realm element.
Table 1–18 auth-realm Properties
Property |
Realms |
Description |
---|---|---|
file, ldap, jdbc, solaris |
Specifies the JAAS (Java Authentication and Authorization Service) context. |
|
file |
Specifies the file that stores user names, passwords, and group names. The default is domain-dir/config/keyfile. |
|
certificate, file, jdbc, ldap, solaris |
(optional) If this property is set, its value is taken to be a comma-separated list of group names. All clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers. |
|
ldap |
Specifies the LDAP URL to your server. |
|
ldap |
Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. |
|
ldap |
(optional) Specifies the search filter to use to find the user. The default is uid=%s (%s expands to the subject name). |
|
ldap |
(optional) Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary. |
|
ldap |
(optional) Specifies the search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN). |
|
ldap |
(optional) Specifies the LDAP attribute name that contains group name entries. The default is CN. |
|
ldap |
(optional) Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search. |
|
ldap |
(optional) Specifies the LDAP password for the DN given in search-bind-dn . |
|
jdbc |
Specifies the jndi-name of the jdbc-resource for the database. |
|
jdbc |
Specifies the name of the user table in the database. |
|
jdbc |
Specifies the name of the user name column in the database's user table. |
|
jdbc |
Specifies the name of the password column in the database's user table. |
|
jdbc |
Specifies the name of the group table in the database. |
|
jdbc |
Specifies the name of the group name column in the database's group table. |
|
jdbc |
(optional) Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional) Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used. |
|
jdbc |
(optional) Specifies the digest algorithm. The default is MD5. You can use any algorithm supported in the JDK, or none. |
|
jdbc |
(optional) Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default is Hex. If digest-algorithm is not specified, by default no encoding is specified. |
|
jdbc |
(optional) Specifies the charset for the digest algorithm. |
Configures the availability service. Enables high-availability features, such as session state and stateful session bean state persistence. If the Sun Java System high-availability database (HADB) is installed and you have selected the enterprise profile, session state is persisted to the HADB.
Some topics in the documentation pertain to features that are available only in domains that are configured to support clusters. Examples of domains that support clusters are domains that are created with the cluster profile or the enterprise profile. For information about profiles, see Usage Profiles in Sun GlassFish Enterprise Server 2.1 Administration Guide.
Availability can be enabled or disabled at the following levels:
The server instance (attribute of availability-service). Default is true (enabled).
The EJB or web container (attribute of ejb-container-availability or web-container-availability). Default is true (enabled).
The application (attribute of j2ee-application). Default is false (disabled).
The stand-alone EJB or web module (attribute of ejb-module or web-module). Default is false (disabled).
The stateful session bean. Default is false (disabled). See the Sun GlassFish Enterprise Server 2.1 Developer’s Guide.
For availability to be enabled at a given level, it must be enabled at all higher levels, as well. For example, to enable availability at the application level, you must also enable it at the server instance and container levels.
If the HADB is installed and the enterprise profile is selected, availability can also be enabled in the Java Message Service (attribute of jms-availability). The default is false (disabled). JMS availability is disabled if server instance availability is disabled. JMS availability neither affects nor is affected by any other availability levels.
The following table describes subelements for the availability-service element.
Table 1–19 availability-service Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Enables availability in the web container. |
|
zero or one |
Enables availability in the EJB container. |
|
zero or one |
Enables availability in the Java Message Service. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the availability-service element.
Table 1–20 availability-service Attributes
Attribute |
Default |
Description |
---|---|---|
true |
(optional) If set to true, high-availability features apply to all applications deployed to the server instance that do not have availability disabled. All instances in a cluster should have the same availability value to ensure consistent behavior. |
|
none |
Specifies a comma-separated list of server host names or IP addresses where management agents for the high availability store are running. Applicable if HADB is installed and you have selected the enterprise profile. |
|
none |
Specifies the port number where management agents for the high availability store can be contacted. Applicable if HADB is installed and you have selected the enterprise profile. |
|
asadmin password |
Specifies the password for access to management agents for the high availability store. Applicable if HADB is installed and you have selected the enterprise profile. |
|
cluster name |
(optional) Specifies the HADB database name. Applicable if HADB is installed and you have selected the enterprise profile. |
|
true |
(optional) If true, the life cycle of the highly available store is matched with the life cycle of the highly available cluster. The store is started or stopped with the cluster. It is removed when the cluster is deleted. If false, the store life cycle must be manually managed by the administrator. Applicable if HADB is installed and you have selected the enterprise profile. |
|
jdbc/hastore |
(optional) Specifies the jndi-name of the jdbc-resource used for connections to the HADB for session persistence. Applicable if HADB is installed and you have selected the enterprise profile. For more information about setting up a connection pool and JDBC resource for the HADB, see the description of the configure-ha-cluster command in the Sun GlassFish Enterprise Server 2.1 Reference Manual. |
|
false |
(optional) If true, periodic checking is done to detect if the HADB has become available again after a failure. If the health check succeeds, persistence to the HADB is resumed. Applicable if HADB is installed and you have selected the enterprise profile. |
|
5 |
(optional) Specifies the interval at which the HADB's health is checked. The checking begins only after a failure is detected. Applicable if HADB is installed and you have selected the enterprise profile. |
The following table describes properties for the availability-service element. For more information about replicated session persistence, see web-container-availability and ejb-container-availability.
Table 1–21 availability-service Properties
Attribute |
Default |
Description |
||
---|---|---|---|---|
false |
If true, logs measurements of replication times. One of these messages appears in the sending instance's log:
This message appears in the receiving instance's log:
|
|||
1 |
Specifies the frequency of measurement of replication. It must be a positive integer: 1 means every replication, 2 means once every 2 replications, 3 means once every 3 replications, and so on. Applicable only if replication_measurement_enabled is set to true. |