Maps the principal received during servlet or EJB authentication to the credentials accepted by the EIS.
The following table describes subelements for the security-map element.
Table 1–160 security-map Subelements| Element | Required | Description | 
|---|---|---|
| one or more | Contains the principal of the servlet or EJB client. | |
| one or more | Contains the group to which the principal belongs. | |
| only one | Specifies the user name and password required by the EIS. | 
The following table describes attributes for the security-map element.
Table 1–161 security-map Attributes| Attribute | Default | Description | 
|---|---|---|
| none | Specifies a name for the security mapping. | 
Defines parameters and configuration information needed by the Java EE security service. For SSL configuration, see ssl. For connector module security, see security-map.
The following table describes subelements for the security-service element.
Table 1–162 security-service Subelements| Element | Required | Description | 
|---|---|---|
| one or more | Defines a realm for authentication. | |
| one or more | Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization. | |
| zero or more | Specifies an optional plug-in module that implements audit capabilities. | |
| zero or more | Specifies configurations for message security providers. | |
| zero or more | Specifies a property or a variable. | 
The following table describes attributes for the security-service element.
Table 1–163 security-service Attributes| Attribute | Default | Description | 
|---|---|---|
| file | (optional) Specifies the active authentication realm (an auth-realm name attribute) for this server instance. | |
| none | (optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation. | |
| none | (optional) The password of the default principal. This attribute need not be set for normal server operation. | |
| attribute is deprecated | (optional) Deprecated. Do not use. | |
| false | (optional) If true, additional access logging is performed to provide audit information. Audit information consists of: 
 | |
| default | (optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider. | |
| default | (optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module. | |
| false | (optional) Applies a default principal for role mapping to any application that does not have an application-specific mapping defined. Every role is mapped to an instance of a java.security.Principal implementation class defined by mapped-principal-class. This class has the same name as the role. | |
| com.sun.enterprise.deployment.Group | (optional) Customizes the java.security.Principal implementation class used when activate-default-principal-to-role-mapping is set to true. | 
Defines a server instance, which is a Java EE compliant container. One server instance is specially designated as a domain administration server (DAS). The admin-service subelement of the config element referenced by a server's config-ref attribute determines whether the server is the DAS.
Server instances are not the same thing as virtual servers. Each server instance is a completely separate server that contains one or more virtual servers.
The following table describes subelements for the server element.
Table 1–164 server Subelements| Element | Required | Description | 
|---|---|---|
| zero or more | References an application or module deployed to the server instance. | |
| zero or more | References a resource deployed to the server instance. | |
| zero or more | Specifies a system property. | |
| zero or more | Specifies a property or a variable. | 
The following table describes attributes for the server element.
Table 1–165 server Attributes| Attribute | Default | Description | 
|---|---|---|
| none | Specifies the name of the server instance. | |
| default config element’s name, server-config | (optional) References the name of the config used by the server instance. | |
| node agent created when the server instance was created | (optional) References the name of the node-agent used by the server instance. | |
| 100 | (optional) Specifies a server instance's relative weight for load balancing. Each server instance in a cluster has a weight, which represents the relative processing capacity of that instance. Weighted load balancing policies use this weight for load balancing requests within the cluster. It is the responsibility of the administrator to set the relative weights correctly, keeping in mind deployed hardware capacity. | 
References a server instance.
Some topics in the documentation pertain to features that are available only in domains that are configured to support clusters. Examples of domains that support clusters are domains that are created with the cluster profile or the enterprise profile. For information about profiles, see Usage Profiles in Sun GlassFish Enterprise Server v2.1.1 Administration Guide.
The following table describes subelements for the server-ref element.
Table 1–166 server-ref Subelements| Element | Required | Description | 
|---|---|---|
| zero or one | Defines a health checker for the referenced server instance. | 
The following table describes attributes for the server-ref element.
Table 1–167 server-ref Attributes| Attribute | Default | Description | 
|---|---|---|
| none | References the name attribute of a server element. | |
| 30 | (optional) Specifies the time it takes this server instance to reach a quiescent state after having been disabled. | |
| false | (optional) If true, all load-balancers that reference this server instance consider it available to them. | |
| enabled | true | (optional) Determines whether the server instance is enabled. | 
Contains server instances.
The following table describes subelements for the servers element.
Table 1–168 servers Subelements| Element | Required | Description | 
|---|---|---|
| only one (developer profile) zero or more (cluster and enterprise profiles) | Defines a server instance. | 
Specifies session configuration information for the entire web container. Individual web applications can override these settings using the corresponding elements in their sun-web.xml files.
The following table describes subelements for the session-config element.
Table 1–169 session-config Subelements| Element | Required | Description | 
|---|---|---|
| zero or one | Specifies session manager configuration information. | |
| zero or one | Specifies session properties. | 
Specifies session manager information.
The session manager interface is unstable. An unstable interface might be experimental or transitional, and hence might change incompatibly, be removed, or be replaced by a more stable interface in the next release.
The following table describes subelements for the session-manager element.
Table 1–170 session-manager Subelements| Element | Required | Description | 
|---|---|---|
| zero or one | Specifies session manager properties. | |
| zero or one | Specifies session persistence (storage) properties. | 
Specifies session properties.
The following table describes subelements for the session-properties element.
Table 1–171 session-properties Subelements| Element | Required | Description | 
|---|---|---|
| zero or more | Specifies a property or a variable. | 
The following table describes properties for the session-properties element.
Table 1–173 session-properties Properties| Property | Default | Description | 
|---|---|---|
| true | Uses cookies for session tracking if set to true. | |
| true | Enables URL rewriting. This provides session tracking via URL rewriting when the browser does not accept cookies. You must also use an encodeURL or encodeRedirectURL call in the servlet or JavaServer PagesTM (JSPTM) page. | |
| 128 | Specifies the number of bytes in this web module’s session ID. | 
Defines SSL (Secure Socket Layer) parameters.
An ssl element is required inside an http-listener or iiop-listener element that has its security-enabled attribute set to on.
The grandparent http-service element has properties that configure global SSL settings.
http-listener, iiop-listener, jmx-connector, ssl-client-config
none
The following table describes attributes for the ssl element.
Table 1–174 ssl Attributes| Attribute | Default | Description | 
|---|---|---|
| s1as | The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional. | |
| false | (optional) Determines whether SSL2 is enabled. If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. | |
| none | (optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3. | |
| true | (optional) Determines whether SSL3 is enabled. The default is true . If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption. | |
| none | (optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5 . Allowed values are SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_RC4_128_SHA, and SSL_RSA_WITH_NULL_SHA. Values available in previous releases are supported for backward compatibility. | |
| true | (optional) Determines whether TLS is enabled. | |
| true | (optional) Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. For more information, see theSun GlassFish Enterprise Server v2.1.1 Administration Guide. | |
| false | (optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control. | 
Defines SSL parameters for the ORB when it makes outbound SSL connections and behaves as a client.
The following table describes subelements for the ssl-client-config element.
Table 1–175 ssl-client-config Subelements| Element | Required | Description | 
|---|---|---|
| only one | Defines SSL parameters. | 
Specifies session persistence (storage) properties.
The following table describes subelements for the store-properties element.
Table 1–176 store-properties Subelements| Element | Required | Description | 
|---|---|---|
| zero or more | Specifies a property or a variable. | 
| Attribute | Default | Description | 
|---|---|---|
| domain-dir/generated/jsp/j2ee-apps/appname/appname_war | (optional) Specifies the absolute or relative pathname of the directory into which individual session files are written. A relative path is relative to the temporary work directory for this web application. Applicable only if the persistence-type attribute of the web-container-availability element is file. | |
| 60 | (optional) Not implemented. Use the reap-interval-in-seconds attribute of the manager-properties element instead. | 
Specifies a system property. A system property defines a common value for a setting at one of these levels, from highest to lowest: domain, cluster, server, or config. A value set at a higher level can be overridden at a lower level. Some system properties are predefined; see system-property. You can also create system properties using this element.
The following example shows the use of a predefined system property:
<log-service file="${com.sun.aas.instanceRoot}/logs/server.log">
    <module-log-levels admin=INFO .../>
</log-service>
The following example shows the creation and use of a system property:
<config name="config1">
    ...
    <http-service>
        ...
        <http-listener id="ls1" host="0.0.0.0" port="${ls1-port}"/>
        ...
    </http-service>
    ...
    <system-property name="ls1-port" value="8080"/>
</config>
cluster, config, domain, server
The following table describes subelements for the system-property element.
Table 1–178 system-property Subelements| Element | Required | Description | 
|---|---|---|
| zero or one | Contains a text description of this element. | 
The following table describes attributes for the system-property element.
Table 1–179 system-property Attributes| Attribute | Default | Description | 
|---|---|---|
| none | Specifies the name of the system property. | |
| none | Specifies the value of the system property. | 
The following table lists predefined system properties.
Table 1–180 Predefined System Properties| Property | Default | Description | 
|---|---|---|
| com.sun.aas.installRoot | depends on operating system | Specifies the directory where the Enterprise Server is installed. | 
| com.sun.aas.instanceRoot | depends on operating system | Specifies the top level directory for a server instance. | 
| com.sun.aas.hostName | none | Specifies the name of the host (machine). | 
| com.sun.aas.javaRoot | depends on operating system | Specifies the installation directory for the Java runtime. | 
| com.sun.aas.imqLib | depends on operating system | Specifies the library directory for the Sun GlassFish Message Queue software. | 
| com.sun.aas.configName | server-config | Specifies the name of the config used by a server instance. | 
| com.sun.aas.instanceName | server1 | Specifies the name of the server instance. This property is not used in the default configuration, but can be used to customize configuration. | 
| com.sun.aas.clusterName | cluster1 | Specifies the name of the cluster. This property is only set on clustered server instances. This property is not used in the default configuration, but can be used to customize configuration. | 
| com.sun.aas.domainName | domain1 | Specifies the name of the domain. This property is not used in the default configuration, but can be used to customize configuration. |