Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Domains: Configuration: Web Applications

Configuration Options     Related Tasks     Related Topics

Use this page to define the domain-wide Web application configuration settings.

Configuration Options

Name Description
Relogin Enabled

Beginning with the 9.0 release, the FORM/BASIC authentication behavior has been modified to conform strictly to the Java EE Specification. If a user has logged-in but does not have privileges to access a resource, the 403 (FORBIDDEN) page will be returned. Turn this flag on to enable the old behavior, which was to return the user to the login form.

MBean Attribute:
WebAppContainerMBean.ReloginEnabled

Changes take effect after you redeploy the module or restart the server.

Allow All Roles

In the security-constraints elements defined in a web application's web.xml deployment descriptor, the auth-constraint element indicates the user roles that should be permitted access to this resource collection. Here role-name = "*" is a compact syntax for indicating all roles in the Web application. In previous releases, role-name = "*" was treated as all users/roles defined in the realm.

This parameter is a backward-compatibility switch to restore old behavior. Default behavior is one required by the specification, meaning all roles defined in the web application.

If set, the value defined in weblogic.xml (container-descriptor -> allow-all-roles) takes precedence (if set) over this value.

MBean Attribute:
WebAppContainerMBean.AllowAllRoles

Changes take effect after you redeploy the module or restart the server.

Filter Dispatched Requests

Indicates whether or not to apply filters to dispatched requests. This is a backward compatibility flag. Until version 8.1, WebLogic Server applied ServletFilters (if configured for the web application) on request dispatches (and includes/forwards). Servlet 2.4 has introduced the "Dispatcher" element to make this behavior explicit. The default value is Dispatcher=REQUEST. In order to be compliant with the Java EE specification, the default value for FilterDispatchedRequestsEnabled is false beginning with WebLogic Server 9.0. Note that if you are using old descriptors (meaning web.xml does not have version=2.4), then WebLogic Server automatically uses FilterDispatchedRequestsEnabled = true for the web applications, unless filter-dispatched-requests-enabled is explicitly set to false in weblogic.xml. This means that old applications will work fine without any modification. Additionally, during migration of old domains to the 9.0 domain, the migration plug-in automatically sets this flag to true.

MBean Attribute:
WebAppContainerMBean.FilterDispatchedRequestsEnabled

Changes take effect after you redeploy the module or restart the server.

Overload Protection Enabled

This parameter is used to enable overload protection in the web application container against low memory conditions. When a low memory situation occurs, new session creation attempts will result in weblogic.servlet.SessionCreationException. The application code needs to catch this exception and take proper action. Alternatively appropriate error-pages can be configured in web.xml against weblogic.servlet.SessionCreationException. This check is performed only on memory and replicated sessions.

MBean Attribute:
WebAppContainerMBean.OverloadProtectionEnabled

X-Powered-By Header

WebLogic Server uses the X-Powered-By HTTP header, as recommended by the Servlet 3.1 specification, to publish its implementation information.

Following are the options:

  • "NONE" (default): X-Powered-By header will not be sent

  • "SHORT": "Servlet/3.1 JSP/2.3"

  • "MEDIUM": "Servlet/3.1 JSP/2.3 (WebLogic/12.2)"

  • "FULL": "Servlet/3.1 JSP/2.3 (WebLogic/12.2 JDK/1.8)"

MBean Attribute:
WebAppContainerMBean.XPoweredByHeaderLevel

Mime Mapping File

Returns the name of the file containing mime-mappings for the domain.

The Format of the file should be: extension=mime-type

For Example:

htm=text/html

gif=image/gif

jpg=image/jpeg

If this file does not exist, WebLogic Server uses an implicit mime-mapping set of mappings defined in weblogic.utils.http.HttpConstants (DEFAULT_MIME_MAPPINGS). To remove a mapping defined in implicit map, set it to blank.

MBean Attribute:
WebAppContainerMBean.MimeMappingFile

Changes take effect after you redeploy the module or restart the server.

Optimistic Serialization

When OptimisticSerialization is turned on, WebLogic Server does not serialize-deserialize context and request attributes upon getAttribute(name) when a request gets dispatched across servlet contexts. This means you will need to make sure that the attributes common to web applications are scoped to a common parent classloader (they are application-scoped) or placed in the system classpath if the two web applications do not belong to the same application. When OptimisticSerialization is turned off (which is the default), WebLogic Server does serialize-deserialize context and request attributes upon getAttribute(name) to avoid the possibility of ClassCastExceptions. The value of OptimisticSerialization can also be overridden for specific web applications by setting the optimistic-serialization value in weblogic.xml.

MBean Attribute:
WebAppContainerMBean.OptimisticSerialization

Changes take effect after you redeploy the module or restart the server.

Error on Name request time value

Global property which determines the behavior of the JSP compiler when a jsp:param attribute "name" has a request time value. Without this property set to "true", the JSP compiler throws an error for a JSP using a request time value for the "name" attribute as mandated by the JSP 2.0 specification. This property exists for backward compatibility.

MBean Attribute:
WebAppContainerMBean.RtexprvalueJspParamName

Changes take effect after you redeploy the module or restart the server.

Client Cert Proxy Enabled

Specifies whether or not to honor the WL-Proxy-Client-Cert header coming with the request.

MBean Attribute:
WebAppContainerMBean.ClientCertProxyEnabled

Changes take effect after you redeploy the module or restart the server.

Http Trace Support Enabled

Returns the value of HttpTraceSupportEnabled.

MBean Attribute:
WebAppContainerMBean.HttpTraceSupportEnabled

WebLogic Plugin Enabled

Specifies whether or not the proprietary WL-Proxy-Client-IP header should be honored. (This is needed only when WebLogic Server plug-ins are configured.)

MBean Attribute:
WebAppContainerMBean.WeblogicPluginEnabled

Auth Cookie Enabled

Specifies whether the AuthCookie feature is enabled or not.

MBean Attribute:
WebAppContainerMBean.AuthCookieEnabled

Secure value: true

Change Session ID On Authentication

Global property to determine if we need to generate a new SessionID after authentication. When this property is set to "false", the previous sessionID will be retained even after authorization.

MBean Attribute:
WebAppContainerMBean.ChangeSessionIDOnAuthentication

Changes take effect after you redeploy the module or restart the server.

WAP Enabled

Indicates whether the session ID should include JVM information. (Checking this box may be necessary when using URL rewriting with WAP devices that limit the size of the URL to 128 characters, and may also affect the use of replicated sessions in a cluster.) When this box is selected, the default size of the URL will be set at 52 characters, and it will not contain any special characters.

MBean Attribute:
WebAppContainerMBean.WAPEnabled

Post Timeout

The amount of time this server waits between receiving chunks of data in an HTTP POST data before it times out. (This is used to prevent denial-of-service attacks that attempt to overload the server with POST data.)

MBean Attribute:
WebAppContainerMBean.PostTimeoutSecs

Minimum value: 0

Maximum value: 120

Secure value: 30

Maximum Post Time

Maximum post time (in seconds) for reading HTTP POST data in a servlet request. MaxPostTime < 0 means unlimited

MBean Attribute:
WebAppContainerMBean.MaxPostTimeSecs

Maximum Post Size

The maximum post size this server allows for reading HTTP POST data in a servlet request. A value less than 0 indicates an unlimited size.

MBean Attribute:
WebAppContainerMBean.MaxPostSize

Work Context Propagation Enabled

Indicates whether or not WorkContextPropagation is enabled. By default, it is turned on. There is a little overhead involved in propagating WorkContexts. Therefore, if you don't want WorkContext propagation, turn this value off in production environments.

MBean Attribute:
WebAppContainerMBean.WorkContextPropagationEnabled

P3P Header Value

Returns the P3P header value that will be sent with all responses for HTTP requests (if non-null). The value of this header points to the location of the policy reference file for the website.

Alternatively, a servlet filter can be used to set the P3P header.

MBean Attribute:
WebAppContainerMBean.P3PHeaderValue

Changes take effect after you redeploy the module or restart the server.

JSP Compiler Backwards Compatible

Global property to determine the behavior of the JSP compiler. When this property set to "true", the JSP compiler throws a translation error for JSPs that do not conform to the JSP2.0 specification. This property exists for backward compatibility.

MBean Attribute:
WebAppContainerMBean.JSPCompilerBackwardsCompatible

Changes take effect after you redeploy the module or restart the server.

Archived Real Path Enabled

Global property to determine the behavior of getRealPath() for archived web applications. When this property is set to "true", getRealPath() will return the canonical path of the resource files.

MBean Attribute:
WebAppContainerMBean.ShowArchivedRealPathEnabled

Changes take effect after you redeploy the module or restart the server.

GZIP Compression Enabled

This global property determines whether or not the container should provide GZIP compression.

MBean Attribute:
GzipCompressionMBean.GzipCompressionEnabled

GZIP Compression Min. Content Length

Returns the minimum content length to trigger GZIP compression. This allows you to bypass small-sized resources where compression does not yield a great return and uses unnecessary CPU.

MBean Attribute:
GzipCompressionMBean.GzipCompressionMinContentLength

GZIP Compression Content Type

Returns the type of content to be included in compression.

MBean Attribute:
GzipCompressionMBean.GzipCompressionContentType

Maximum header compression table size

The server's maximum size of the header compression table used to decode header blocks, in octets.

MBean Attribute:
Http2ConfigMBean.HeaderTableSize

Maximum no. of concurrent streams

The maximum number of concurrent streams that the server will allow. This limit is directional: it applies to the number of streams that the server permits the receiver to create.

MBean Attribute:
Http2ConfigMBean.MaxConcurrentStreams

Initial window size

The server's initial window size (in octets) for stream-level flow control. This setting affects the window size of all streams.

MBean Attribute:
Http2ConfigMBean.InitialWindowSize

Maximum frame size

The size of the largest frame payload that the server is willing to receive, in octets.

MBean Attribute:
Http2ConfigMBean.MaxFrameSize

Maximum size of header list

The maximum size of header list that the server is prepared to accept, in octets. The value is based on the uncompressed size of header fields, including the length of the name and value in octets plus an overhead of 32 octets for each header field.

MBean Attribute:
Http2ConfigMBean.MaxHeaderListSize

Related Tasks

Related Topics


Back to Top