format

%client.name% %auth-user-name% %datetime% %request% %status% %response.length%

(optional) Specifies the format of the access log. For a complete list of token values you can use in the format, see the online help for the Access Log tab of the HTTP Service page in the Administration Console. 

rotation-policy

time

(optional) Specifies the condition that triggers log rotation. The only legal value is time, which rotates log files at the rotation-interval-in-minutes interval.

rotation-interval-in-minutes

15

(optional) Specifies the time interval between log rotations if rotation-policy is set to time.

rotation-suffix

yyyy-MM-dd

(optional) Specifies the format of the timestamp appended to the access log name when log rotation occurs.  

For supported formats, see http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html.

The following value is supported for backward compatibility. It results in the same format as the default. 

%YYYY;%MM;%DD;-%hh;h%mm;m%ss;s

rotation-enabled

true

(optional) If true, enables log rotation.

jmx-connector

zero or more 

Configures a JSR 160/255 compliant remote JMX connector, which responds to JConsole port 8686. 

das-config

only one 

Defines a domain administration server configuration. 

property

zero or more 

Specifies a property or a variable. 

type

das-and-server

Specifies whether the server instance is a regular instance (server), a domain administration server (das), or a combination (das-and-server). modifying this value is not recommended.

system-jmx-connector-name

none 

Specifies the name of the internal jmx-connector.

engine

one or more 

Configures an engine. 

property

zero or more 

Specifies a property or a variable. 

name

none 

The name of the application. 

description

none 

(optional) Specifies a text description of this element. 

location

none 

The location of the application in the Enterprise Server file system. If a relative path is specified, it is relative to the domain-dir/applications/ directory.

Deployment directories may change between Enterprise Server releases.

object-type

system-admin

(optional) Defines the type of the resource. Allowed values are: 

• system-all - A system resource for all server instances and the domain application server.

• system-admin - A system resource only for the domain application server.

• system-instance - A system resource for all server instances only.

• user - A user resource.

enabled

true

(optional) Determines whether the application is enabled. 

context-root

none 

The context root at which the application is deployed. The context root can be the empty string or just /. The context root can start with the / character, but doesn’t have to.

directory-deployed

false

(optional) Specifies whether the application has been deployed as a directory. 

enabled

true

(optional) Determines whether the application or module is enabled. 

virtual-servers

all virtual servers 

(optional) In a comma-separated list, references id attributes of the virtual-server elements to which the web application is deployed.

If you deploy a web application and don't specify any assigned virtual servers, the web application is assigned to all currently defined virtual servers. If you then create additional virtual servers and want to assign existing web applications to them, you must redeploy the web applications. For more information about deployment, see the Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.

disable-timeout-in-minutes

30

(optional) Specifies the time it takes this application to reach a quiescent state after having been disabled. 

ref

none 

References the name attribute of an application element.

application

zero or more 

Specifies an application. 

property

zero or more 

Specifies a property or a variable. 

name

default

Specifies the name of this audit module. 

classname

com.sun.enterprise.security.Audit

Specifies the Java class that implements this audit module. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of this realm. 

classname

none 

Specifies the Java class that implements this realm. 

jaas-context

all 

Specifies the JAAS (Java Authentication and Authorization Service) context. 

file

file

Specifies the file that stores user names, passwords, and group names. The default is domain-dir/config/keyfile.

assign-groups

all 

(optional) If this property is set, its value is taken to be a comma-separated list of group names. All clients who present valid certificates are assigned membership to these groups for the purposes of authorization decisions in the web and EJB containers.

directory

ldap

Specifies the LDAP URL to your server. 

base-dn

ldap

Specifies the LDAP base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. 

search-filter

ldap

(optional) Specifies the search filter to use to find the user. The default is uid=%s (%s expands to the subject name).

group-base-dn

ldap

(optional) Specifies the base DN for the location of groups data. By default, it is same as the base-dn, but it can be tuned, if necessary.

group-search-filter

ldap

(optional) Specifies the search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN).

group-target

ldap

(optional) Specifies the LDAP attribute name that contains group name entries. The default is CN.

search-bind-dn

ldap

(optional) Specifies an optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search.

search-bind-password

ldap

(optional) Specifies the LDAP password for the DN given in search-bind-dn .

datasource-jndi

jdbc

Specifies the jndi-name of the jdbc-resource for the database.

user-table

jdbc

Specifies the name of the user table in the database. 

user-name-column

jdbc

Specifies the name of the user name column in the database's user table. 

password-column

jdbc

Specifies the name of the password column in the database's user table. 

group-table

jdbc

Specifies the name of the group table in the database. 

group-name-column

jdbc

Specifies the name of the group name column in the database's group table. 

db-user

jdbc

(optional) Allows you to specify the database user name in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used.

db-password

jdbc

(optional) Allows you to specify the database password in the realm instead of the jdbc-connection-pool. This prevents other applications from looking up the database, getting a connection, and browsing the user table. By default, the jdbc-connection-pool configuration is used.

digest-algorithm

jdbc

(optional) Specifies the digest algorithm. The default is MD5. You can use any algorithm supported in the JDK, or none.

encoding

jdbc

(optional) Specifies the encoding. Allowed values are Hex and Base64. If digest-algorithm is specified, the default is Hex. If digest-algorithm is not specified, by default no encoding is specified.

charset

jdbc

(optional) Specifies the charset for the digest algorithm. 

iiop-service

only one 

Configures the IIOP service. 

admin-service

only one 

Determines whether the server to which the configuration applies is an administration server. 

web-container

only one 

Configures the web container. 

ejb-container

only one 

Configures the Enterprise JavaBeans^TM (EJB^TM) container.

mdb-container

only one 

Configures the message-driven bean (MDB) container. 

jms-service

zero or one 

Configures the Java Message Service (JMS) provider. 

log-service

only one 

Configures the system logging service. 

security-service

only one 

Configures the Java EE security service. 

transaction-service

only one 

Configures the transaction service. 

monitoring-service

only one 

Configures the monitoring service. 

java-config

only one 

Configures the Virtual Machine for the Java platform (JVM^TM software).

thread-pools

only one 

Configures thread pools. 

system-property

zero or more 

Specifies a system property. 

property

zero or more 

Specifies a property or a variable. 

name

server-config

Specifies the name of the configuration. 

dynamic-reconfiguration-enabled

true

(optional) If true, any changes to the system (for example, applications deployed, resources created) are automatically applied to the affected servers without a restart being required. If false, such changes are only picked up by the affected servers when each server restarts.

config

only one 

Defines a configuration. 

queue-size-in-bytes

4096

(optional) Specifies the maximum number of messages that can be queued until threads are available to process them for http-listener elements. A value of -1 specifies no limit.

max-pending-count

4096

(optional) Specifies the maximum number of pending connections on an http-listener.

receive-buffer-size-in-bytes

4096

(optional) Specifies the size of the receive buffer for all http-listener elements.

send-buffer-size-in-bytes

8192

(optional) Specifies the size of the send buffer for all http-listener elements.

property

zero or more 

Specifies a property or a variable. 

dynamic-reload-enabled

true

(optional) If true, checks the timestamp on a .reload file at every module and application directory level, to trigger dynamic reloading.

dynamic-reload-poll-interval-in-seconds

2

(optional) Controls the polling frequency of dynamic reloading. 

autodeploy-enabled

true

(optional) If true, enables autodeployment, which lets you quickly deploy applications and modules to a running Enterprise Server without performing an explicit server instance restart or a separate deployment operation.

autodeploy-polling-interval-in-seconds

2

(optional) Controls the polling frequency of autodeployment. 

autodeploy-dir

autodeploy

(optional) Specifies the source directory (absolute or relative to domain-dir) in which autodeployment looks for deployable components.

autodeploy-verifier-enabled

false

(optional) If true, the verifier is run before autodeployment. If verification fails, deployment is not performed.

autodeploy-jsp-precompilation-enabled

false

(optional) If true, JSP pages are precompiled during autodeployment.

auto-deploy-retry-timeout

4

(optional) Specifies the number of autodeployment retry attempts before autodeployment times out. 

deploy-xml-validation

full

(optional) Specifies the type of XML validation performed on standard and Enterprise Server deployment descriptors: 

• full - If XML validation fails, deployment fails.

• parsing - XML validation errors are reported but deployment occurs.

• none - No XML validation is performed.

admin-session-timeout-in-minutes

sun-web.xml timeoutSeconds property value or web.xml session-timeout attribute value

(optional) Specifies the Administration Console timeout. 

system-applications

zero or one 

Contains system applications. 

applications

zero or one 

Contains deployed Java EE applications, Java EE modules, and lifecycle modules. 

resources

zero or one 

Contains configured resources. 

configs

only one 

Contains configurations. 

servers

only one 

Contains server instances. 

system-property

zero or more 

Specifies a system property. 

property

zero or more 

Specifies a property or a variable. 

application-root

domain-dir/applications

(optional) Specifies the absolute path where deployed applications reside for this domain.

log-root

domain-dir/logs

(optional) Specifies where the domain’s log files are kept. The directory in which the log is kept must be writable by whatever user account the server runs as. See the log-service description for details about logs.

locale

operating system default 

(optional) Specifies the domain’s language. 

ejb-timer-service

zero or one 

Configures the EJB timer service. 

property

zero or more 

Specifies a property or a variable. 

steady-pool-size

32

(optional) Specifies the initial and minimum number of beans maintained in the pool. Must be 0 or greater and less than max-pool-size .

Bean instances are removed from the pool and returned after use. The pool is replenished or cleaned up periodically to maintain this size. 

Applies to stateless session beans and entity beans. 

pool-resize-quantity

16

(optional) Specifies the number of beans to be removed when the pool-idle-timeout-in-seconds timer expires. A cleaner thread removes any unused instances.

Must be 0 or greater and less than max-pool-size . The pool is not resized below the steady-pool-size.

Applies to stateless session beans and entity beans. 

max-pool-size

64

(optional) Specifies the maximum number of beans that can be created to satisfy client requests. A value of 0 indicates an unbounded pool.

Applies to stateless session beans and entity beans. 

cache-resize-quantity

32

(optional) Specifies the number of beans to be: 

• created if a request arrives when the pool has no available beans (subject to the max-cache-size limit)

• passivated when the cache-idle-timeout-in-seconds timer expires and a cleaner thread removes any unused instances, or when the cache size exceeds max-cache-size.

  Must be greater than 1 and less than max-cache-size.

  Applies to entity beans.

max-cache-size

512

(optional) Specifies the maximum number of beans in the cache. A value of 0 indicates an unbounded cache.

Applies to entity beans. 

pool-idle-timeout-in-seconds

600

(optional) Specifies the maximum time that a bean can remain idle in the pool. After this amount of time, the pool can remove this bean. A value of 0 specifies that idle beans can remain in the pool indefinitely.

Applies to stateless session beans and entity beans. 

cache-idle-timeout-in-seconds

600

(optional) Specifies the maximum time that a bean can remain idle in the cache. After this amount of time, the container can passivate this bean. A value of 0 specifies that beans never become candidates for passivation.

Applies to entity beans. 

removal-timeout-in-seconds

5400

(optional) Specifies the amount of time that a bean can remain passivated before it is removed from the session store. A value of 0 specifies that the container does not remove inactive beans automatically.

If removal-timeout-in-seconds is less than or equal to cache-idle-timeout-in-seconds, beans are removed immediately without being passivated.

The session-store attribute of the server element determines the location of the session store.

Applies to stateful session beans. 

This attribute is not implemented for GlassFish v3 Prelude.

victim-selection-policy

nru

(optional) Specifies how stateful session beans are selected for passivation. Allowed values are fifo, lru, and nru :

• fifo - Selects the oldest instance.

• lru - Selects the least recently accessed instance.

• nru - Selects a not recently used instance.

This attribute is not implemented for GlassFish v3 Prelude.

commit-option

B

(optional) Determines which commit option is used for entity beans. Legal values are B or C.

This attribute is not implemented for GlassFish v3 Prelude.

session-store

domain-dir/session-store

(optional) Specifies the directory where passivated stateful session beans and persisted HTTP sessions are stored in the file system. 

This attribute is not implemented for GlassFish v3 Prelude.

property

zero or more 

Specifies a property or a variable. 

minimum-delivery-interval-in-millis

7000

(optional) Specifies the minimum time before an expiration for a particular timer can occur. This guards against extremely small timer increments that can overload the server. 

max-redeliveries

1

(optional) Specifies the maximum number of times the EJB timer service attempts to redeliver a timer expiration due for exception or rollback. 

timer-datasource

jdbc/__TimerPool

(optional) Overrides, for the server instance, the cmp-resource value specified in sun-ejb-jar.xml for the timer service system application (__ejb_container_timer_app ).

This attribute is not implemented for GlassFish v3 Prelude.

redelivery-interval-internal-in-millis

5000

(optional) Specifies how long the EJB timer service waits after a failed ejbTimeout delivery before attempting a redelivery.

property

zero or more 

Specifies a property or a variable. 

sniffer

none 

Specifies the type of sniffer. Allowed values are as follows: 

• web — Specifies that the parent application is a web application.

• security — Specifies that security is enabled for the parent application.

• jpa — Specifies that the parent application uses the Java Persistence API.

• ejb — Specifies that the parent application includes an EJB module. The EJB container add-on component must be installed in the Enterprise Server.

• webservices — Specifies that the parent application is a web service endpoint. The Metro add-on component must be installed in the Enterprise Server.

• jruby — Specifies that the parent application is a JRuby application. The JRuby add-on component must be installed in the Enterprise Server.

log-directory

${com.sun.aas.instanceRoot}/logs/access

(optional) Specifies the location of the access log file. The ${com.sun.aas.instanceRoot} system property refers to the domain-dir. See system-property.

iponly

true

(optional) If true, specifies that only the IP address of the user agent is listed. If false, performs a DNS lookup.

globally-enabled

false

(optional) If true, enables the file cache.

file-caching-enabled

false

(optional) If true, enables caching of the file content if the file size exceeds the small-file-size-limit-in-bytes.

max-age-in-seconds

30

(optional) Specifies the maximum age of a file cache entry. 

medium-file-size-limit-in-bytes

537600

(optional) Specifies the maximum size of a file that can be cached as a memory mapped file. 

medium-file-space-in-bytes

1048576

(optional) Specifies the total size of all files that are cached as memory mapped files. 

small-file-size-limit-in-bytes

2048

(optional) Specifies the maximum size of a file that can be read into memory. 

small-file-space-in-bytes

1048576

(optional) Specifies the total size of all files that are read into memory. 

file-transmission-enabled

false

(optional) If true, enables the use of TransmitFileSystem calls. Meaningful only for Windows.

max-files-count

1024

(optional) Specifies the maximum number of files in the file cache. 

hash-init-size

0

(optional) Specifies the initial number of hash buckets. 

ssl

zero or one 

Defines Secure Socket Layer (SSL) parameters. 

property

zero or more 

Specifies a property or a variable. 

id

none 

The unique listener name. An http-listener name cannot begin with a number.

address

none 

IP address of the listener. Can be in dotted-pair or IPv6 notation. Can be any (for INADDR_ANY) to listen on all IP addresses. Can be a hostname.

port

none 

Port number on which the listener listens. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges. Configuring an SSL listener to listen on port 443 is standard.

external-port

none 

(optional) Specifies the external port on which the connection is made. 

family

(optional) Deprecated. Do not use. 

blocking-enabled

false

(optional) If true, uses a blocking socket for servicing a request.

acceptor-threads

1

(optional) Specifies the number of processors in the machine.  

To set the number of request processing threads, use the thread-count attribute of the request-processing element.

security-enabled

false

(optional) Determines whether the listener runs SSL. To turn SSL2 or SSL3 on or off and set ciphers, use an ssl subelement.

default-virtual-server

none 

References the id attribute of the default virtual-server for this particular listener.

server-name

none 

Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn’t affect the URLs for directories and files stored in the server. If your server uses an alias, the server-name should be the alias name.

If a colon and port number are appended, that port is used in URLs the server sends to the client. 

If load balancing is enabled, use the server name of the load balancer. 

redirect-port

none 

(optional) If the listener is supporting non-SSL requests and a request is received for which a matching <security-constraint> requires SSL transport, the request is automatically redirected to the port number specified here.

If load balancing is enabled, use the redirect port of the load balancer. 

xpowered-by

true

(optional) If true, X-Powered-By headers are used according to the Servlet 2.4 and JSP 2.0 specifications.

enabled

true

(optional) Determines whether the listener is active. If set to false, any attempts to connect to the listener result in a socket exception (java.net.ConnectException).

In Enterprise Server versions prior to 9.1, a listener whose enabled attribute was set to false returned a 404 response code for any requests sent to it. To achieve this behavior in the current Enterprise Server version, set the listener's enabled attribute to true, and set every associated virtual server's state to off. A virtual-server lists its associated listeners in its http-listeners attribute.

recycle-objects

true

If true, recycles internal objects instead of using the VM garbage collector.

reader-threads

0

Specifies the number of reader threads, which read bytes from the non-blocking socket. 

acceptor-queue-length

4096

Specifies the length of the acceptor thread queue. Once full, connections are rejected. 

reader-queue-length

4096

Specifies the length of the reader thread queue. Once full, connections are rejected. 

use-nio-direct-bytebuffer

true

If true, specifies that the NIO direct ByteBuffer is used. In a limited resource environment, it might be faster to use non-direct Java's ByteBuffer by setting a value of false.

authPassthroughEnabled

false

If true, indicates that this http-listener element receives traffic from an SSL-terminating proxy server. Overrides the authPassthroughEnabled property of the parent http-service element.

proxyHandler

com.sun.enterprise.web.ProxyHandlerImpl

Specifies the fully qualified class name of a custom implementation of the com.sun.appserv.ProxyHandler abstract class that this http-listener uses.

Only used if the authPassthroughEnabled property of this http-listener and the parent http-service element are both set to true. Overrides the proxyHandler property of the parent http-service element.

proxiedProtocol

none 

Specifies a comma-separated list of protocols that can use the same port. Allowed values are ws/tcp (SOAP over TCP), http, https and tls.

For example, if you set this property to http,https and set the port to 4567, you can access the port with either http://host:4567/ or https://host:4567/.

Specifying this property at the http-service level overrides settings at the http-listener level. If this property is not set at either level, this feature is disabled.

bufferSize

4096

Specifies the size, in bytes, of the buffer to be provided for input streams created by HTTP listeners. 

connectionTimeout

30

Specifies the number of seconds HTTP listeners wait, after accepting a connection, for the request URI line to be presented. 

maxKeepAliveRequests

250

Specifies the maximum number of HTTP requests that can be pipelined until the connection is closed by the server. Set this property to 1 to disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.

traceEnabled

true

If true, enables the TRACE operation. Set this property to false to make the Enterprise Server less susceptible to cross-site scripting attacks.

cometSupport

false

If true, enables Comet support for this listener.

If your servlet or JSP page uses Comet technology, make sure it is initialized when the Enterprise Server starts up by adding the load-on-startup element to your web.xml file. For example:

<servlet>
   <servlet-name>CheckIn</servlet-name>
   <servlet-class>CheckInServlet</servlet-class>
   <load-on-startup>0</load-on-startup>
</servlet>

jkEnabled

false

If true, enables mod_jk support for this listener.

compression

off

Specifies use of HTTP/1.1 GZIP compression to save server bandwidth. Allowed values are: 

• off – Disables compression.

• on – Compresses data.

• force – Forces data compression in all cases.

• positive integer – Specifies the minimum amount of data required before the output is compressed.

If the content-length is not known, the output is compressed only if compression is set to on or force.

compressableMimeType

text/html,text/xml,text/plain

Specifies a comma-separated list of MIME types for which HTTP compression is used. 

noCompressionUserAgents

empty String (regexp matching disabled)

Specifies a comma-separated list of regular expressions matching user-agents of HTTP clients for which compression should not be used. 

minCompressionSize or compressionMinSize

none 

Specifies the minimum size of a file when compression is applied. 

crlFile

none 

Specifies the location of the Certificate Revocation List (CRL) file to consult during SSL client authentication. This can be an absolute or relative file path. If relative, it is resolved against domain-dir. If unspecified, CRL checking is disabled.

trustAlgorithm

none  

Specifies the name of the trust management algorithm (for example, PKIX) to use for certification path validation.

trustMaxCertLength

5

Specifies the maximum number of non-self-issued intermediate certificates that can exist in a certification path. This property is considered only if trustAlgorithm is set to PKIX. A value of zero implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (there is no maximum). Setting a value less than -1 causes an exception to be thrown.

disableUploadTimeout

true

if false, the connection for a servlet that reads bytes slowly is closed after the connectionUploadTimeout is reached.

connectionUploadTimeout

5

Specifies the timeout for uploads. Applicable only if disableUploadTimeout is set to false.

uriEncoding

UTF-8

Specifies the character set used to decode the request URIs received on this HTTP listener. Must be a valid IANA character set name. Overrides the uriEncoding property of the parent http-service element.

version

HTTP/1.1

(optional) Specifies the version of the HTTP protocol used. 

dns-lookup-enabled

false

(optional) If true, looks up the DNS entry for the client.

forced-type

text/html; charset=iso-8859-1

(optional) Specifies the request type used if no MIME mapping is available that matches the file extension. The format is a semicolon-delimited string consisting of the content-type, encoding, language, and charset. 

default-type

text/html; charset=iso-8859-1

(optional) Specifies the default response type. The format is a semicolon-delimited string consisting of the content-type, encoding, language, and charset. 

forced-response-type

text/plain; charset=iso-8859-1

(optional) Deprecated. Do not use. 

default-response-type

text/plain; charset=iso-8859-1

(optional) Deprecated. Do not use. 

ssl-enabled

true

(optional) Not implemented. Use ssl subelements of http-listener elements.

access-log

zero or one 

Defines access log settings for each http-access-log subelement of each virtual-server.

http-listener

one or more 

Defines an HTTP listen socket. 

virtual-server

one or more 

Defines a virtual server. 

request-processing

zero or one 

Configures request processing threads. 

keep-alive

zero or one 

Configures keep-alive threads. 

connection-pool

zero or one 

Defines a pool of client HTTP connections. 

http-protocol

zero or one 

Configures HTTP protocol settings. 

http-file-cache

zero or one 

Configures the HTTP file cache. 

property

zero or more 

Specifies a property or a variable. 

monitoring-cache-enabled

true

If true, enables the monitoring cache.

monitoring-cache-refresh-in-millis

5000

Specifies the interval between refreshes of the monitoring cache. 

ssl-cache-entries

10000

Specifies the number of SSL sessions to be cached. 

ssl3-session-timeout

86400

Specifies the interval at which SSL3 sessions are cached. 

ssl-session-timeout

100

Specifies the interval at which SSL2 sessions are cached. 

recycle-objects

true

If true, recycles internal objects instead of using the VM garbage collector.

reader-threads

0

Specifies the number of reader threads, which read bytes from the non-blocking socket. 

acceptor-queue-length

4096

Specifies the length of the acceptor thread queue. Once full, connections are rejected. 

reader-queue-length

4096

Specifies the length of the reader thread queue. Once full, connections are rejected. 

use-nio-direct-bytebuffer

true

If true, specifies that the NIO direct ByteBuffer is used. In a limited resource environment, it might be faster to use non-direct Java's ByteBuffer by setting a value of false.

authPassthroughEnabled

false

If true, indicates that the http-listener subelements receive traffic from an SSL-terminating proxy server, which is responsible for forwarding any information about the original client request (such as client IP address, SSL keysize, and authenticated client certificate chain) to the HTTP listeners using custom request headers.

Each http-listener subelement can override this setting for itself.

proxyHandler

com.sun.enterprise.web.ProxyHandlerImpl

Specifies the fully qualified class name of a custom implementation of the com.sun.appserv.ProxyHandler abstract class, which allows a back-end application server instance to retrieve information about the original client request that was intercepted by an SSL-terminating proxy server (for example, a load balancer). An implementation of this abstract class inspects a given request for the custom request headers through which the proxy server communicates the information about the original client request to the Enterprise Server instance, and returns that information to its caller.

The default implementation reads the client IP address from an HTTP request header named Proxy-ip, the SSL keysize from an HTTP request header named Proxy-keysize, and the SSL client certificate chain from an HTTP request header named Proxy-auth-cert. The Proxy-auth-cert value must contain the BASE-64 encoded client certificate chain without the BEGIN CERTIFICATE and END CERTIFICATE boundaries and with \n replaced with % d% a.

Only used if authPassthroughEnabled is set to true. Each http-listener subelement can override the proxyHandler setting for itself.

proxiedProtocol

none 

Specifies a comma-separated list of protocols that can use the same port. Allowed values are ws/tcp (SOAP over TCP), http, https and tls.

For example, if you set this property to http,https and the port is 4567, you can access the port with either http://host:4567/ or https://host:4567/.

Specifying this property at the http-service level overrides settings at the http-listener level. If this property is not set at either level, this feature is disabled.

bufferSize

4096

Specifies the size, in bytes, of the buffer to be provided for input streams created by HTTP listeners. 

connectionTimeout

30

Specifies the number of seconds HTTP listeners wait, after accepting a connection, for the request URI line to be presented. 

maxKeepAliveRequests

250

Specifies the maximum number of HTTP requests that can be pipelined until the connection is closed by the server. Set this property to 1 to disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and pipelining.

traceEnabled

true

If true, enables the TRACE operation. Set this property to false to make the Enterprise Server less susceptible to cross-site scripting attacks.

accessLoggingEnabled

false

If true, enables access logging for all virtual-server subelements that do not specify this property. If false, disables access logging for all virtual-server subelements that do not specify this property.

accessLogBufferSize

32768

Specifies the size, in bytes, of the buffer where access log calls are stored. If the value is less than 5120, a warning message is issued, and the value is set to 5120.

accessLogWriterInterval

300

Specifies the number of seconds before the log is written to the disk. The access log is written when the buffer is full or when the interval expires. If the value is 0, the buffer is always written even if it is not full. This means that each time the server is accessed, the log message is stored directly to the file.

sso-enabled

false

If true, single sign-on is enabled by default for all web applications on all virtual servers on this server instance that are configured for the same realm. If false, single sign-on is disabled by default for all virtual servers, and users must authenticate separately to every application on each virtual server. The sso-enabled property setting of the virtual-server element overrides this setting for an individual virtual server.

At the http-service level, you cannot change the sso-max-inactive-seconds and sso-reap-interval-seconds values from their defaults. However, you can change these values at the virtual-server level.

disableUploadTimeout

true

if false, the connection for a servlet that reads bytes slowly is closed after the connectionUploadTimeout is reached.

connectionUploadTimeout

5

Specifies the timeout for uploads. Applicable only if disableUploadTimeout is set to false.

uriEncoding

UTF-8

Specifies the character set used to decode the request URIs received on http-listener subelements that do not define this property. Must be a valid IANA character set name.

ssl

zero or one 

Defines SSL parameters. 

property

zero or more 

Specifies a property or a variable. 

id

none 

The listener name. An iiop-listener name cannot begin with a number.

address

none 

IP address of the listener. Can be in dotted-pair or IPv6 notation, or just a name. 

port

1072

(optional) Port number for the listener. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges.

security-enabled

false

(optional) Determines whether the listener runs SSL. To turn SSL2 or SSL3 on or off and set ciphers, use an ssl element.

enabled

true

(optional) Determines whether the listener is active. 

orb

only one 

Configures the ORB. 

ssl-client-config

zero or one 

Defines SSL parameters for the ORB. 

iiop-listener

zero or more 

Defines an IIOP listen socket. 

client-authentication-required

false

(optional) If true, the server rejects unauthenticated requests and inserts an authentication-required bit in IORs sent to clients.

property

zero or more 

Specifies a property or a variable. 

name

default

Specifies the name of the JACC provider. 

policy-provider

com.sun.enterprise.security.provider.PolicyWrapper

Corresponds to and can be overridden by the system property javax.security.jacc.policy.provider .

policy-configuration-factory-provider

com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl

Corresponds to and can be overridden by the system property javax.security.jacc.PolicyConfigurationFactory.provider .

profiler

zero or one 

Configures a profiler for use with the Enterprise Server. 

jvm-options

zero or more 

Contains JVM command line options. 

property

zero or more 

Specifies a property or a variable. 

java-home

${com.sun.aas.javaRoot}

The path to the directory where the JDK is installed. 

debug-enabled

false

(optional) If true, the server starts up in debug mode ready for attachment with a JPDA-based debugger.

debug-options

-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n

(optional) Specifies JPDA (Java Platform Debugger Architecture) options. A list of debugging options is available at http://java.sun.com/products/jpda/doc/conninv.html#Invocation.

For more information about debugging, see the Sun GlassFish Enterprise Server v3 Prelude Developer’s Guide.

rmic-options

-iiop -poa -alwaysgenerate -keepgenerated -g

(optional) Specifies options passed to the RMI compiler at application deployment time. The -keepgenerated option saves generated source for stubs and ties.

For details about the rmic command, see http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/rmic.html.

javac-options

-g

(optional) Specifies options passed to the Java compiler at application deployment time. 

classpath-suffix

none 

Deprecated. Do not use. 

system-classpath

none 

Deprecated. Do not use. 

native-library-path-prefix

none 

(optional) Specifies a prefix for the native library path. 

The native library path is the automatically constructed concatenation of the Enterprise Server installation relative path for its native shared libraries, the standard JRE native library path, the shell environment setting (LD_LIBRARY_PATH on UNIX), and any path specified in the profiler element. Since this is synthesized, it does not appear explicitly in the server configuration.

native-library-path-suffix

none 

(optional) Specifies a suffix for the native library path. 

bytecode-preprocessors

none 

(optional) A comma separated list of class names, each of which must implement the com.sun.appserv.BytecodePreprocessor interface. Each of the specified preprocessor classes is called in the order specified.

env-classpath-ignored

true

Deprecated. Do not use. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of the connection pool. A jdbc-resource element’s pool-name attribute refers to this name.

description

none 

(optional) Specifies a text description of this element. 

datasource-classname

none 

Specifies the class name of the associated vendor-supplied data source. This class must implement javax.sql.DataSource, javax.sql.XADataSource , javax.sql.ConnectionPoolDatasource, or a combination.

res-type

javax.sql.DataSource

(optional) Specifies the interface the data source class implements. The value of this attribute can be javax.sql.DataSource, javax.sql.XADataSource , or javax.sql.ConnectionPoolDatasource. If the value is not one of these interfaces, the default is used. An error occurs if this attribute has a legal value and the indicated interface is not implemented by the data source class.

steady-pool-size

8

(optional) Specifies the initial and minimum number of connections maintained in the pool. 

max-pool-size

32

(optional) Specifies the maximum number of connections that can be created to satisfy client requests. 

max-wait-time-in-millis

60000

(optional) Specifies the amount of time, in milliseconds, that the caller is willing to wait for a connection. If 0, the caller is blocked indefinitely until a resource is available or an error occurs.

pool-resize-quantity

2

(optional) Specifies the number of idle connections to be destroyed if the existing number of connections is above the steady-pool-size (subject to the max-pool-size limit).

This is enforced periodically at the idle-timeout-in-seconds interval. An idle connection is one that has not been used for a period of idle-timeout-in-seconds. When the pool size reaches steady-pool-size, connection removal stops.

idle-timeout-in-seconds

300

(optional) Specifies the maximum time that a connection can remain idle in the pool. After this amount of time, the pool can close this connection. 

This timeout value must be kept shorter than the server side (database) timeout value to prevent the accumulation of unusable connections in the application. 

transaction-isolation-level

default JDBC driver isolation level 

(optional) Specifies the transaction isolation level on the pooled database connections. Allowed values are read-uncommitted, read-committed , repeatable-read, or serializable.

Applications that change the isolation level on a pooled connection programmatically risk polluting the pool, which can lead to errors. See is-isolation-level-guaranteed for more details.

is-isolation-level-guaranteed

true

(optional) Applicable only when transaction-isolation-level is explicitly set. If true, every connection obtained from the pool is guaranteed to have the desired isolation level. This might impact performance on some JDBC drivers. Only set this attribute to false if you are certain that the hosted applications do not return connections with altered isolation levels.

is-connection-validation-required

false

(optional) Specifies whether connections have to be validated before being given to the application. If a resource’s validation fails, it is destroyed, and a new resource is created and returned. 

connection-validation-method

auto-commit

(optional) Legal values are as follows: 

• auto-commit (default), which uses Connection.setAutoCommit(Connection.getAutoCommit())

• meta-data, which uses Connection.getMetaData()

• table, which performs a query on a table specified in the validation-table-name attribute

Because many JDBC drivers cache the results of auto-commit and meta-data calls, they do not always provide reliable validations. Check with the driver vendor to determine whether these calls are cached or not.

The table must exist and be accessible, but it doesn't require any rows. Do not use an existing table that has a large number of rows or a table that is already frequently accessed. More details can be found at Connection Validation in GlassFish JDBC.

validation-table-name

none 

(optional) Specifies the table name to be used to perform a query to validate a connection. This parameter is mandatory if and only if connection-validation-method is set to table.

fail-all-connections

false

(optional) If true, closes all connections in the pool if a single validation check fails. This parameter is mandatory if and only if is-connection-validation-required is set to true.

non-transactional-connections

false

(optional) If true, non-transactional connections can be made to the JDBC connection pool. These connections are not automatically enlisted with the transaction manager.

allow-non-component-callers

false

(optional) If true, non-Java-EE components, such as servlet filters, lifecycle modules, and third party persistence managers, can use this JDBC connection pool. The returned connection is automatically enlisted with the transaction context obtained from the transaction manager. Standard Java EE components can also use such pools. Connections obtained by non-component callers are not automatically closed at the end of a transaction by the container. They must be explicitly closed by the caller.

connection-leak-timeout-in-seconds

0

Detects potential connection leaks by the application. A connection that is not returned back to the pool by the application within the specified period is assumed to be potentially leaking, and a stack trace of the caller is logged. A zero value disables leak detection. A nonzero value enables leak tracing. 

Use this attribute along with connection-leak-reclaim to avoid potential connection leaks from the application. More details are at Connection Leak Tracing.

connection-leak-reclaim

false

If true, the pool will reclaim a connection after connection-leak-timeout-in-seconds occurs.

connection-creation-retry-attempts

0

Specifies the number of attempts to create a new connection in case of a failure. 

connection-creation-retry-interval-in-seconds

10

Specifies the time interval between attempts to create a connection when connection-creation-retry-attempts is greater than 0.

validate-atmost-once-period-in-seconds

0

Specifies the time interval within which a connection is validated at most once. Minimizes the number of validation calls. 

statement-timeout-in-seconds

-1

Sets the query timeout property of a statement to enable termination of abnormally long running queries. The default value of -1 disables this feature.

An abnormally long running JDBC query executed by an application may leave it in a hanging state unless a timeout is explicitly set on the statement. This attribute guarantees that all queries automatically time out if not completed within the specified period. When statements are created, the queryTimeout is set according to the value specified in this attribute. This works only when the underlying JDBC driver supports queryTimeout for Statement, PreparedStatement, CallableStatement, and ResultSet.

lazy-connection-enlistment

false

If true, a connection is not enlisted in a transaction until it is used. If false, any connection object available to a transaction is enlisted in the transaction.

lazy-connection-association

false

If true, a physical connection is not associated with a logical connection until it is used. If false, a physical connection is associated with a logical connection even before it is used.

associate-with-thread

false

Specifies whether a connection is associated with the thread to enable the thread to reuse the connection. If true, allows a connection to be saved as a ThreadLocal in the calling thread. This connection gets reclaimed only when the calling thread dies or when the calling thread is not in use and the pool has run out of connections. If false, the thread must obtain a connection from the pool each time the thread requires a connection.

This attribute associates a connection with a thread such that when the same thread is in need of a connection, it can reuse the connection already associated with that thread. In this case, the overhead of getting a connection from the pool is avoided. However, when this value is set to true, you should verify that the value of the max-pool-size attribute is comparable to the max-thread-pool-size attribute of the thread-pool element. If the max-thread-pool-size value is much higher than the max-pool-size value, a lot of time is spent associating a connection with a new thread after dissociating it from an older one. Use this attribute in cases where the thread pool should reuse connections to avoid this overhead.

match-connections

false

Specifies whether a connection that is selected from the pool should be matched with the connections with certain credentials. If true, enables connection matching. You can set to false if connections are homogeneous.

If the connection pool is used by applications that have multiple user credentials, match-connections must be true. The connection pool matches the request's credential with the connections in the pool and returns a matched connection for use. For new requests with different credentials, unmatched free connections are automatically purged to provide new connections to satisfy the new requests. This attribute need not be true if it is known that there is only one credential used by the applications and therefore the pool has homogeneous connections.

max-connection-usage-count

0

Specifies the number of times a connections is reused by the pool, after which it is closed. A zero value disables this feature. By limiting the maximum number of times a connection can be reused, you can avoid statement leaks if the application does not close statements. 

wrap-jdbc-objects

false

If true, wrapped JDBC objects are returned for Statement, PreparedStatement, CallableStatement, ResultSet, and DatabaseMetaData.

This option ensures that Statement.getConnection() is the same as DataSource.getConnection(). Therefore, this option should be true when both Statement.getConnection() and DataSource.getConnection() are done. The default is false to avoid breaking existing applications.

user

Specifies the user name for connecting to the database. 

password

Specifies the password for connecting to the database. 

databaseName

Specifies the database for this connection pool. 

serverName

Specifies the database server for this connection pool. 

port

Specifies the port on which the database server listens for requests. 

networkProtocol

Specifies the communication protocol. 

roleName

Specifies the initial SQL role name. 

datasourceName

Specifies an underlying XADataSource, or a ConnectionPoolDataSource if connection pooling is done.

description

Specifies a text description. 

url

Specifies the URL for this connection pool. Although this is not a standard property, it is commonly used. 

LazyConnectionEnlistment

Deprecated. Use the equivalent attribute. 

LazyConnectionAssociation

Deprecated. Use the equivalent attribute. 

AssociateWithThread

Deprecated. Use the equivalent attribute. 

MatchConnections

Deprecated. Use the equivalent attribute. 

property

zero or more 

Specifies a property or a variable. 

jndi-name

none 

Specifies the JNDI name for the resource. 

description

none 

(optional) Specifies a text description of this element. 

pool-name

none 

Specifies the name of the associated jdbc-connection-pool.

object-type

user

(optional) Defines the type of the resource. Allowed values are: 

• system-all - A system resource for all server instances and the domain application server.

• system-admin - A system resource only for the domain application server.

• system-instance - A system resource for all server instances only.

• user - A user resource.

enabled

true

(optional) Determines whether this resource is enabled at runtime. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of the JMS host. 

host

machine-name

(optional) Specifies the host name of the JMS host. 

port

7676

(optional) Specifies the port number used by the JMS provider. 

admin-user-name

admin

(optional) Specifies the administrator user name for the JMS provider. 

admin-password

admin

(optional) Specifies the administrator password for the JMS provider. 

jms-host

zero or more 

Specifies a host. 

property

zero or more 

Specifies a property or a variable. 

init-timeout-in-seconds

60

(optional) Specifies the amount of time the server instance waits at startup for its configured default JMS host to respond. If there is no response, startup is aborted. If set to 0, the server instance waits indefinitely.

type

EMBEDDED

Specifies the type of JMS service: 

• EMBEDDED means the JMS provider is started in the same JVM machine as the Enterprise Server, and the networking stack is bypassed.

  Lazy initialization starts the default embedded broker on the first access of JMS services rather than at Enterprise Server startup.

• LOCAL means the JMS provider is started along with the Enterprise Server.

  The LOCAL setting implicitly sets up a 1:1 relationship between an Enterprise Server instance and a Message Queue broker.

• REMOTE means the JMS provider is remote and is not started by the Enterprise Server.

start-args

none 

(optional) Specifies the string of arguments supplied for startup of the corresponding JMS instance. 

default-jms-host

none 

Specifies the name of the default jms-host. If type is set to LOCAL, this jms-host is automatically started at Enterprise Server startup.

reconnect-interval-in-seconds

5

(optional) Specifies the interval between reconnect attempts. 

reconnect-attempts

3

(optional) Specifies the number of reconnect attempts. 

reconnect-enabled

true

(optional) If true, reconnection is enabled. The JMS service automatically tries to reconnect to the JMS provider when the connection is broken.

When the connection is broken, depending on the message processing stage, the onMessage() method might not be able to complete successfully or the transaction might be rolled back due to a JMS exception. When the JMS service reestablishes the connection, JMS message redelivery semantics apply.

addresslist-behavior

random

(optional) Specifies whether the reconnection logic selects the broker from the imqAddressList in a random or sequential (priority) fashion.

addresslist-iterations

3

(optional) Specifies the number of times the reconnection logic iterates over the imqAddressList if addresslist-behavior is set to PRIORITY.

mq-scheme

mq

(optional) Specifies the scheme for establishing connection with the broker. For example, specify http for connecting to the broker over HTTP.

mq-service

jms

(optional) Specifies the type of broker service. If a broker supports SSL, the type of service can be ssljms.

instance-name

imqbroker

Specifies the full Sun GlassFish Message Queue broker instance name.

instance-name-suffix

none 

Specifies a suffix to add to the full Message Queue broker instance name. The suffix is separated from the instance name by an underscore character (_). For example, if the instance name is imqbroker, appending the suffix xyz changes the instance name to imqbroker_xyz.

append-version

false

If true, appends the major and minor version numbers, preceded by underscore characters (_), to the full Message Queue broker instance name. For example, if the instance name is imqbroker , appending the version numbers changes the instance name to imqbroker_8_0.

user-name

guest

Specifies the user name for creating the JMS connection. Needed only if the default username/password of guest/guest is not available in the broker. 

password

guest

Specifies the password for creating the JMS connection. Needed only if the default username/password of guest/guest is not available in the broker. 

ssl

zero or one 

Defines SSL parameters. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of the connector used by the designated system JMX connector for JMX communication between server instances. Do not modify this name. 

protocol

rmi_jrmp

(optional) Specifies the protocol that this JMX connector supports. The only supported protocol is rmi_jrmp. Do not modify this value.

address

0.0.0.0

Specifies the IP address of the naming service where the JMX connector server stub is registered. This is not the port of the server socket that does the actual JMX communication. This is the address of the network interface where the RMI registry is started. If your system has multiple network interfaces, modify this value so that only a particular interface is selected. 

port

8686

Specifies the port number on with the naming service (RMI registry) listens for RMI client connections. The only use of this naming service is to download the RMI stubs. If the default port is occupied, a free port is used. Legal values are 1 - 65535. On UNIX, creating sockets that listen on ports 1 - 1024 requires superuser privileges.

auth-realm-name

admin-realm

Specifies the name of an auth-realm subelement of the security-service element for the server instance that is running this JMX connector's server end. Note that this is a dedicated administration security realm.

security-enabled

false

(optional) Determines whether JMX communication is encrypted.  

enabled

true

(optional) Enables the JMX connector. Do not modify this value. 

thread-count

1

(optional) Specifies the number of keep-alive threads. The value must be 1 or greater. 

max-connections

250

(optional) Specifies the maximum number of keep-alive connections. A value of 0 means requests are always rejected. A value of -1 sets no limit to the number of keep-alive connections.

timeout-in-seconds

30

(optional) Specifies the maximum time for which a keep alive connection is kept open. A value of 0 or less means keep alive connections are kept open indefinitely.

module-log-levels

zero or one 

Specifies log levels. 

property

zero or more 

Specifies a property or a variable. 

file

server.log in the directory specified by the log-root attribute of the domain element

(optional) Overrides the name or location of the server log. The file and directory in which the server log is kept must be writable by the user account under which the server runs.

An absolute path overrides the log-root attribute of the domain element.

A relative path is relative to the log-root attribute of the domain element. If no log-root value is specified, it is relative to domain-dir/config .

use-system-logging

false

(optional) If true, uses the UNIX syslog service to produce and manage logs.

log-handler

none 

(optional) Specifies a custom log handler to be added to end of the chain of system handlers to log to a different destination. 

log-filter

none 

(optional) Specifies a log filter to do custom filtering of log records. 

log-to-console

false

(optional) Deprecated and ignored. 

log-rotation-limit-in-bytes

2000000

(optional) Log files are rotated when the file size reaches the specified limit. 

log-rotation-timelimit-in-minutes

0

(optional) Enables time-based log rotation. The valid range is 60 minutes (1 hour) to 14400 minutes (10*24*60 minutes or 10 days).

If the value is zero, the files are rotated based on the size specified in log-rotation-limit-in-bytes. If the value is greater than zero, log-rotation-timelimit-in-minutes takes precedence over log-rotation-limit-in-bytes .

retain-error-statistics-for-hours

5

(optional) Specifies the number of most recent hours for which error statistics are retained in memory. The default and minimum value is 5 hours. The maximum value allowed is 500 hours. Larger values incur additional memory overhead.

property

zero or more 

Specifies a property or a variable. 

session-file-name

none; state is not preserved across restarts 

(optional) Specifies the absolute or relative path to the directory in which the session state is preserved between application restarts, if preserving the state is possible. A relative path is relative to the temporary directory for this web application.  

To disable this behavior and not preserve the session state, specify an empty string as the value of this attribute. 

reap-interval-in-seconds

60

(optional) Specifies the time between checks for expired sessions. 

If the persistence-frequency attribute of the web-container-availability element is set to time-based, active sessions are stored at this interval.

Set this value lower than the frequency at which session data changes. For example, this value should be as low as possible (1 second) for a hit counter servlet on a frequently accessed web site, or you could lose the last few hits each time you restart the server.

max-sessions

-1

(optional) Specifies the maximum number of sessions that can be in cache, or -1 for no limit. After this, an attempt to create a new session causes an IllegalStateException to be thrown.

session-id-generator-classname

internal class generator 

(optional) Not implemented. 

property

zero or more 

Specifies a property or a variable. 

steady-pool-size

10

(optional) Specifies the initial and minimum number of beans maintained in the pool. 

pool-resize-quantity

2

(optional) Specifies the number of beans to be removed when the idle-timeout-in-seconds timer expires. A cleaner thread removes any unused instances.

Must be 0 or greater and less than max-pool-size . The pool is not resized below the steady-pool-size.

max-pool-size

60

(optional) Specifies the maximum number of beans that can be created to satisfy client requests. 

idle-timeout-in-seconds

600

(optional) Specifies the maximum time that a bean can remain idle in the pool. After this amount of time, the bean is destroyed. A value of 0 means a bean can remain idle indefinitely.

cmt-max-runtime-exceptions

1

Specifies the maximum number of RuntimeException occurrences allowed from a message-driven bean’s onMessage() method when container-managed transactions are used. Deprecated.

provider-config

one or more 

Specifies a configuration for one message security provider. 

auth-layer

HttpServlet

Specifies the message layer at which authentication is performed. The value must be HttpServlet.

default-provider

none 

(optional) Specifies the server provider that is invoked for any application not bound to a specific server provider. 

default-client-provider

none 

(optional) Specifies the client provider that is invoked for any application not bound to a specific client provider. 

property

zero or more 

Specifies a property or a variable. 

root

INFO

(optional) Specifies the default level of messages logged by the entire Enterprise Server installation. 

server

INFO

(optional) Specifies the default level of messages logged by the server instance. 

ejb-container

INFO

(optional) Specifies the level of messages logged by the EJB container. 

cmp-container

INFO

(optional) Specifies the level of messages logged by the CMP subsystem of the EJB container. 

mdb-container

INFO

(optional) Specifies the level of messages logged by the MDB container. 

web-container

INFO

(optional) Specifies the level of messages logged by the web container. 

classloader

INFO

(optional) Specifies the level of messages logged by the classloader hierarchy. 

configuration

INFO

(optional) Specifies the level of messages logged by the configuration subsystem. 

naming

INFO

(optional) Specifies the level of messages logged by the naming subsystem. 

security

INFO

(optional) Specifies the level of messages logged by the security subsystem. 

jts

INFO

(optional) Specifies the level of messages logged by the Java Transaction Service. 

jta

INFO

(optional) Specifies the level of messages logged by the Java Transaction API. 

admin

INFO

(optional) Specifies the level of messages logged by the Administration Console subsystem. 

deployment

INFO

(optional) Specifies the level of messages logged by the deployment subsystem. 

verifier

INFO

(optional) Specifies the level of messages logged by the deployment descriptor verifier. 

jaxr

INFO

(optional) Specifies the level of messages logged by the XML registry. 

jaxrpc

INFO

(optional) Specifies the level of messages logged by the XML RPC module. 

saaj

INFO

(optional) Specifies the level of messages logged by the SOAP with Attachments API for Java module. 

corba

INFO

(optional) Specifies the level of messages logged by the ORB. 

javamail

INFO

(optional) Specifies the level of messages logged by the JavaMail subsystem. 

jms

INFO

(optional) Specifies the level of messages logged by the Java Message Service. 

connector

INFO

(optional) Specifies the level of messages logged by the connector subsystem. 

jdo

INFO

(optional) Specifies the level of messages logged by the Java Data Objects module. 

cmp

INFO

(optional) Specifies the level of messages logged by the CMP subsystem. 

util

INFO

(optional) Specifies the level of messages logged by the utility subsystem. 

resource-adapter

INFO

(optional) Specifies the level of messages logged by the resource adapter subsystem. 

synchronization

INFO

(optional) Specifies the level of messages logged by the synchronization subsystem. 

node-agent

INFO

(optional) Specifies the level of messages logged by the node agent subsystem. 

self-management

INFO

(optional) Specifies the level of messages logged by the self-management (management rules) subsystem. 

group-management-service

INFO

(optional) Specifies the level of messages logged by the Group Management Service. 

management-event

INFO

(optional) Specifies the level of messages logged by the self-management event subsystem. 

property

zero or more 

Specifies a property or a variable. 

thread-pool

OFF

(optional) Specifies the level of monitoring of the thread pool subsystem. 

orb

OFF

(optional) Specifies the level of monitoring of the ORB. 

ejb-container

OFF

(optional) Specifies the level of monitoring of the EJB container. 

web-container

OFF

(optional) Specifies the level of monitoring of the web container. 

transaction-service

OFF

(optional) Specifies the level of monitoring of the transaction service. 

http-service

OFF

(optional) Specifies the level of monitoring of the HTTP service. 

jdbc-connection-pool

OFF

(optional) Specifies the level of monitoring of the JDBC connection pool subsystem. 

connector-connection-pool

OFF

(optional) Specifies the level of monitoring of the connector connection pool subsystem. 

connector-service

OFF

(optional) Specifies the level of monitoring of the connector service. 

jms-service

OFF

(optional) Specifies the level of monitoring of the JMS service. 

jvm

OFF

(optional) Specifies the level of monitoring of the JVM subsystem. 

module-monitoring-levels

zero or one 

Controls the level of monitoring of server subsystems. 

property

zero or more 

Specifies a property or a variable. 

property

zero or more 

Specifies a property or a variable. 

use-thread-pool-ids

none 

Specifies a comma-separated list of thread-pool-id values defined in thread-pool elements used by the ORB.

message-fragment-size

1024

(optional) GIOPv1.2 messages larger than this number of bytes are fragmented. 

max-connections

1024

(optional) The maximum number of incoming connections on all IIOP listeners. Legal values are integers. 

jvm-options

zero or more 

Contains profiler-specific JVM command line options. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of the profiler. 

classpath

none 

(optional) Specifies the classpath for the profiler. 

native-library-path

none 

(optional) Specifies the native library path for the profiler. 

enabled 

true

(optional) Determines whether the profiler is enabled. 

name

none 

Specifies the name of the property or variable. 

value

none 

Specifies the value of the property or variable. 

description

none 

(optional) Specifies a text description of this element. 

request-policy

zero or one 

Defines the authentication policy requirements of the authentication provider’s request processing. 

response-policy

zero or one 

Defines the authentication policy requirements of the authentication provider’s response processing. 

property

zero or more 

Specifies a property or a variable. 

provider-id

none 

Specifies a unique identifier for this provider-config element.

provider-type

none 

Specifies whether the provider is a client, server, or client-server authentication provider.

class-name

none 

Specifies the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server authentication providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. Client-server providers must implement both interfaces.

security.config

domain-dir/config/wss-server-config-1.0.xml

Specifies the location of the message security configuration file. To point to a configuration file in the domain-dir/config directory, use the system property ${com.sun.aas.instanceRoot}/config/, for example:

${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml

See system-property.

debug

false

If true, enables dumping of server provider debug messages to the server log.

dynamic.username.password

false

If true, signals the provider runtime to collect the user name and password from the CallbackHandler for each request. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule.

encryption.key.alias

s1as

Specifies the encryption key used by the provider. The key is identified by its keystore alias.

signature.key.alias

s1as

Specifies the signature key used by the provider. The key is identified by its keystore alias.

auth-source

none 

Specifies the type of required authentication, either sender (user name and password) or content (digital signature).

auth-recipient

none 

Specifies whether recipient authentication occurs before or after content authentication. Allowed values are before-content and after-content.

thread-count

20

(optional) Specifies the maximum number of request processing threads. 

initial-thread-count

2

(optional) Specifies the number of request processing threads that are available when the server starts up. 

thread-increment

1

(optional) Specifies the number of request processing threads added when the number of requests exceeds the initial-thread-count.

request-timeout-in-seconds

30

(optional) Specifies the time at which the request times out. 

header-buffer-length-in-bytes

8192

(optional) Specifies the size of the buffer used by the request processing threads to read the request data. 

enabled

true

(optional) Determines whether the resource is enabled. 

ref

none 

References the name attribute of a jdbc-resource or jdbc-connection-pool element.

jdbc-resource

zero or more 

Defines a JDBC (Java Database Connectivity) resource. 

jdbc-connection-pool

zero or more 

Defines the properties that are required for creating a JDBC connection pool. 

auth-source

none 

Specifies the type of required authentication, either sender (user name and password) or content (digital signature).

auth-recipient

none 

Specifies whether recipient authentication occurs before or after content authentication. Allowed values are before-content and after-content.

auth-realm

one or more 

Defines a realm for authentication. 

jacc-provider

one or more 

Specifies a Java Authorization Contract for Containers (JACC) provider for pluggable authorization. 

audit-module

zero or more 

Specifies an optional plug-in module that implements audit capabilities. 

message-security-config

zero or more 

Specifies configurations for message security providers. 

property

zero or more 

Specifies a property or a variable. 

default-realm

file

(optional) Specifies the active authentication realm (an auth-realm name attribute) for this server instance.

default-principal

none 

(optional) Used as the identity of the default security context when necessary and when no principal is provided. This attribute need not be set for normal server operation. 

default-principal-password

none 

(optional) The password of the default principal. This attribute need not be set for normal server operation. 

anonymous-role

attribute is deprecated

(optional) Deprecated. Do not use. 

audit-enabled

false

(optional) If true, additional access logging is performed to provide audit information.

Audit information consists of: 

• Authentication success and failure events

• Servlet and EJB access grants and denials

jacc

default

(optional) Specifies the name of the jacc-provider element to use for setting up the JACC infrastructure. Do not change the default value unless you are adding a custom JACC provider.

audit-modules

default

(optional) Specifies a space-separated list of audit provider modules used by the audit subsystem. The default value refers to the internal log-based audit module. 

activate-default-principal-to-role-mapping

false

(optional) Applies a default principal for role mapping to any application that does not have an application-specific mapping defined. Every role is mapped to an instance of a java.security.Principal implementation class defined by mapped-principal-class. This class has the same name as the role.

mapped-principal-class

none 

(optional) Customizes the java.security.Principal implementation class used when activate-default-principal-to-role-mapping is set to true.

application-ref

zero or more 

References an application or module deployed to the server instance. 

resource-ref

zero or more 

References a resource deployed to the server instance. 

system-property

zero or more 

Specifies a system property. 

property

zero or more 

Specifies a property or a variable. 

name

none 

Specifies the name of the server instance. 

config-ref

default config element’s name, server-config

(optional) References the name of the config used by the server instance.

server

only one 

Defines a server instance. 

session-manager

zero or one 

Specifies session manager configuration information. 

session-properties

zero or one 

Specifies session properties. 

manager-properties

zero or one 

Specifies session manager properties. 

store-properties

zero or one 

Specifies session persistence (storage) properties. 

property

zero or more 

Specifies a property or a variable. 

timeout-in-seconds

600

(optional) Specifies the default maximum inactive interval (in seconds) for all sessions created in this web module. If set to 0 or less, sessions in this web module never expire.

If a session-timeout element is specified in the web.xml file, the session-timeout value overrides any timeout-in-seconds value. If neither session-timeout nor timeout-in-seconds is specified, the timeout-in-seconds default is used.

Note that the session-timeout element in web.xml is specified in minutes, not seconds.

enableCookies

true

Uses cookies for session tracking if set to true.

enableURLRewriting

true

Enables URL rewriting. This provides session tracking via URL rewriting when the browser does not accept cookies. You must also use an encodeURL or encodeRedirectURL call in the servlet or JavaServer Pages^TM (JSP^TM) page.

idLengthBytes

128

Specifies the number of bytes in this web module’s session ID. 

cert-nickname

s1as

The nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is tokenname:nickname. Including the tokenname: part of the name in this attribute is optional.

ssl2-enabled

false

(optional) Determines whether SSL2 is enabled. 

If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

ssl2-ciphers

none 

(optional) A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4 . Allowed values are rc4, rc4export, rc2, rc2export, idea, des , desede3.

ssl3-enabled

true

(optional) Determines whether SSL3 is enabled. The default is true .

If both SSL2 and SSL3 are enabled for a virtual-server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

ssl3-tls-ciphers

none 

(optional) A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5 . Allowed values are SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_WITH_NULL_MD5, SSL_RSA_WITH_RC4_128_SHA, and SSL_RSA_WITH_NULL_SHA. Values available in previous releases are supported for backward compatibility.

tls-enabled

true

(optional) Determines whether TLS is enabled. 

tls-rollback-enabled

true

(optional) Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. For more information, see theSun GlassFish Enterprise Server v3 Prelude Administration Guide.

client-auth-enabled

false

(optional) Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.