root / gss / jboss / deploy / jbossweb.sar / server.xml @ 8270b533
History | View | Annotate | Download (7.8 kB)
1 | 14ad7326 | pastith | <Server>
|
---|---|---|---|
2 | 14ad7326 | pastith | |
3 | 14ad7326 | pastith | <!-- Optional listener which ensures correct init and shutdown of APR,
|
4 | 14ad7326 | pastith | and provides information if it is not installed -->
|
5 | 14ad7326 | pastith | <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> |
6 | 14ad7326 | pastith | <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
|
7 | 14ad7326 | pastith | <Listener className="org.apache.catalina.core.JasperListener" /> |
8 | 14ad7326 | pastith | |
9 | 14ad7326 | pastith | <Service name="jboss.web"> |
10 | 14ad7326 | pastith | |
11 | 14ad7326 | pastith | <!-- A HTTP/1.1 Connector on port 8080 -->
|
12 | 14ad7326 | pastith | <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" |
13 | 14ad7326 | pastith | connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8"/> |
14 | 14ad7326 | pastith | |
15 | 14ad7326 | pastith | <!-- Add this option to the connector to avoid problems with
|
16 | 14ad7326 | pastith | .NET clients that don't implement HTTP/1.1 correctly
|
17 | 14ad7326 | pastith | restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
|
18 | 14ad7326 | pastith | -->
|
19 | 14ad7326 | pastith | |
20 | 14ad7326 | pastith | <!-- A AJP 1.3 Connector on port 8009 -->
|
21 | 14ad7326 | pastith | <!-- The recommended value of maxThreads is 200 per CPU -->
|
22 | 14ad7326 | pastith | <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}" |
23 | 14ad7326 | pastith | maxThreads="200" connectionTimeout="600000" redirectPort="8443" URIEncoding="UTF-8"/> |
24 | 14ad7326 | pastith | |
25 | 14ad7326 | pastith | <!-- SSL/TLS Connector configuration using the admin devl guide keystore
|
26 | 14ad7326 | pastith | <Connector protocol="HTTP/1.1" SSLEnabled="true"
|
27 | 14ad7326 | pastith | port="8443" address="${jboss.bind.address}"
|
28 | 14ad7326 | pastith | scheme="https" secure="true" clientAuth="false"
|
29 | 14ad7326 | pastith | keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
|
30 | 14ad7326 | pastith | keystorePass="rmi+ssl" sslProtocol = "TLS" />
|
31 | 14ad7326 | pastith | -->
|
32 | 14ad7326 | pastith | |
33 | 14ad7326 | pastith | <Engine name="jboss.web" defaultHost="localhost"> |
34 | 14ad7326 | pastith | |
35 | 14ad7326 | pastith | <!-- The JAAS based authentication and authorization realm implementation
|
36 | 14ad7326 | pastith | that is compatible with the jboss 3.2.x realm implementation.
|
37 | 14ad7326 | pastith | - certificatePrincipal : the class name of the
|
38 | 14ad7326 | pastith | org.jboss.security.auth.certs.CertificatePrincipal impl
|
39 | 14ad7326 | pastith | used for mapping X509[] cert chains to a Princpal.
|
40 | 14ad7326 | pastith | - allRolesMode : how to handle an auth-constraint with a role-name=*,
|
41 | 14ad7326 | pastith | one of strict, authOnly, strictAuthOnly
|
42 | 14ad7326 | pastith | + strict = Use the strict servlet spec interpretation which requires
|
43 | 14ad7326 | pastith | that the user have one of the web-app/security-role/role-name
|
44 | 14ad7326 | pastith | + authOnly = Allow any authenticated user
|
45 | 14ad7326 | pastith | + strictAuthOnly = Allow any authenticated user only if there are no
|
46 | 14ad7326 | pastith | web-app/security-roles
|
47 | 14ad7326 | pastith | -->
|
48 | 14ad7326 | pastith | <Realm className="org.jboss.web.tomcat.security.JBossWebRealm" |
49 | 14ad7326 | pastith | certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" |
50 | 14ad7326 | pastith | allRolesMode="authOnly" |
51 | 14ad7326 | pastith | />
|
52 | 14ad7326 | pastith | <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
|
53 | 14ad7326 | pastith | behavior of JBossSecurityMgrRealm, but overrides the authorization
|
54 | 14ad7326 | pastith | checks to use JACC permissions with the current java.security.Policy
|
55 | 14ad7326 | pastith | to determine authorized access.
|
56 | 14ad7326 | pastith | - allRolesMode : how to handle an auth-constraint with a role-name=*,
|
57 | 14ad7326 | pastith | one of strict, authOnly, strictAuthOnly
|
58 | 14ad7326 | pastith | + strict = Use the strict servlet spec interpretation which requires
|
59 | 14ad7326 | pastith | that the user have one of the web-app/security-role/role-name
|
60 | 14ad7326 | pastith | + authOnly = Allow any authenticated user
|
61 | 14ad7326 | pastith | + strictAuthOnly = Allow any authenticated user only if there are no
|
62 | 14ad7326 | pastith | web-app/security-roles
|
63 | 14ad7326 | pastith | <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
|
64 | 14ad7326 | pastith | certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
|
65 | 14ad7326 | pastith | allRolesMode="authOnly"
|
66 | 14ad7326 | pastith | />
|
67 | 14ad7326 | pastith | -->
|
68 | 14ad7326 | pastith | |
69 | 14ad7326 | pastith | <Host name="localhost"> |
70 | 14ad7326 | pastith | |
71 | 14ad7326 | pastith | <!-- Uncomment to enable request dumper. This Valve "logs interesting
|
72 | 14ad7326 | pastith | contents from the specified Request (before processing) and the
|
73 | 14ad7326 | pastith | corresponding Response (after processing). It is especially useful
|
74 | 14ad7326 | pastith | in debugging problems related to headers and cookies."
|
75 | 14ad7326 | pastith | -->
|
76 | 14ad7326 | pastith | <!--
|
77 | 14ad7326 | pastith | <Valve className="org.apache.catalina.valves.RequestDumperValve" />
|
78 | 14ad7326 | pastith | -->
|
79 | 14ad7326 | pastith | |
80 | 14ad7326 | pastith | <!-- Access logger -->
|
81 | 14ad7326 | pastith | <!--
|
82 | 14ad7326 | pastith | <Valve className="org.apache.catalina.valves.AccessLogValve"
|
83 | 14ad7326 | pastith | prefix="localhost_access_log." suffix=".log"
|
84 | 14ad7326 | pastith | pattern="common" directory="${jboss.server.log.dir}"
|
85 | 14ad7326 | pastith | resolveHosts="false" />
|
86 | 14ad7326 | pastith | -->
|
87 | 14ad7326 | pastith | |
88 | 14ad7326 | pastith | <!-- Uncomment to enable single sign-on across web apps
|
89 | 14ad7326 | pastith | deployed to this host. Does not provide SSO across a cluster.
|
90 | 14ad7326 | pastith |
|
91 | 14ad7326 | pastith | If this valve is used, do not use the JBoss ClusteredSingleSignOn
|
92 | 14ad7326 | pastith | valve shown below.
|
93 | 14ad7326 | pastith |
|
94 | 14ad7326 | pastith | A new configuration attribute is available beginning with
|
95 | 14ad7326 | pastith | release 4.0.4:
|
96 | 14ad7326 | pastith |
|
97 | 14ad7326 | pastith | cookieDomain configures the domain to which the SSO cookie
|
98 | 14ad7326 | pastith | will be scoped (i.e. the set of hosts to
|
99 | 14ad7326 | pastith | which the cookie will be presented). By default
|
100 | 14ad7326 | pastith | the cookie is scoped to "/", meaning the host
|
101 | 14ad7326 | pastith | that presented it. Set cookieDomain to a
|
102 | 14ad7326 | pastith | wider domain (e.g. "xyz.com") to allow an SSO
|
103 | 14ad7326 | pastith | to span more than one hostname.
|
104 | 14ad7326 | pastith | -->
|
105 | 14ad7326 | pastith | <!--
|
106 | 14ad7326 | pastith | <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
107 | 14ad7326 | pastith | -->
|
108 | 14ad7326 | pastith | |
109 | 14ad7326 | pastith | <!-- Uncomment to enable single sign-on across web apps
|
110 | 14ad7326 | pastith | deployed to this host AND to all other hosts in the cluster.
|
111 | 14ad7326 | pastith |
|
112 | 14ad7326 | pastith | If this valve is used, do not use the standard Tomcat SingleSignOn
|
113 | 14ad7326 | pastith | valve shown above.
|
114 | 14ad7326 | pastith |
|
115 | 14ad7326 | pastith | Valve uses a JBossCache instance to support SSO credential
|
116 | 14ad7326 | pastith | caching and replication across the cluster. The JBossCache
|
117 | 14ad7326 | pastith | instance must be configured separately. See the
|
118 | 14ad7326 | pastith | "jboss-web-clusteredsso-beans.xml" file in the
|
119 | 14ad7326 | pastith | server/all/deploy directory for cache configuration details.
|
120 | 14ad7326 | pastith |
|
121 | 14ad7326 | pastith | Besides the attributes supported by the standard Tomcat
|
122 | 14ad7326 | pastith | SingleSignOn valve (see the Tomcat docs), this version also
|
123 | 14ad7326 | pastith | supports the following attributes:
|
124 | 14ad7326 | pastith |
|
125 | 14ad7326 | pastith | cookieDomain see above
|
126 | 14ad7326 | pastith |
|
127 | 14ad7326 | pastith | treeCacheName JMX ObjectName of the JBossCache MBean used to
|
128 | 14ad7326 | pastith | support credential caching and replication across
|
129 | 14ad7326 | pastith | the cluster. If not set, the default value is
|
130 | 14ad7326 | pastith | "jboss.cache:service=ClusteredSSOCache"
|
131 | 14ad7326 | pastith |
|
132 | 14ad7326 | pastith | maxEmptyLife The maximum number of seconds an SSO with no
|
133 | 14ad7326 | pastith | active sessions will be usable by a request
|
134 | 14ad7326 | pastith |
|
135 | 14ad7326 | pastith | processExpiresInterval The minimum number of seconds between
|
136 | 14ad7326 | pastith | efforts by the valve to find and invalidate
|
137 | 14ad7326 | pastith | SSO's that have exceeded their 'maxEmptyLife'.
|
138 | 14ad7326 | pastith | Does not imply effort will be spent on such
|
139 | 14ad7326 | pastith | cleanup every 'processExpiresInterval'.
|
140 | 14ad7326 | pastith | -->
|
141 | 14ad7326 | pastith | <!--
|
142 | 14ad7326 | pastith | <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
|
143 | 14ad7326 | pastith | -->
|
144 | 14ad7326 | pastith | |
145 | 14ad7326 | pastith | <!-- Check for unclosed connections and transaction terminated checks
|
146 | 14ad7326 | pastith | in servlets/jsps.
|
147 | 14ad7326 | pastith |
|
148 | 14ad7326 | pastith | Important: The dependency on the CachedConnectionManager
|
149 | 14ad7326 | pastith | in META-INF/jboss-service.xml must be uncommented, too
|
150 | 14ad7326 | pastith | -->
|
151 | 14ad7326 | pastith | |
152 | 14ad7326 | pastith | <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve" |
153 | 14ad7326 | pastith | cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" |
154 | 14ad7326 | pastith | transactionManagerObjectName="jboss:service=TransactionManager" /> |
155 | 14ad7326 | pastith | |
156 | 14ad7326 | pastith | </Host>
|
157 | 14ad7326 | pastith | |
158 | 14ad7326 | pastith | </Engine>
|
159 | 14ad7326 | pastith | |
160 | 14ad7326 | pastith | </Service>
|
161 | 14ad7326 | pastith | |
162 | 14ad7326 | pastith | </Server> |