Synnefo

<Server>

   <!-- Optional listener which ensures correct init and shutdown of APR,

        and provides information if it is not installed -->

   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

   <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->

   <Listener className="org.apache.catalina.core.JasperListener" />

   <Service name="jboss.web">

      <!-- A HTTP/1.1 Connector on port 8080 -->

      <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" 

               connectionTimeout="20000" redirectPort="8443"  URIEncoding="UTF-8"/>

      <!-- Add this option to the connector to avoid problems with 

          .NET clients that don't implement HTTP/1.1 correctly 

         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"

      -->

      <!-- A AJP 1.3 Connector on port 8009 -->

      <!-- The recommended value of maxThreads is 200 per CPU -->

      <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"

          maxThreads="200" connectionTimeout="600000" redirectPort="8443"  URIEncoding="UTF-8"/>

      <!-- SSL/TLS Connector configuration using the admin devl guide keystore

      <Connector protocol="HTTP/1.1" SSLEnabled="true" 

           port="8443" address="${jboss.bind.address}"

           scheme="https" secure="true" clientAuth="false" 

           keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"

           keystorePass="rmi+ssl" sslProtocol = "TLS" />

      -->

      <Engine name="jboss.web" defaultHost="localhost">

         <!-- The JAAS based authentication and authorization realm implementation

         that is compatible with the jboss 3.2.x realm implementation.

         - certificatePrincipal : the class name of the

         org.jboss.security.auth.certs.CertificatePrincipal impl

         used for mapping X509[] cert chains to a Princpal.

         - allRolesMode : how to handle an auth-constraint with a role-name=*,

         one of strict, authOnly, strictAuthOnly

           + strict = Use the strict servlet spec interpretation which requires

           that the user have one of the web-app/security-role/role-name

           + authOnly = Allow any authenticated user

           + strictAuthOnly = Allow any authenticated user only if there are no

           web-app/security-roles

         -->

         <Realm className="org.jboss.web.tomcat.security.JBossWebRealm"

            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"

            allRolesMode="authOnly"

            />

         <!-- A subclass of JBossSecurityMgrRealm that uses the authentication

         behavior of JBossSecurityMgrRealm, but overrides the authorization

         checks to use JACC permissions with the current java.security.Policy

         to determine authorized access.

         - allRolesMode : how to handle an auth-constraint with a role-name=*,

         one of strict, authOnly, strictAuthOnly

           + strict = Use the strict servlet spec interpretation which requires

           that the user have one of the web-app/security-role/role-name

           + authOnly = Allow any authenticated user

           + strictAuthOnly = Allow any authenticated user only if there are no

           web-app/security-roles

         <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"

            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"

            allRolesMode="authOnly"

            />

         -->

         <Host name="localhost"> 

            <!-- Uncomment to enable request dumper. This Valve "logs interesting 

                 contents from the specified Request (before processing) and the 

                 corresponding Response (after processing). It is especially useful 

                 in debugging problems related to headers and cookies."

            -->

            <!--

            <Valve className="org.apache.catalina.valves.RequestDumperValve" />

            -->

            <!-- Access logger -->

            <!--

            <Valve className="org.apache.catalina.valves.AccessLogValve"

                prefix="localhost_access_log." suffix=".log"

                pattern="common" directory="${jboss.server.log.dir}" 

                resolveHosts="false" />

            -->

            <!-- Uncomment to enable single sign-on across web apps

                deployed to this host. Does not provide SSO across a cluster.     

                If this valve is used, do not use the JBoss ClusteredSingleSignOn 

                valve shown below.

                A new configuration attribute is available beginning with

                release 4.0.4:

                cookieDomain  configures the domain to which the SSO cookie

                              will be scoped (i.e. the set of hosts to

                              which the cookie will be presented).  By default

                              the cookie is scoped to "/", meaning the host

                              that presented it.  Set cookieDomain to a

                              wider domain (e.g. "xyz.com") to allow an SSO

                              to span more than one hostname.

             -->

            <!--

            <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

            -->

            <!-- Uncomment to enable single sign-on across web apps

               deployed to this host AND to all other hosts in the cluster.

               If this valve is used, do not use the standard Tomcat SingleSignOn

               valve shown above.

               Valve uses a JBossCache instance to support SSO credential 

               caching and replication across the cluster.  The JBossCache 

               instance must be configured separately.  See the 

               "jboss-web-clusteredsso-beans.xml" file in the 

               server/all/deploy directory for cache configuration details.

               Besides the attributes supported by the standard Tomcat

               SingleSignOn valve (see the Tomcat docs), this version also 

               supports the following attributes:

               cookieDomain   see above

               treeCacheName  JMX ObjectName of the JBossCache MBean used to 

                              support credential caching and replication across

                              the cluster. If not set, the default value is 

                              "jboss.cache:service=ClusteredSSOCache"

               maxEmptyLife   The maximum number of seconds an SSO with no 

                              active sessions will be usable by a request

               processExpiresInterval The minimum number of seconds between 

                              efforts by the valve to find and invalidate 

                              SSO's that have exceeded their 'maxEmptyLife'. 

                              Does not imply effort will be spent on such

                                              cleanup every 'processExpiresInterval'.

            -->

            <!--

            <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />

            -->

            <!-- Check for unclosed connections and transaction terminated checks

                 in servlets/jsps.

                 Important: The dependency on the CachedConnectionManager

                 in META-INF/jboss-service.xml must be uncommented, too

           -->

            <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"

                cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"

                transactionManagerObjectName="jboss:service=TransactionManager" />

         </Host>

      </Engine>

   </Service>

</Server>