server.xml elements beginning with S
The following elements are discussed below:
| search-app | search-collection | server | servlet-container | session-replication | single-sign-on | snmp |
| soap-auth-provider | ssl | ssl2-ciphers | ssl3-tls-ciphers | ssl-session-cache | stats |
search-app
The search-app element configures the built-in search web application. This element may appear zero or one time within the virtual-server element. For more information, see virtual-server.
Subelements
The search-app element can contain the following subelements:
Table 3-43 List of search-app Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether the search application is enabled at runtime. The default value is true. |
| max-hits | 0 or 1 | The maximum number of search results to return in response to a single search query. The value can be from 0 to 10000. |
| uri | 1 | The root URI for the search web application. |
See Also
search-collection
The search-collection element configures a collection of searchable documents. This element may appear zero or more times within the virtual-server element. For more information, see virtual-server.
Subelements
The search-collection element can contain the following subelements:
Table 3-44 List of search-collection Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether the collection can be searched. The default value is true. |
| name | 1 | The name that uniquely identifies the search collection. |
| display-name | 0 or 1 | The description of the search collection displayed to end users. |
| uri | 1 | The root URI for the searchable documents. |
| document-root | 1 | The file system root for the searchable documents. If a relative path is used, it is relative to the server's config directory. |
| path | 1 | The file system path where search collection meta data is stored. If a relative path is used, it is relative to the server's config directory. |
| index | 0 or 1 | Configures the document fields to be indexed. For more details, see index. |
| convert | 0 or 1 | Configures the document type to be converted. For more details, see convert. |
| include | 0 or 1 | Configures document types that should be included. For more details, see include. |
| description | 0 or 1 | The description of the search collection. |
See Also
server
The server element defines a server. This is the root element, and there can be only one server element in the server.xml file.
Subelements
The server element has the following subelements:
Table 3-45 List of server Subelements
| Element | Occurrences | Description |
|---|---|---|
| cluster | 0 or 1 | The server cluster to which the server belongs. For more details, see cluster. |
| log | 0 or 1 | Configures the logging subsystem. For more details, see log. |
| user | 0 or 1 | The account the server runs as (UNIX only). The value is the user account. If the server is started as root, any UNIX account can be specified. If the server is started by a non-root account, only that non-root account should be specified. |
| platform | 0 or 1 | Determines whether the server runs as a 32-bit or 64-bit process. The value can be 32 or 64. |
| temp-path | 0 or 1 | The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's config directory. The directory must be owned by the account that the server runs as. |
| variable | 0 or more | Defines a variable for use in expressions, log formats, and obj.conf parameters. For more details, see variable. |
| localization | 0 or 1 | Configures localization. For more details, see localization. |
| http | 0 or 1 | Configures the HTTP protocol options. For more details, see http. |
| keep-alive | 0 or 1 | Configures the HTTP keep-alive subsystem. For more details, see keep-alive. |
| thread-pool | 0 or 1 | Configures the HTTP request processing threads. For more details, see thread-pool. |
| pkcs11 | 0 or 1 | Configures the PKCS #11 subsystem. For more details, see pkcs11. |
| stats | 0 or 1 | Configures the statistics collection subsystem. For more details, see stats. |
| cgi | 0 or 1 | Configures the CGI subsystem. For more details, see cgi. |
| qos | 0 or 1 | Configures the QOS subsystem. For more details, see qos. |
| dns | 0 or 1 | Configures the server's use of DNS. For more details, see dns. |
| dns-cache | 0 or 1 | Configures the DNS cache. For more details, see dns-cache. |
| file-cache | 0 or 1 | Configures the file cache. For more details, see file-cache. |
| acl-cache | 0 or 1 | Configures the ACL cache. For more details, see acl-cache. |
| ssl-session-cache | 0 or 1 | Configures the SSL/TLS session cache. For more details, see ssl-session-cache. |
| access-log-buffer | 0 or 1 | Configures the access log buffering subsystem. For more details, see access-log-buffer. |
| dav | 0 or 1 | Configures WebDAV. For more details, see dav. |
| snmp | 0 or 1 | Configures SNMP. For more details, see snmp. |
| qos-limits | 0 or 1 | Configures the QOS limits for the server. For more details, see qos-limits. |
| audit-accesses | 0 or 1 | Specifies whether authentication and authorization events are logged. The default value is false. |
| jvm | 0 or 1 | Configures JVM. For more details, see jvm. |
| servlet-container | 0 or 1 | Configures the Servlet container. For more details, see servlet-container. |
| lifecycle-module | 0 or more | Configures a Java server lifecycle module. For more details, see lifecycle-module. |
| custom-resource | 0 or more | Configures a resource implemented by a custom class. For more details, see custom-resource. |
| external-jndi-resource | 0 or more | Configures a resource provided by an external JNDI repository. For more details, see external-jndi-resource. |
| jdbc-resource | 0 or more | Configures a JDBC resource. For more details, see jdbc-resource. |
| mail-resource | 0 or more | Configures a mail store. For more details, see mail-resource. |
| default-soap-auth-provider-name | 0 or 1 | The name of the default SOAP message-level authentication provider. The value is the name value from a soap-auth-provider element. For more details, see default-soap-auth-provider-name |
| soap-auth-provider | 0 or more | Configures a SOAP message-level authentication provider. For more details, see soap-auth-provider. |
| default-auth-realm-name | 0 or 1 | The name of the default Servlet container authentication realm. The value is the name value from an auth-realm element. For more details, see auth-realm. |
| auth-realm | 0 or more | Configures a Servlet container authentication realm. For more details, see auth-realm. |
| default-auth-db-name | 0 or 1 | The name of the default ACL authentication database. The value is the name value from an auth-db element, and the default value is default. For more details, see auth-db. |
| auth-db | 0 or more | Configures an ACL authentication database for the server. For more details, see auth-db. |
| acl-file | 0 or more | The ACL file that controls access to the server. The value is the name of an ACL file. For more details, see acl-file. |
| mime-file | 0 or more | The mime.types file that configures MIME mappings for the server as a whole. The value is the name of a mime.types file. For more details, see mime-file. |
| access-log | 0 or more | Configures an HTTP access log for the server. For more details, see access-log. |
| http-listener | 0 or more | Configures an HTTP listener. For more details, see http-listener. |
| virtual-server | 0 or more | Configures a virtual server. For more details, see virtual-server. |
| event | 0 or more | Configures a recurring event. For more details, see event. |
servlet-container
The servlet-container element configures the Servlet container. This element may appear zero or one time within the server element. For more information, see server.
Subelements
The servlet-container element can contain the following subelements:
Table 3-46 List of servlet-container Subelements
| Element | Occurrences | Description |
|---|---|---|
| dynamic-reload-interval | 0 or 1 | Specifies how often the server checks the deployed web applications for modifications. The value can be from 1 to 60, or 0 to disable dynamic reloading. |
| log-level | 0 or 1 | The log verbosity for the Servlet container. The value can be finest (most verbose), finer, fine, info, warning, failure, config, security, or catastrophe (least verbose). |
| anonymous-role | 0 or 1 | The name of the default, or anonymous role assigned to all principals. The default role is ANYONE. |
| single-threaded-servlet-pool-size | 0 or 1 | The number of Servlet instances to instantiate per SingleThreadedServlet. The value can be from 1 to 4096. The default value is 5. |
| cross-context-allowed | 0 or 1 | Determines whether request dispatchers are allowed to dispatch to another context. The default is true. |
| reuse-session-id | 0 or 1 | Determines whether any existing session ID number is reused when creating a new session for that client. The default value is false. |
| encode-cookies | 0 or 1 | Determines whether the Servlet container encodes cookie values. The default value is true. |
| dispatcher-max-depth | 0 or 1 | The maximum depth for the Servlet container allowing nested request dispatches. The value can be from 0 to 2147483647. The default value is 20. |
| secure-session-cookie | 0 or 1 |
Controls the conditions under which the JSESSIONID cookie is marked secure. The value can be as follows:
- dynamic – Marks the cookie secure only when the request is received on a secure connection
- true - Always marks the cookie secure
- false – Never marks the cookie secure
The default value is dynamic. |
See Also
session-replication
The session-replication element configures Servlet session replication within a server cluster. This element may appear zero or one time within the cluster element, and zero or one time within the instance element. For more information, see cluster, and instance.
Subelements
The session-replication element can contain the following subelements:
Table 3-47 List of session-replication Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether the session replication is enabled at runtime. The default value is true. |
| port | 0 or 1 | Specifies the port on which the server will listen. The default port number is 1099. |
| instance-id | 0 or 1 | (Only applicable at the instance level.) The value that uniquely identifies the instance for use in cookies. |
| key | 0 or 1 | (Only applicable at the cluster level.) The shared secret which members of the cluster use to authenticate to each other. The value of this subelement should be in text format. |
| encrypted | 0 or 1 | (Only applicable at the cluster level.) Determines whether the session data is encrypted prior to replication. The default value is false. |
| protocol | 0 or 1 | (Only applicable at the cluster level.) The protocol used for session replication. The value can be http or jrmp. |
| getAttribute-triggers-replication | 0 or 1 | (Only applicable at the cluster level.) Determines whether a call to the HttpSession.getAttribute method should cause a session to be backed up. The default value is true. |
| replica-discovery-max-hops | 0 or 1 | (Only applicable at the cluster level.) The maximum number of instances that should be contacted while attempting to find the backup of a session. The value can be from 1 to 2147483647, or -1 for no limit. |
| startup-discovery-timeout | 0 or 1 | (Only applicable at the cluster level.) The maximum time (in seconds) that an instance spends trying to contact its designated backup instance. The value can be from 0.001 to 3600. |
| cookie-name | 0 or 1 | (Only applicable at the cluster level.) The name of the cookie that tracks which instance owns a session. |
| cipher | 0 or 1 | (Only applicable at the cluster level.) The value of a JCE cipher. JCE ciphers are specified using the form algorithm/mode/padding. The value should be in text format. The default value is AES/CBC/PKCS5Padding. |
single-sign-on
The single-sign-on element configures a single authentication mapping across multiple Java web applications sharing the same realm. This element may appear zero or one time within the virtual-server element. For more information, see virtual-server.
Subelements
The single-sign-on element can contain the following subelements:
Table 3-48 List of single-sign-on Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether the single-sign-on feature is enabled at runtime. The default value is false. |
| idle-timeout | 0 or 1 | The timeout (in seconds) after which a user's single sign-on records becomes eligible for purging if no activity is seen. The value can be from 0.001 to 3600, or -1 for no timeout. The default value is 300 seconds. |
See Also
snmp
The snmp element configures the server's SNMP subagent. This element may appear zero or more times within the server element. For more information, see server.
Subelements
The snmp element can contain the following subelements:
Table 3-49 List of snmp Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether SNMP is enabled at runtime. The default value is true. |
| master-host | 0 or 1 | The network address of the SNMP master agent. The value is a host name or IP address. |
| description | 1 | The description of the server. The value should be in text format. |
| organization | 1 | The name of the organization responsible for the server. The value should be in text format. |
| location | 1 | The location of the server. The value should be in text format. |
| contact | 1 | The contact information of the person responsible for the server. The value should be in text format. |
See Also
soap-auth-provider
The soap-auth-provider element configures a SOAP message-level authentication provider for web services. This element may appear zero or more times within the server element. For more information, see server.
Subelements
The soap-auth-provider element can contain the following subelements:
Table 3-50 List of soap-auth-provider Subelements
| Element | Occurrences | Description |
|---|---|---|
| name | 1 | The name that uniquely identifies the SOAP message-level authentication provider for use in default-soap-auth-provider-name and sun-web.xml. |
| class | 1 | The class that implements the provider realm. The value is a name of a class that implements javax.security.auth.XXX. |
| request-policy | 0 or 1 | Configures the authentication policy requirements for requests. For more details, see request-policy. |
| response-policy | 0 or 1 | Configures the authentication policy requirements for responses. For more details, see response-policy. |
| property | 0 or more | Configures the optional provider-specific properties. For more details, see property. |
ssl
The ssl element configures the SSL/TLS settings. This element may appear zero or one time within the http-listener element. For more information, see http-listener.
Subelements
The ssl element can contain the following subelements:
Table 3-51 List of ssl Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether SSL/TLS is enabled at runtime. The default value is true. |
| server-cert-nickname | 0 or more | The nickname of the certificate that server presents to the clients. You can specify zero or one RSA certificates, plus zero or one ECC certificates. |
| ssl2 | 0 or 1 | Determines whether SSL2 connections are accepted. The default value is false. |
| ssl3 | 0 or 1 | Determines whether SSL3 connections are accepted. The default value is true. |
| tls | 0 or 1 | Determines whether TLS connections are accepted. The default value is true. |
| tls-rollback-detection | 0 or 1 | Determines whether the server detects and blocks TLS version rollback attacks. The default value is true. |
| ssl2-ciphers | 0 or 1 | Configures the SSL2 cipher suites. For more details, see ssl2-ciphers. |
| ssl3-tls-ciphers | 0 or 1 | Configures the SSL3 and TLS cipher suites. For more details, see ssl3-tls-ciphers. |
| client-auth | 0 or 1 | The method of client certificate authentication. The value can be required, optional, or false. |
| client-auth-timeout | 0 or 1 | The timeout (in seconds) after which client authentication handshake fails. The value can be from 0.001 to 3600. |
| max-client-auth-data | 0 or 1 | The maximum amount of application-level data to buffer during a client authentication handshake. The value can be from 0 to 2147483647. |
See Also
ssl2-ciphers
The ssl2-ciphers element configures SSL2 cipher suites. This element may appear zero or one time within the ssl element. For more information, see ssl.
Subelements
The ssl2-ciphers element can contain the following subelements:
Table 3-52 List of ssl2-ciphers Subelements
| Element | Occurrences | Description |
|---|---|---|
| SSL_RC4_128_WITH_MD5 | 0 or 1 | Determines whether the SSL_RC4_128_WITH_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_RC4_128_EXPORT40_WITH_MD5 | 0 or 1 | Determines whether the SSL_RC4_128_EXPORT40_WITH_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_RC2_128_CBC_WITH_MD5 | 0 to 1 | Determines whether the SSL_RC2_128_CBC_WITH_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_RC2_128_CBC_EXPORT40_WITH_MD5 | 0 or 1 | Determines whether the SSL_RC2_128_CBC_EXPORT40_WITH_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_DES_64_CBC_WITH_MD5 | 0 to 1 | Determines whether the SSL_DES_64_CBC_WITH_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_DES_192_EDE3_CBC_WITH_MD5 | 0 to 1 | Determines whether the SSL_DES_192_EDE3_CBC_WITH_MD5 cipher suite is enabled at runtime. The default value is true. |
See Also
ssl3-tls-ciphers
The ssl3-tls-ciphers element configures SSL3 and TLS cipher suites. This element may appear zero or one time within the ssl element. For more information, see ssl.
Subelements
The ssl3-tls-ciphers element can contain the following subelements:
Table 3-53 List of ssl3-tls-ciphers Subelements
| Element | Occurrences | Description |
|---|---|---|
| SSL_RSA_WITH_RC4_128_MD5 | 0 or 1 | Determines whether the SSL_RSA_WITH_RC4_128_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_WITH_DES_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_DES_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_EXPORT_WITH_RC4_40_MD5 | 0 or 1 | Determines whether the SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 0 or 1 | Determines whether the SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_WITH_NULL_MD5 | 0 or 1 | Determines whether the SSL_RSA_WITH_NULL_MD5 cipher suite is enabled at runtime. The default value is false. |
| SSL_RSA_WITH_NULL_SHA | 0 or 1 | Determines whether the SSL_RSA_WITH_NULL_SHA cipher suite is enabled at runtime. The default value is false. |
| SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| SSL_RSA_FIPS_WITH_DES_CBC_SHA | 0 or 1 | Determines whether the SSL_RSA_FIPS_WITH_DES_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDH_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDH_RSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the TLS_ECDH_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA | 0 or 1 | Determines whether the TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| TLS_RSA_EXPORT1024_WITH_RC4_56_SHA | 0 or 1 | Determines whether the TLS_RSA_EXPORT1024_WITH_RC4_56_SHA cipher suite is enabled at runtime. The default value is true. |
| TLS_RSA_WITH_AES_128_CBC_SHA | 0 or 1 | Determines whether the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| TLS_RSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is true. |
| TLS_ECDHE_ECDSA_WITH_NULL_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_NULL_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_RSA_WITH_NULL_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_NULL_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_RSA_WITH_RC4_128_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 0 or 1 | Determines whether the TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. The default value is false. |
See Also
ssl-session-cache
The ssl-session-cache element configures the SSL/TLS session cache. This element may appear zero or one time within the server element. For more information, see server.
Subelements
The ssl-session-cache element can contain the following subelements:
Table 3-54 List of ssl-session-cache Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether the server caches SSL/TLS sessions. The default value is true. |
| max-entries | 0 or 1 | The maximum number of SSL/TLS sessions the server will cache. The value can be from 1 to 524288. |
| max-ssl2-session-age | 0 or 1 | The maximum amount of time to cache an SSL2 session. The value can be from 5 to 100. |
| max-ssl3-tls-session-age | 0 or 1 | The maximum amount of time to cache an SSL3/TLS session. The value can be from 5 to 86400. |
See Also
stats
The stats element configures the statistics collection subsystem. This element may appear zero or one time within the server element. For more information, see server.
Subelements
The stats element can contain the following subelements:
Table 3-55 List of stats Subelements
| Element | Occurrences | Description |
|---|---|---|
| enabled | 0 or 1 | Determines whether the server collects statistics. The default value is true. |
| interval | 0 or 1 | Interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600. |
| profiling | 0 or 1 | Determines whether the performance buckets, used to track NSAPI function execution time, are enabled at runtime. The default value is true. |
Sign up or Log in to add a comment or watch this page.