... Instance documents may indicate the published version of the schema using the xsi:schemaLocation attribute for the Java EE namespace with the following location: http://www.jboss.org/j2ee/schema/jboss-web_13_0.xsd ]]> The following conventions apply to all Java EE deployment descriptor elements unless indicated otherwise. - In elements that specify a pathname to a file within the same JAR file, relative filenames (i.e., those not starting with "/") are considered relative to the root of the JAR file's namespace. Absolute filenames (i.e., those starting with "/") also specify names in the root of the JAR file's namespace. In general, relative names are preferred. The exception is .war files where absolute names are preferred for consistency with the Servlet API. This is the root element of jboss-web deployment descriptor. The jboss-web element is the root element of jboss-web.xml file. It contains all the information used by jboss but not described in the web.xml file. All of it is optional. Determines the maximum number of sessions to retain in memory. If the application attempts to exceed this limit, the resulting behavior is determined by the session manager. If the session manager supports passivation, then sessions accessed least recently will be passivated to make room for new sessions. If the session manager does not support passivation then any attempt to create more than max-active-sessions will fail. If undefined, or if set to -1, then no limit is placed on the number of sessions retained in memory, and sessions will never passivate. Defines a web container listener. The module element allows specifying from which module in the application server the specified class will be loaded. The listener type element defines which events the listener will receive from the web container. LIFECYCLE ]]> Defines a web container valve. The module element allows specifying from which module in the application server the specified class will be loaded. A container valve is used to intercept the request that will be processed by the servlet. It is invoked as part of a chain, before the invocation of the webapp's filter chain. Defines a web container HTTPHandler. The module element allows specifying from which module in the application server the specified class will be loaded. A handler is used to intercept the request that will be processed by the servlet. It is invoked as part of a chain, before the invocation of the webapp's filter chain. The class specified can either be a HttpHandler that has a constructor that takes the next HttpHandler, or can be a HandlerWrapper that produces the next handler. The overlay element specifies additional static files overlays for this web application. The content of the element should be a folder in the filesystem containing the static files that will overlay the webapp's static files, similar to what happens with regular JAR overlays. The name of a security-domain that will be used to authenticate and authorize users. Whether the domain's cache should be flushed when the session invalidates. The disable-cross-context element specifies if cross context access should be enabled for this webapp, allowing it to use the request dispatcher to access other webapps deployed in the application server. The use-jboss-authorization element specifies if the JBoss authorization layer should be used. The disable-audit element specifies if the security audit logging should be disabled. If this is set to false then authentication will not be performed unless it is required, even if credentials are present. The distinct-name element specifies the EJB 3 distinct name for this web application. The symbolic-linked-allowed element specifies if symlinking is allowed in exploded deployments. The jacc-star-role-allow element specifies whether the jacc permission generating agent in the web layer needs to generate a WebResourcePermission(url,null) permission such that the jacc provider can make a decision as to bypass authorization or not. The jacc-context-id element allows for the specification of the JACC contextID that should be used to identify the web application when checking for permissions. If not set the deployment unit name is used as JACC contextID. The context-root element specifies the context root of a web application. This is normally specified at the ear level using the standard JEE application.xml descriptor, but it may be given here for standalone wars. This should not override the application.xml level specification. The servlet-container element specifies the which servlet container this application should be using. The server-instance element specifies the which server instance configuration this application belongs to. Default encoding to use for this application www.jboss-store.org ]]> web web.dist ]]> SESSION or ATTRIBUTE ]]> The servlet element specifies servlet specific bindings. Currently this is only the run-as principal identity. The run-as-principal element specifies whether a specific run-as identity is to be used. If there is a run-as role defined for a servlet, there can also be a run-as-principal defined here. If you don't define a run-as principal the callee will see ctx.getUserPrincipal() == 'anonymous' The annotation element specifies annotation specific bindings. This allows overriding the @ServletSecurity, @RunAs and @MultipartConfig, which apply on a Servlet class rather than a Servlet name. They have the same structure and element names as the corresponding annotation. Legacy enable-websockets option. Websockets are enabled by default, this option allows them to be turned off.