Whether statistics are to be gathered for undertow subsystem. requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here. ]]> Reference to the SSLContext that should be used by this listener. If neither ssl-context or security-realm are set the JVM wide default SSLContext will be used instead. If this attribute is defined, the attributes 'verify-client', 'enabled-cipher-suites', 'enabled-protocols', 'ssl-session-cache-size', and 'ssl-session-timeout' must not be set. Reference to the legacy security realm to use to obtain an SSLContext. If neither ssl-context or security-realm are set the JVM wide default SSLContext will be used instead. requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here. ]]> Default response code should be set in case server should respond with nonstandard code( other than 404 ) for unavailable resource. For instance, server behind load balancer might want to respond with 5xx code to avoid being dropped by it. A collection of free-form meta-data properties. The available attributes to be included in the structured access log output. Determines how a failover node is chosen, in the event that the node to which a session has affinity is not available. Web requests will not have an affinity for any particular server, routing information will be ignored. Intended for use cases where web session state is not maintained within the application server. Web requests have an affinity for the member that last handled a given session. This option corresponds to traditional sticky session behavior. Web requests will have an affinity for the first available node in a list typically comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner). The delimiter used to separate ranked routes within the session ID. Failover target chosen via load balancing mechanism. Failover target chosen deterministically from the associated session identifier. Listing of security domains from applications that should be mapped to an Elytron backed authentication policy. The name of the security domain as specified in deployments. Reference to the HttpAuthenticationFactory that should be used. Exactly one of http-authentication-factory or security-domain must be defined. The references HttpServerAuthenticationMechanismFactory contains it's own policy configuration to control the authentication mechanisms it supports, if this attribute is set to 'true' that policy will override the methods specified within the deployment. This attribute can only be specified if a http-authentication-factory is also specified. Reference to the security-domain that should be associated with the deployment, where a security-domain is referenced instead of a http-authentication-factory the authentication mechanisms BASIC, DIGEST, FORM and CLIENT_CERT will be availble for the deployment to use - additionally the deployment can make use of the programatic login API. Exactly one of http-authentication-factory or security-domain must be defined. Enable authorization using JACC. Should deployments matching against this 'application-security-domain' have JASPI enabled, by setting to false JASPI will be completely disabled for the deployment. When integrated-jaspi is enabled during JASPI authentication the resulting identity will be loaded from the SecurityDomain referenced by the deployment, if this is switched off AdHoc identities will be created instead. References key store containing the key used to sign and verify logout requests. The alias of the key used to sign and verify logout requests. The ssl context used to secure back-channel logout connections. Group of attributes used when referencing credential through credential store. Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere. Alias of credential in the credential store. Type of credential to be fetched from credential store. It is usually fully qualified class name. Credential/password in clear text. Use just for testing purpose. Otherwise use credential store to mask the actual credential from your configuration.