447 lines
20 KiB
XML
447 lines
20 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!--
|
|
~ Copyright The WildFly Authors
|
|
~ SPDX-License-Identifier: Apache-2.0
|
|
-->
|
|
|
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
|
targetNamespace="urn:jboss:domain:remoting:6.0"
|
|
xmlns="urn:jboss:domain:remoting:6.0"
|
|
elementFormDefault="qualified"
|
|
attributeFormDefault="unqualified"
|
|
version="6.0">
|
|
|
|
<!-- The remoting subsystem root element -->
|
|
<xs:element name="subsystem" type="subsystem"/>
|
|
|
|
<xs:complexType name="subsystem">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The configuration of the Remoting subsystem.
|
|
|
|
The 'worker-thread-pool' element configures the worker thread pool.
|
|
The nested "connector" element(s) define connectors for this subsystem.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element name="endpoint" type="endpointType"/>
|
|
<xs:element name="connector" type="connector" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="http-connector" type="http-connector" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="outbound-connections" minOccurs="0" type="outbound-connectionsType" />
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="endpointType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Configures the remoting endpoint.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="worker" type="xs:string" default="default">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The name of the IO subsystem worker the endpoint should use.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
|
|
<xs:attribute name="authorize-id" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="auth-realm" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The authentication realm to use if no authentication CallbackHandler is specified.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="sasl-protocol" type="xs:string" default="remote+http">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-outbound-message-size" type="xs:long" default="9223372036854775807">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="buffer-region-size" type="xs:positiveInteger">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The size of allocated buffer regions.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="receive-buffer-size" type="xs:positiveInteger" default="8192">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The size of the largest buffer that this endpoint will accept over a connection.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="authentication-retries" type="xs:positiveInteger" default="3">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Specify the number of times a client is allowed to retry authentication before closing the connection.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="transmit-window-size" type="xs:positiveInteger" default="131072">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum window size of the transmit direction for connection channels, in bytes.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-outbound-messages" type="xs:positiveInteger" default="65535">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum number of concurrent outbound messages on a channel.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="send-buffer-size" type="xs:positiveInteger" default="8192">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The size of the largest buffer that this endpoint will transmit over a connection.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-inbound-messages" type="xs:positiveInteger" default="80">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum number of concurrent inbound messages on a channel.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="receive-window-size" type="xs:positiveInteger" default="131072">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum window size of the receive direction for connection channels, in bytes.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="heartbeat-interval" type="xs:positiveInteger" default="2147483647">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The interval to use for connection heartbeat, in milliseconds.
|
|
If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-inbound-message-size" type="xs:long" default="9223372036854775807">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum inbound message size to be allowed.
|
|
Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-outbound-channels" type="xs:positiveInteger" default="40">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum number of outbound channels to support for a connection.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-inbound-channels" type="xs:positiveInteger" default="40">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The maximum number of inbound channels to support for a connection.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="server-name">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="abstractConnector" abstract="true">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The base configuration of a Remoting connector.
|
|
|
|
The "name" attribute specifies the unique name of this connector.
|
|
|
|
The optional nested "sasl" element contains the SASL authentication configuration for this connector.
|
|
|
|
The optional nested "authentication-provider" element contains the name of the authentication provider to
|
|
use for incoming connections.
|
|
|
|
The optional server-name attribute specifies the server name that should be used in the initial exchange with
|
|
the client and within the SASL mechanisms used for authentication.
|
|
|
|
The optional sasl-protocol attribute specifies the protocol that should be used within the SASL mechanisms.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:all>
|
|
<xs:element name="sasl" type="sasl" minOccurs="0"/>
|
|
<xs:element name="properties" type="properties" minOccurs="0"/>
|
|
</xs:all>
|
|
<xs:attribute name="name" type="xs:string" use="required"/>
|
|
<xs:attribute name="authentication-provider" type="xs:string"/>
|
|
<xs:attribute name="security-realm" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Deprecated: Security configuration for connectors should be specified using a sasl-authentication-factory and/or
|
|
ssl-context reference instead of using a security-realm.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="server-name" type="xs:string" use="optional" />
|
|
<xs:attribute name="sasl-protocol" type="xs:string" default="remote" />
|
|
<xs:attribute name="sasl-authentication-factory" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Reference to the SASL authentication factory to use for authenticating requests to this connector.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="connector">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The configuration of a Remoting connector.
|
|
|
|
The "socket-binding" attribute specifies the name of the socket binding to attach to.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:complexContent>
|
|
<xs:extension base="abstractConnector">
|
|
<xs:attribute name="socket-binding" type="xs:string" use="required"/>
|
|
<xs:attribute name="ssl-context" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Reference to the SSLContext to use for this connector.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="http-connector">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The configuration of a Remoting HTTP upgrade based connector.
|
|
|
|
The "connector-ref" specifies the name of the Undertow http connector to use.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:complexContent>
|
|
<xs:extension base="abstractConnector">
|
|
<xs:attribute name="connector-ref" type="name-list" use="required"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="sasl">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The configuration of the SASL authentication layer for this server.
|
|
|
|
The optional nested "include-mechanisms" element contains a whitelist of allowed SASL mechanism names.
|
|
No mechanisms will be allowed which are not present in this list.
|
|
|
|
The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order
|
|
of preference.
|
|
|
|
The optional nested "strength" element contains a list of cipher strength values, in decreasing order
|
|
of preference.
|
|
|
|
The optional nested "reuse-session" boolean element specifies whether or not the server should attempt
|
|
to reuse previously authenticated session information. The mechanism may or may not support such reuse,
|
|
and other factors may also prevent it.
|
|
|
|
The optional nested "server-auth" boolean element specifies whether the server should authenticate to the
|
|
client. Not all mechanisms may support this setting.
|
|
|
|
The optional nested "policy" boolean element specifies a policy to use to narrow down the available set
|
|
of mechanisms.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:all>
|
|
<xs:element name="policy" type="policy" minOccurs="0"/>
|
|
<xs:element name="properties" type="properties" minOccurs="0"/>
|
|
</xs:all>
|
|
<xs:attribute name="include-mechanisms" type="name-list"/>
|
|
<xs:attribute name="qop" type="qop-list"/>
|
|
<xs:attribute name="strength" type="strength-list"/>
|
|
<xs:attribute name="reuse-session" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="server-auth" type="xs:boolean" default="false"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="policy">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Policy criteria items to use in order to choose a SASL mechanism.
|
|
|
|
The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms
|
|
that implement forward secrecy between sessions are required. Forward secrecy means that breaking into
|
|
one session will not automatically provide information for breaking into future sessions.
|
|
|
|
The optional nested "no-active" element contains a boolean value which specifies whether mechanisms
|
|
susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
|
|
|
|
The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms
|
|
that accept anonymous login are permitted. "false" to permit, "true" to deny.
|
|
|
|
The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms
|
|
susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
|
|
|
|
The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms
|
|
susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
|
|
|
|
The optional nested "pass-credentials" element contains a boolean value which specifies whether
|
|
mechanisms that pass client credentials are required.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="forward-secrecy" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="no-active" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="no-anonymous" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="no-dictionary" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="no-plain-text" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="pass-credentials" type="xs:boolean" default="true"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="name-listType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
An element specifying a string list.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="value" type="name-list" use="required"/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="name-list">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
A set of string items.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:list itemType="xs:string"/>
|
|
</xs:simpleType>
|
|
|
|
<xs:simpleType name="qop-list">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The SASL quality-of-protection value list.
|
|
See http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/javax/security/sasl/Sasl.html#QOP for more information.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:list>
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="auth"/>
|
|
<xs:enumeration value="auth-int"/>
|
|
<xs:enumeration value="auth-conf"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:list>
|
|
</xs:simpleType>
|
|
|
|
<xs:simpleType name="strength-list">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The SASL strength value list.
|
|
See http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/javax/security/sasl/Sasl.html#STRENGTH for more information.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:list>
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="low"/>
|
|
<xs:enumeration value="medium"/>
|
|
<xs:enumeration value="high"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:list>
|
|
</xs:simpleType>
|
|
|
|
<xs:complexType name="properties">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
A set of free-form properties.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element name="property" type="property"/>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="property">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
A free-form property. The name is required; the value is optional.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="name" type="xs:string" use="required"/>
|
|
<xs:attribute name="value" type="xs:string" use="optional"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="outbound-connectionsType">
|
|
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element name="local-outbound-connection" type="local-outbound-connectionType" />
|
|
<xs:element name="remote-outbound-connection" type="remote-outbound-connectionType" />
|
|
<xs:element name="outbound-connection" type="outbound-connectionType" />
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="base-outbound-connectionType">
|
|
<xs:all>
|
|
<xs:element name="properties" type="properties" minOccurs="0"/>
|
|
</xs:all>
|
|
<xs:attribute name="name" type="xs:string" use="required"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="outbound-connectionType">
|
|
<xs:complexContent>
|
|
<xs:extension base="base-outbound-connectionType">
|
|
<xs:attribute name="uri" type="xs:anyURI" use="required"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="local-outbound-connectionType">
|
|
<xs:complexContent>
|
|
<xs:extension base="base-outbound-connectionType">
|
|
<xs:attribute name="outbound-socket-binding-ref" type="xs:string" use="required"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="remote-outbound-connectionType">
|
|
<xs:complexContent>
|
|
<xs:extension base="base-outbound-connectionType">
|
|
<xs:attribute name="outbound-socket-binding-ref" type="xs:string" use="required"/>
|
|
<xs:attribute name="username" type="xs:string" use="optional"/>
|
|
<xs:attribute name="security-realm" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Deprecated: Outbound connection definitions should migrate to use an authentication-context
|
|
instead of the security-realm reference.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="protocol" type="xs:string" use="optional"/>
|
|
<xs:attribute name="authentication-context" type="xs:string" />
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
</xs:schema>
|