1106 lines
58 KiB
XML
1106 lines
58 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!--
|
|
~ Copyright The WildFly Authors
|
|
~ SPDX-License-Identifier: Apache-2.0
|
|
-->
|
|
|
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
|
xmlns="urn:jboss:domain:undertow:10.0"
|
|
targetNamespace="urn:jboss:domain:undertow:10.0"
|
|
elementFormDefault="qualified"
|
|
attributeFormDefault="unqualified"
|
|
version="1.0">
|
|
<!-- The undertow subsystem root element -->
|
|
<xs:element name="subsystem" type="undertow-subsystemType"/>
|
|
|
|
<xs:complexType name="undertow-subsystemType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The configuration of the undertow subsystem.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element name="byte-buffer-pool" type="byte-buffer-poolType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="buffer-cache" type="buffer-cacheType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="server" type="serverType" minOccurs="1" maxOccurs="unbounded"/>
|
|
<xs:element name="servlet-container" type="servletContainerType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="handlers" type="handlerType" minOccurs="0" maxOccurs="1"/>
|
|
<xs:element name="filters" type="filterType" minOccurs="0" maxOccurs="1"/>
|
|
<xs:element name="application-security-domains" type="applicationSecurityDomainsType" minOccurs="0"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="default-server" type="xs:string" default="default-server"/>
|
|
<xs:attribute name="default-virtual-host" type="xs:string" default="default-host"/>
|
|
<xs:attribute name="default-servlet-container" type="xs:string" default="default"/>
|
|
<xs:attribute name="instance-id" type="xs:string" use="optional"/>
|
|
<xs:attribute name="default-security-domain" type="xs:string" use="optional" default="other"/>
|
|
<xs:attribute name="statistics-enabled" type="xs:boolean" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>Whether statistics are to be gathered for undertow subsystem.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
<xs:complexType name="serverType">
|
|
<xs:sequence>
|
|
<xs:element name="ajp-listener" type="ajp-listener-type" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="http-listener" type="http-listener-type" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="https-listener" type="https-listener-type" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="host" type="hostType" minOccurs="1" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="default-host" use="optional" type="xs:string" default="default-host"/>
|
|
<xs:attribute name="servlet-container" use="optional" type="xs:string" default="default"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="socket-options-type">
|
|
<xs:attribute name="receive-buffer" type="xs:int"/>
|
|
<xs:attribute name="send-buffer" type="xs:int"/>
|
|
<xs:attribute name="tcp-backlog" type="xs:int" default="10000"/>
|
|
<xs:attribute name="tcp-keep-alive" type="xs:boolean"/>
|
|
<xs:attribute name="read-timeout" type="xs:long"/>
|
|
<xs:attribute name="write-timeout" type="xs:long"/>
|
|
<xs:attribute name="max-connections" type="xs:int"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="listener-type">
|
|
<xs:complexContent>
|
|
<xs:extension base="socket-options-type">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="socket-binding" use="required" type="xs:string"/>
|
|
<xs:attribute name="worker" type="xs:string" default="default"/>
|
|
<xs:attribute name="buffer-pool" type="xs:string" default="default"/>
|
|
<xs:attribute name="enabled" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="resolve-peer-address" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="max-post-size" type="xs:long" default="10485760"/>
|
|
<xs:attribute name="buffer-pipelined-data" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="max-header-size" type="xs:long" default="1048576"/>
|
|
<xs:attribute name="max-parameters" type="xs:long" default="1000"/>
|
|
<xs:attribute name="max-headers" type="xs:long" default="200"/>
|
|
<xs:attribute name="max-cookies" type="xs:long" default="200"/>
|
|
<xs:attribute name="allow-encoded-slash" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="decode-url" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="url-charset" type="xs:string" default="UTF-8"/>
|
|
<xs:attribute name="always-set-keep-alive" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="max-buffered-request-size" type="xs:long" default="16384"/>
|
|
<xs:attribute name="record-request-start-time" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="allow-equals-in-cookie-value" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="no-request-timeout" type="xs:int" default="60000"/>
|
|
<xs:attribute name="request-parse-timeout" type="xs:int"/>
|
|
<xs:attribute name="disallowed-methods" type="stringList" default="TRACE"/>
|
|
<xs:attribute name="secure" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="rfc6265-cookie-validation" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="allow-unescaped-characters-in-url" type="xs:boolean" default="false"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="http-listener-type">
|
|
<xs:complexContent>
|
|
<xs:extension base="listener-type">
|
|
<xs:attribute name="certificate-forwarding" use="optional" type="xs:string" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT
|
|
attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="redirect-socket" use="optional" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
If this listener is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport,
|
|
undertow will automatically redirect the request to the socket binding port specified here.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="proxy-address-forwarding" use="optional" type="xs:string" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
enables x-forwarded-host and similar headers and set a remote ip address and hostname
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="enable-http2" use="optional" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Enables HTTP2 upgrade and prior knowledge connections
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="http2-enable-push" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="http2-header-table-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-initial-window-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-concurrent-streams" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-frame-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-header-list-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="require-host-http11" type="xs:boolean" use="optional" default="false"/>
|
|
<xs:attribute name="proxy-protocol" type="xs:boolean" default="false"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="https-listener-type">
|
|
<xs:complexContent>
|
|
<xs:extension base="listener-type">
|
|
<xs:attribute name="ssl-context" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Reference to the SSLContext that should be used by this listener.
|
|
|
|
If neither ssl-context or security-realm are set the JVM wide default SSLContext will be used instead.
|
|
|
|
If this attribute is defined, the attributes 'verify-client', 'enabled-cipher-suites', 'enabled-protocols',
|
|
'ssl-session-cache-size', and 'ssl-session-timeout' must not be set.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="certificate-forwarding" use="optional" type="xs:string" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT
|
|
attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="proxy-address-forwarding" use="optional" type="xs:string" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
enables x-forwarded-host and similar headers and set a remote ip address and hostname
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="security-realm" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Reference to the legacy security realm to use to obtain an SSLContext.
|
|
|
|
If neither ssl-context or security-realm are set the JVM wide default SSLContext will be used instead.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="verify-client" use="optional" type="xs:string"/>
|
|
<xs:attribute name="enabled-cipher-suites" use="optional" type="xs:string"/>
|
|
<xs:attribute name="enabled-protocols" use="optional" type="xs:string"/>
|
|
<xs:attribute name="enable-http2" use="optional" type="xs:string"/>
|
|
<xs:attribute name="enable-spdy" use="optional" type="xs:string"/>
|
|
<xs:attribute name="ssl-session-cache-size" use="optional" type="xs:string"/>
|
|
<xs:attribute name="ssl-session-timeout" use="optional" type="xs:string"/>
|
|
<xs:attribute name="http2-enable-push" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="http2-header-table-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-initial-window-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-concurrent-streams" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-frame-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-header-list-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="require-host-http11" type="xs:boolean" use="optional" default="false"/>
|
|
<xs:attribute name="proxy-protocol" type="xs:boolean" default="false"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="ajp-listener-type">
|
|
<xs:complexContent>
|
|
<xs:extension base="listener-type">
|
|
<xs:attribute name="scheme" type="xs:string"/>
|
|
<xs:attribute name="redirect-socket" use="optional" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
If this listener is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport,
|
|
undertow will automatically redirect the request to the socket binding port specified here.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="max-ajp-packet-size" type="xs:int"/>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="servletContainerType">
|
|
<xs:sequence>
|
|
<xs:element name="jsp-config" type="jsp-configurationType" maxOccurs="1" minOccurs="0"/>
|
|
<xs:element name="session-cookie" type="session-cookieType" maxOccurs="1" minOccurs="0"/>
|
|
<xs:element name="persistent-sessions" type="persistent-sessionsType" maxOccurs="1" minOccurs="0"/>
|
|
<xs:element name="websockets" type="websocketsType" maxOccurs="1" minOccurs="0" />
|
|
<xs:element name="mime-mappings" type="mime-mappingsType" maxOccurs="1" minOccurs="0" />
|
|
<xs:element name="welcome-files" type="welcome-filesType" maxOccurs="1" minOccurs="0" />
|
|
<xs:element name="crawler-session-management" type="crawler-session-managementType" maxOccurs="1" minOccurs="0" />
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="allow-non-standard-wrappers" use="optional" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="default-buffer-cache" use="optional" type="xs:string"/>
|
|
<xs:attribute name="stack-trace-on-error" use="optional" default="local-only"/>
|
|
<xs:attribute name="default-encoding" type="xs:string" use="optional"/>
|
|
<xs:attribute name="use-listener-encoding" type="xs:boolean" use="optional" default="false"/>
|
|
<xs:attribute name="ignore-flush" type="xs:boolean" use="optional" default="false"/>
|
|
<xs:attribute name="eager-filter-initialization" type="xs:boolean" use="optional" default="false"/>
|
|
<xs:attribute name="default-session-timeout" type="xs:integer" use="optional" default="30"/>
|
|
<xs:attribute name="disable-caching-for-secured-pages" type="xs:boolean" use="optional" default="true"/>
|
|
<xs:attribute name="directory-listing" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="proactive-authentication" type="xs:string" use="optional" default="false" />
|
|
<xs:attribute name="session-id-length" type="xs:int" use="optional" default="30" />
|
|
<xs:attribute name="max-sessions" type="xs:int" use="optional" />
|
|
<xs:attribute name="disable-file-watch-service" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="disable-session-id-reuse" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="file-cache-max-file-size" type="xs:integer" use="optional" default="10485760"/>
|
|
<xs:attribute name="file-cache-metadata-size" type="xs:integer" use="optional" default="100"/>
|
|
<xs:attribute name="file-cache-time-to-live" type="xs:integer" use="optional"/>
|
|
<xs:attribute name="default-cookie-version" type="xs:integer" use="optional"/>
|
|
<xs:attribute name="preserve-path-on-forward" type="xs:boolean" default="false"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="mime-mappingsType">
|
|
<xs:sequence>
|
|
<xs:element name="mime-mapping" type="mime-mappingType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="mime-mappingType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="value" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="welcome-filesType">
|
|
<xs:sequence>
|
|
<xs:element name="welcome-file" type="welcome-fileType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="welcome-fileType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="hostType">
|
|
<xs:sequence>
|
|
<xs:element name="location" type="locationType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="access-log" type="accessLogType" maxOccurs="1" minOccurs="0"/>
|
|
<xs:element name="console-access-log" type="consoleAccessLogType" minOccurs="0"/>
|
|
<xs:element name="filter-ref" type="filter-refType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="single-sign-on" minOccurs="0" maxOccurs="1" type="singleSignOnType"/>
|
|
<xs:element name="http-invoker" minOccurs="0" maxOccurs="1" type="http-invokerType"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="alias" use="optional" type="xs:string"/>
|
|
<xs:attribute name="default-web-module" use="optional" type="xs:string" default="ROOT.war"/>
|
|
<xs:attribute name="default-response-code" use="optional" type="xs:int" default="404">
|
|
<xs:annotation>
|
|
<xs:documentation>Default response code should be set in case server should respond with nonstandard code( other than 404 ) for unavailable resource.
|
|
For instance, server behind load balancer might want to respond with 5xx code to avoid being dropped by it.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="disable-console-redirect" use="optional" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="queue-requests-on-start" type="xs:boolean" default="true"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="http-invokerType">
|
|
<xs:attribute name="path" use="optional" type="xs:string" default="wildfly-services"/>
|
|
<xs:attribute name="http-authentication-factory" type="xs:string" use="optional"/>
|
|
<xs:attribute name="security-realm" type="xs:string" use="optional"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="websocketsType">
|
|
<xs:attribute name="worker" use="optional" type="xs:string" default="default"/>
|
|
<xs:attribute name="buffer-pool" use="optional" type="xs:string" default="default"/>
|
|
<xs:attribute name="dispatch-to-worker" use="optional" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="per-message-deflate" use="optional" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="deflater-level" use="optional" type="xs:int"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="crawler-session-managementType">
|
|
<xs:attribute name="user-agents" use="optional" type="xs:string"/>
|
|
<xs:attribute name="session-timeout" use="optional" type="xs:integer"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="jsp-configurationType">
|
|
<xs:attribute name="disabled" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="development" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="keep-generated" default="true" type="xs:boolean"/>
|
|
<xs:attribute name="trim-spaces" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="tag-pooling" default="true" type="xs:boolean"/>
|
|
<xs:attribute name="mapped-file" default="true" type="xs:boolean"/>
|
|
<xs:attribute name="check-interval" default="0" type="xs:int"/>
|
|
<xs:attribute name="modification-test-interval" default="4" type="xs:int"/>
|
|
<xs:attribute name="recompile-on-fail" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="smap" default="true" type="xs:boolean"/>
|
|
<xs:attribute name="dump-smap" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="generate-strings-as-char-arrays" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="error-on-use-bean-invalid-class-attribute" default="false" type="xs:boolean"/>
|
|
<xs:attribute name="scratch-dir" type="xs:string"/>
|
|
<xs:attribute name="source-vm" default="1.8" type="xs:string"/>
|
|
<xs:attribute name="target-vm" default="1.8" type="xs:string"/>
|
|
<xs:attribute name="java-encoding" default="UTF8" type="xs:string"/>
|
|
<xs:attribute name="x-powered-by" default="true" type="xs:boolean"/>
|
|
<xs:attribute name="display-source-fragment" default="true" type="xs:boolean"/>
|
|
<xs:attribute name="optimize-scriptlets" default="false" type="xs:string" />
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="session-cookieType">
|
|
<xs:attribute name="name" type="xs:string"/>
|
|
<xs:attribute name="domain" type="xs:string"/>
|
|
<xs:attribute name="comment" type="xs:string"/>
|
|
<xs:attribute name="http-only" type="xs:boolean"/>
|
|
<xs:attribute name="secure" type="xs:boolean"/>
|
|
<xs:attribute name="max-age" type="xs:int"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="persistent-sessionsType">
|
|
<xs:attribute name="path" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The path to store the session data. If not specified the data will just be stored in memory only.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="relative-to" type="xs:string" use="optional"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="handlerType">
|
|
<xs:sequence>
|
|
<xs:element name="file" type="file-handlerType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="reverse-proxy" type="reverse-proxy-handlerType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
|
|
<xs:complexType name="filterType">
|
|
<xs:sequence>
|
|
<xs:element name="request-limit" type="request-limitType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="response-header" type="response-headerType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="gzip" type="gzipType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="error-page" type="errorPageType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="mod-cluster" type="modClusterType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="filter" type="customFilterType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="expression-filter" type="expressionFilterType" minOccurs="0" maxOccurs="unbounded"/>
|
|
<xs:element name="rewrite" type="rewriteFilterType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="locationType">
|
|
<xs:sequence>
|
|
<xs:element name="filter-ref" type="filter-refType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="handler" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
<xs:complexType name="accessLogType">
|
|
<xs:attribute name="pattern" use="optional" type="xs:string" default="common"/>
|
|
<xs:attribute name="worker" use="optional" type="xs:string" default="default"/>
|
|
<xs:attribute name="directory" use="optional" type="xs:string" default="${jboss.server.log.dir}"/>
|
|
<xs:attribute name="relative-to" use="optional" type="xs:string" />
|
|
<xs:attribute name="prefix" use="optional" type="xs:string" default="access_log."/>
|
|
<xs:attribute name="suffix" use="optional" type="xs:string" default="log"/>
|
|
<xs:attribute name="rotate" use="optional" type="xs:string" default="true"/>
|
|
<xs:attribute name="use-server-log" use="optional" type="xs:string" default="false"/>
|
|
<xs:attribute name="extended" use="optional" type="xs:string" default="false" />
|
|
<xs:attribute name="predicate" use="optional" type="xs:string" />
|
|
</xs:complexType>
|
|
<xs:complexType name="consoleAccessLogType">
|
|
<xs:sequence minOccurs="0">
|
|
<xs:element name="attributes" type="attributesType" minOccurs="0"/>
|
|
<xs:element name="metadata" type="propertiesType" minOccurs="0"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="include-host-name" type="xs:boolean" default="true"/>
|
|
<xs:attribute name="worker" type="xs:string" default="default"/>
|
|
<xs:attribute name="predicate" type="xs:string" />
|
|
</xs:complexType>
|
|
<xs:complexType name="propertiesType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
A collection of free-form meta-data properties.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element name="property">
|
|
<xs:complexType>
|
|
<xs:attribute name="name" type="xs:string" use="required"/>
|
|
<xs:attribute name="value" type="xs:string" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
<xs:complexType name="attributesType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The available attributes to be included in the structured access log output.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element name="authentication-type" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="bytes-sent" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="date-time" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
<xs:attribute name="date-format" type="xs:string"/>
|
|
<xs:attribute name="time-zone" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="host-and-port" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="local-ip" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="local-port" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="local-server-name" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="path-parameter" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element name="name" maxOccurs="unbounded">
|
|
<xs:complexType>
|
|
<xs:attribute name="value" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:attribute name="key-prefix"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="predicate" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element name="name" maxOccurs="unbounded">
|
|
<xs:complexType>
|
|
<xs:attribute name="value" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:attribute name="key-prefix"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="query-parameter" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element name="name" maxOccurs="unbounded">
|
|
<xs:complexType>
|
|
<xs:attribute name="value" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:attribute name="key-prefix"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="query-string" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="include-question-mark" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="relative-path" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="remote-host" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="remote-ip" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
<xs:attribute name="obfuscated" type="xs:boolean" default="false"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="remote-user" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-header" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element name="name" maxOccurs="unbounded">
|
|
<xs:complexType>
|
|
<xs:attribute name="value" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:attribute name="key-prefix"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-line" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-method" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-path" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-protocol" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-scheme" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="request-url" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="resolved-path" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="response-code" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="response-header" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element name="name" maxOccurs="unbounded">
|
|
<xs:complexType>
|
|
<xs:attribute name="value" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
<xs:attribute name="key-prefix"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="response-reason-phrase" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="response-time" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
<xs:attribute name="time-unit" default="MILLISECONDS">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="NANOSECONDS"/>
|
|
<xs:enumeration value="MICROSECONDS"/>
|
|
<xs:enumeration value="MILLISECONDS"/>
|
|
<xs:enumeration value="SECONDS"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="secure-exchange" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="ssl-cipher" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="ssl-client-cert" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="ssl-session-id" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="stored-response" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="thread-name" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="transport-protocol" minOccurs="0">
|
|
<xs:complexType>
|
|
<xs:attribute name="key" type="xs:string"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="errorPageType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="code" use="required" type="xs:string"/>
|
|
<xs:attribute name="path" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="paramType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="value" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
|
|
|
|
<xs:complexType name="customFilterType">
|
|
<xs:sequence>
|
|
<xs:element name="param" type="paramType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="class-name" use="required" type="xs:string"/>
|
|
<xs:attribute name="module" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
<xs:complexType name="expressionFilterType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="expression" use="required" type="xs:string"/>
|
|
<xs:attribute name="module" use="optional" type="xs:string"/>
|
|
</xs:complexType>
|
|
<xs:complexType name="rewriteFilterType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="target" use="required" type="xs:string"/>
|
|
<xs:attribute name="redirect" use="optional" type="xs:string"/>
|
|
</xs:complexType>
|
|
<xs:complexType name="file-handlerType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="path" use="required" type="xs:string"/>
|
|
<xs:attribute name="cache-buffer-size" use="optional" type="xs:int" default="1024"/>
|
|
<xs:attribute name="cache-buffers" use="optional" type="xs:int" default="1024"/>
|
|
<xs:attribute name="directory-listing" use="optional" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="follow-symlink" use="optional" type="xs:boolean" default="false"/>
|
|
<xs:attribute name="safe-symlink-paths" use="optional" type="stringList"/>
|
|
<xs:attribute name="case-sensitive" use="optional" type="xs:boolean" default="true"/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="stringList">
|
|
<xs:list itemType="xs:string"/>
|
|
</xs:simpleType>
|
|
|
|
<xs:complexType name="reverse-proxy-handlerType">
|
|
<xs:sequence>
|
|
<xs:element name="host" type="reverse-proxy-hostType" minOccurs="0" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="connections-per-thread" use="optional" type="xs:integer"/>
|
|
<xs:attribute name="session-cookie-names" use="optional" type="xs:string"/>
|
|
<xs:attribute name="problem-server-retry" use="optional" type="xs:integer"/>
|
|
<xs:attribute name="max-request-time" use="optional" type="xs:integer"/>
|
|
<xs:attribute name="request-queue-size" use="optional" type="xs:integer"/>
|
|
<xs:attribute name="cached-connections-per-thread" use="optional" type="xs:integer"/>
|
|
<xs:attribute name="connection-idle-timeout" use="optional" type="xs:integer"/>
|
|
<xs:attribute name="max-retries" type="xs:int" use="optional" />
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="reverse-proxy-hostType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="outbound-socket-binding" use="required" type="xs:string"/>
|
|
<xs:attribute name="scheme" use="optional" type="xs:string" default="http"/>
|
|
<xs:attribute name="path" use="optional" type="xs:string" default=""/>
|
|
<xs:attribute name="instance-id" use="optional" type="xs:string"/>
|
|
<xs:attribute name="ssl-context" type="xs:string" />
|
|
<xs:attribute name="security-realm" type="xs:string" use="optional" />
|
|
<xs:attribute name="enable-http2" type="xs:boolean" use="optional" default="false" />
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="filter-refType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="predicate" use="optional" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition. Predicates can be created programatically (they are just java classes that implement the Predicate interface), however there is also a simple language for specifying a predicate. Some examples below:
|
|
regex['/resources/*.\.css'] - regular expression match of the relative URL
|
|
regex[pattern='text/.*', value='%{i,Content-Type}, full-match=true] - Matches requests with a text/.* content type
|
|
equals[{'%{i,Content-Type}', 'text/xml'}] - Matches if the content type header is text/xml
|
|
contains[search='MSIE', value='%{i,User-Agent}'] and path-suffix['.js'] - User agent contains MSIE and request URL ends with .js
|
|
regex['/resources/(*.)\.css'] and equals[{'$1', 'myCssFile'}] - regex match, with a reference to match group 1 later in the expression
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="priority" use="optional" type="xs:string" />
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="singleSignOnType">
|
|
<xs:attribute name="domain" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Cookie domain to use.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="path" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Cookie path to use.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="http-only" type="xs:boolean" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Cookie httpOnly attribute
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="secure" type="xs:boolean" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Cookie secure attribute
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="cookie-name" type="xs:string" default="JSESSIONIDSSO">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Cooke name
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
|
|
|
|
<xs:complexType name="buffer-cacheType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
A buffer cache. I cache consists of 1 or more regions, that are split up into smaller buffers.
|
|
The total cache size is the buffer size * the buffers per region * the number of regions.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="buffer-size" use="optional" type="xs:string"/>
|
|
<xs:attribute name="buffers-per-region" use="optional" type="xs:string"/>
|
|
<xs:attribute name="max-regions" use="optional" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="byte-buffer-poolType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The buffer pool used for IO operations
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="buffer-size" use="optional" type="xs:int"/>
|
|
<xs:attribute name="direct" use="optional" type="xs:boolean"/>
|
|
<xs:attribute name="thread-local-cache-size" use="optional" type="xs:int"/>
|
|
<xs:attribute name="max-pool-size" use="optional" type="xs:int"/>
|
|
<xs:attribute name="leak-detection-percent" use="optional" type="xs:int"/>
|
|
</xs:complexType>
|
|
<xs:complexType name="request-limitType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="max-concurrent-requests" use="required" type="xs:integer"/>
|
|
<xs:attribute name="queue-size" use="optional" type="xs:integer" default="0"/>
|
|
</xs:complexType>
|
|
<xs:complexType name="response-headerType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="header-name" use="required" type="xs:string"/>
|
|
<xs:attribute name="header-value" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="gzipType">
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="modClusterType">
|
|
<xs:sequence minOccurs="0">
|
|
<xs:choice>
|
|
<xs:group ref="affinity"/>
|
|
</xs:choice>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" use="required" type="xs:string"/>
|
|
<xs:attribute name="management-socket-binding" type="xs:string" use="required"/>
|
|
<xs:attribute name="advertise-socket-binding" type="xs:string" use="optional"/>
|
|
<xs:attribute name="security-key" type="xs:string" use="optional"/>
|
|
<xs:attribute name="advertise-protocol" type="xs:string" use="optional"/>
|
|
<xs:attribute name="advertise-path" type="xs:string" use="optional"/>
|
|
<xs:attribute name="advertise-frequency" type="xs:int" use="optional"/>
|
|
<xs:attribute name="failover-strategy" type="failoverStrategy" default="LOAD_BALANCED" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Determines how a failover node is chosen, in the event that the node to which a session has affinity is not available.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="health-check-interval" type="xs:int" use="optional"/>
|
|
<xs:attribute name="broken-node-timeout" type="xs:int" use="optional"/>
|
|
<xs:attribute name="worker" type="xs:string" use="optional" />
|
|
<xs:attribute name="max-request-time" type="xs:int" use="optional"/>
|
|
<xs:attribute name="management-access-predicate" type="xs:string" use="optional"/>
|
|
<xs:attribute name="connections-per-thread" type="xs:int" use="optional" />
|
|
<xs:attribute name="cached-connections-per-thread" type="xs:int" use="optional" />
|
|
<xs:attribute name="connection-idle-timeout" type="xs:int" use="optional" />
|
|
<xs:attribute name="request-queue-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="ssl-context" type="xs:string" />
|
|
<xs:attribute name="security-realm" type="xs:string" use="optional" />
|
|
<xs:attribute name="use-alias" type="xs:string" use="optional" default="false" />
|
|
<xs:attribute name="enable-http2" type="xs:string" use="optional" default="false" />
|
|
<xs:attribute name="max-ajp-packet-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-enable-push" type="xs:boolean" use="optional" />
|
|
<xs:attribute name="http2-header-table-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-initial-window-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-concurrent-streams" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-frame-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="http2-max-header-list-size" type="xs:int" use="optional" />
|
|
<xs:attribute name="max-retries" type="xs:int" use="optional" />
|
|
</xs:complexType>
|
|
|
|
<xs:group name="affinity">
|
|
<xs:choice>
|
|
<xs:element name="no-affinity" type="empty">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Web requests will not have an affinity for any particular server, routing information will be ignored.
|
|
Intended for use cases where web session state is not maintained within the application server.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="single-affinity" type="empty">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Web requests have an affinity for the member that last handled a given session.
|
|
This option corresponds to traditional sticky session behavior.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
<xs:element name="ranked-affinity" type="ranked-affinity">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Web requests will have an affinity for the first available node in a list typically comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:element>
|
|
</xs:choice>
|
|
</xs:group>
|
|
|
|
<xs:complexType name="ranked-affinity">
|
|
<xs:attribute name="delimiter" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The delimiter used to separate ranked routes within the session ID.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="empty">
|
|
<xs:sequence/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="failoverStrategy">
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="LOAD_BALANCED">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Failover target chosen via load balancing mechanism.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:enumeration>
|
|
<xs:enumeration value="DETERMINISTIC">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Failover target chosen deterministically from the associated session identifier.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:enumeration>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:complexType name="applicationSecurityDomainsType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Listing of security domains from applications that should be mapped to an Elytron
|
|
backed authentication policy.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element name="application-security-domain" type="applicationSecurityDomainType" maxOccurs="unbounded"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="applicationSecurityDomainType">
|
|
<xs:sequence>
|
|
<xs:element name="single-sign-on" type="applicationSecurityDomainSingleSignOnType" minOccurs="0"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="name" type="xs:string" use="required">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The name of the security domain as specified in deployments.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="http-authentication-factory" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Reference to the HttpAuthenticationFactory that should be used.
|
|
|
|
Exactly one of http-authentication-factory or security-domain must be defined.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="override-deployment-config" type="xs:boolean" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
The references HttpServerAuthenticationMechanismFactory contains it's own policy configuration
|
|
to control the authentication mechanisms it supports, if this attribute is set to 'true'
|
|
that policy will override the methods specified within the deployment.
|
|
|
|
This attribute can only be specified if a http-authentication-factory is also specified.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="security-domain" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Reference to the security-domain that should be associated with the deployment, where a
|
|
security-domain is referenced instead of a http-authentication-factory the authentication mechanisms
|
|
BASIC, DIGEST, FORM and CLIENT_CERT will be availble for the deployment to use - additionally the deployment
|
|
can make use of the programatic login API.
|
|
|
|
Exactly one of http-authentication-factory or security-domain must be defined.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="enable-jacc" type="xs:boolean" use="optional" default="false">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enable authorization using JACC.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="enable-jaspi" type="xs:boolean" default="true">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Should deployments matching against this 'application-security-domain' have
|
|
JASPI enabled, by setting to false JASPI will be completely disabled for the deployment.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="integrated-jaspi" type="xs:boolean" default="true">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
When integrated-jaspi is enabled during JASPI authentication the resulting
|
|
identity will be loaded from the SecurityDomain referenced by the deployment, if
|
|
this is switched off AdHoc identities will be created instead.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="applicationSecurityDomainSingleSignOnType">
|
|
<xs:complexContent>
|
|
<xs:extension base="singleSignOnType">
|
|
<xs:sequence>
|
|
<xs:element name="credential-reference" type="credentialReferenceType" minOccurs="0"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="key-store" type="xs:string" use="required">
|
|
<xs:annotation>
|
|
<xs:documentation>References key store containing the key used to sign and verify logout requests.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="key-alias" type="xs:string" use="required">
|
|
<xs:annotation>
|
|
<xs:documentation>The alias of the key used to sign and verify logout requests.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="client-ssl-context" type="xs:string">
|
|
<xs:annotation>
|
|
<xs:documentation>The ssl context used to secure back-channel logout connections.</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:extension>
|
|
</xs:complexContent>
|
|
</xs:complexType>
|
|
|
|
<!-- Copied from elytron subsystem schema -->
|
|
<xs:attributeGroup name="credentialReferenceStoreBased">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Group of attributes used when referencing credential through credential store.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="store" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Credential store name used to fetch credential with given 'alias' from.
|
|
Credential store name has to be defined elsewhere.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="alias" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Alias of credential in the credential store.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
<xs:attribute name="type" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Type of credential to be fetched from credential store.
|
|
It is usually fully qualified class name.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:attributeGroup>
|
|
<xs:complexType name="credentialReferenceType">
|
|
<xs:attributeGroup ref="credentialReferenceStoreBased"/>
|
|
<xs:attribute name="clear-text" type="xs:string" use="optional">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Credential/password in clear text. Use just for testing purpose.
|
|
Otherwise use credential store to mask the actual credential from your configuration.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
|
|
</xs:schema>
|