
354 lines
18 KiB

<?xml version="1.0" encoding="UTF-8"?>
~ Copyright The WildFly Authors
~ SPDX-License-Identifier: Apache-2.0
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
<!-- The iiop subsystem root element -->
<xs:element name="subsystem" type="iiopSubsystemType"/>
<xs:complexType name="iiopSubsystemType">
The iiopSubsystemType specifies the elements that can be used to configure the various aspects of the
iiop subsystem.
* orb: holds the attributes used to configure the Object Request Broker (ORB).
* naming: holds the attributes used to configure the CORBA Naming Service.
* security: holds the attributes that control the ORB security features.
* properties: allows for the specification of generic name/value properties.
<xs:element name="properties" minOccurs="0" maxOccurs="1" type="genericPropertiesType"/>
<xs:element name="orb" minOccurs="0" maxOccurs="1" type="orbConfigType"/>
<xs:element name="tcp" minOccurs="0" maxOccurs="1" type="tcpConfigType"/>
<xs:element name="initializers" minOccurs="0" maxOccurs="1" type="initializersConfigType"/>
<xs:element name="naming" minOccurs="0" maxOccurs="1" type="namingConfigType"/>
<xs:element name="security" minOccurs="0" maxOccurs="1" type="securityConfigType"/>
<xs:element name="interop" minOccurs="0" maxOccurs="1" type="interopConfigType"/>
<xs:element name="transport-config" type="iorTransportConfigType" minOccurs="0" maxOccurs="1"/>
<xs:element name="as-context" minOccurs="0" maxOccurs="1" type="iorASContextType"/>
<xs:element name="sas-context" minOccurs="0" maxOccurs="1" type="iorSASContextType"/>
<xs:complexType name="orbConfigType">
the orbConfigType specifies the elements and attributes that can be used to configure the behavior of the
Object Request Broker (ORB).
* giop-version-version: the GIOP version to be used.
<xs:attribute name="giop-version" type="xs:string" use="optional" default="1.2"/>
<xs:attribute name="socket-binding" type="xs:string" use="optional" default="iiop"/>
<xs:attribute name="ssl-socket-binding" type="xs:string" use="optional" default="iiop-ssl"/>
<xs:attribute name="persistent-server-id" type="xs:string" use="optional" default="1"/>
<xs:complexType name="tcpConfigType">
The orbTCPConfigType specifies the attributes used to configure the TCP connections.
* high-water-mark: each time the number of connections exceeds this value ORB tries to reclaim connections.
* number-to-reclaim: number of reclaimed connections is specified by this property.
<xs:attribute name="high-water-mark" type="xs:integer" use="optional"/>
<xs:attribute name="number-to-reclaim" type="xs:integer" use="optional"/>
<xs:complexType name="initializersConfigType">
The initializersConfigType specifies the attributes used to configure the ORB initializers.
* security: indicates whether the security (SAS and CSIv2) initializers should be installed. There are four possibilities:
identity - The server will just send the current username. The receiving server must trust this
client - The client interceptor will be installed. Remote calls from this server will propagate
by sending the current username and password
elytron - The client-side interceptor uses Elytron authentication configurations that match the target
URI to obtain the security identity (and associated password) that will be relayed to the
server. It combines the previous two modes by checking the target security requirements in
order to determine the type of security token that must be constructed.
none - Security interceptors are not installed
* authentication-context: when the security attribute is set to 'elytron', the authentication-context
attribute must be defined to indicate the name of the Elytron authentication context that will be
used to match the target URI in order to obtain an authentication configuration.
* transactions: indicates which transaction initializers should be installed. There are three possibilities:
full - This requires JTS to be enabled in the transactions subsystem config, and will enable full transaction
interoperability with other JBoss AS instances.
spec - This does not require JTS to be enabled, but will install the minimum set of transaction interceptors
required for EJB spec compliance. These interceptors detect an incoming transaction and throw an
exception if the invocation should be run in the incoming transaction context.
none - No transaction initializers will be installed.
<xs:attribute name="security" type="securityEnabledType" use="optional" default="none"/>
<xs:attribute name="authentication-context" type="xs:string" use="optional" default="none"/>
<xs:attribute name="transactions" type="transactionEnabledType" use="optional" default="none"/>
<xs:complexType name="namingConfigType">
The namingConfigType specifies the attributes used to configure the naming service.
* root-context: the naming service root context.
* export-corbaloc: indicates whether the root context should be exported as corbaloc::address:port/NameService
(true) or not (false).
<xs:attribute name="root-context" type="xs:string" use="optional" default="NameService"/>
<xs:attribute name="export-corbaloc" type="trueFalseType" use="optional" default="true"/>
<xs:complexType name="securityConfigType">
The securityConfigType specifies the attributes used to configure the ORB security features.
* support-ssl: indicates whether SSL is to be supported (true) or not (false). If set to true, then either
the security-domain attribute must be set or the server-ssl-context and client-ssl-context pair
must be set. The former tells the subsystem to use a legacy JSSE domain to build SSL contexts
while the other two tell the subsystem to use the org.wildfly.security.ssl-context capability
to obtain the server and client side SSL contexts.
* security-domain: the name of the legacy JSSE domain that holds the key and trust stores that will
be used to create the SSL context when establishing SSL connections. if defined , then the
server-ssl-context and client-ssl-contexts attributes must not be set.
* server-ssl-context: the dynamic name of the capability that provides the SSL context that will be used
to create server side SSL sockets. If the defined, the client-ssl-context attribute must also be
defined and the security-domain attribute must not be set.
* client-ssl-context: the dynamic name of the capability that provides the SSL context that will be used
to create client side SSL sockets. If the defined, the server-ssl-context attribute must also be
defined and the security-domain attribute must not be set.
* add-component-via-interceptor: indicates whether SSL components should be added by an IOR interceptor
(true) or not (false).
* server-requires-ssl: indicates wheter IIOP connections to the server require SSL
* client-requires-ssl: indicates wheter IIOP connections from the server require SSL
<xs:attribute name="support-ssl" type="trueFalseType" use="optional" default="false"/>
<xs:attribute name="security-domain" type="xs:string" use="optional"/>
<xs:attribute name="server-ssl-context" type="xs:string" use="optional"/>
<xs:attribute name="client-ssl-context" type="xs:string" use="optional"/>
<xs:attribute name="add-component-via-interceptor" type="trueFalseType" use="optional" default="true"/>
<xs:attribute name="server-requires-ssl" type="xs:boolean" use="optional" default="false"/>
<xs:attribute name="client-requires-ssl" type="xs:boolean" use="optional" default="false"/>
<xs:complexType name="interopConfigType">
The interopConfigType specifies the attributes used to configure the ORB interoperability features.
* iona: indicates wheter interoperability with IONA's ASP is enabled.
<xs:attribute name="iona" type="xs:boolean" use="optional" default="false"/>
<xs:complexType name="genericPropertiesType">
Enclosing element for a list of generic properties.
<xs:element name="property" minOccurs="0" maxOccurs="unbounded" type="genericPropertyType"/>
<xs:complexType name="genericPropertyType">
The property element allows for the specification of generic name/value properties. It is useful to specify
configuration attributes that have not been covered in this schema.
<xs:attribute name="name" type="xs:string" use="required"/>
<xs:attribute name="value" type="xs:string" use="required"/>
<xs:simpleType name="iorTransportEnum">
Enumeration of allowed values for IOR transport config fields.
<xs:restriction base="xs:token">
<xs:enumeration value="none"/>
<xs:enumeration value="supported"/>
<xs:enumeration value="required"/>
<xs:complexType name="iorTransportConfigType">
The iorTransportconfigType specifies the attributes used to setup the IOR transport settings.
* integrity: indicates whether the transport must require integrity protection or not. Valid values are
"none", "supported" and "required".
* confidentiality: indicates whether the transport must require confidentiality protection or not. Valid
values are "none", "supported" and "required".
* trust-in-target: indicates if the transport must require trust in target to be established. Valid values
are "none" and "supported".
* trust-in-client: indicates if the transport must require trust in client to be established. Valid values
are "none", "supported" and "required".
* detect-replay: indicates whether the transport must require replay detection or not. Valid values are
"none", "supported" and "required".
* detect-misordering: indicates whether the transport must require misordering detection or not. Valid
values are "none", "supported" and "required".
<xs:attribute name="integrity" type="iorTransportEnum" use="optional" default="none"/>
<xs:attribute name="confidentiality" type="iorTransportEnum" use="optional" default="none"/>
<xs:attribute name="trust-in-target" type="iorTransportEnum" use="optional" default="none"/>
<xs:attribute name="trust-in-client" type="iorTransportEnum" use="optional" default="none"/>
<xs:attribute name="detect-replay" type="iorTransportEnum" use="optional" default="none"/>
<xs:attribute name="detect-misordering" type="iorTransportEnum" use="optional" default="none"/>
<xs:simpleType name="authMethodEnum">
Enumeration of allowed values for AS Context auth method.
<xs:restriction base="xs:token">
<xs:enumeration value="none"/>
<xs:enumeration value="username_password"/>
<xs:complexType name="iorASContextType">
The iorASContextType specifies the attributes used to setup the IOR Authentication Service settings.
* auth-method: the authentication method. Valid values are "none" and "username_password".
* realm: the Authentication Service realm name. If not provided it will be set to "Default".
* requires: indicates if authentication is required (true) or not (false).
<xs:attribute name="auth-method" type="authMethodEnum" use="optional" default="username_password"/>
<xs:attribute name="realm" type="xs:string" use="optional"/>
<xs:attribute name="required" type="xs:boolean" use="optional" default="false"/>
<xs:simpleType name="callerPropagationEnum">
Enumeration of allowed values for SAS Context caller propagation.
<xs:restriction base="xs:token">
<xs:enumeration value="none"/>
<xs:enumeration value="supported"/>
<xs:complexType name="iorSASContextType">
The iorSASContextType specifies the attributes used to setup the IOR Secure Attribute Service settings.
* caller-propagation: indicates whether the caller should be propagated in the SAS context or not. Valid
values are "none" and "supported".
<xs:attribute name="caller-propagation" type="callerPropagationEnum" use="optional" default="none"/>
<xs:simpleType name="trueFalseType">
Enumeration of allowed values for the standard IIOP attributes.
<xs:restriction base="xs:token">
<xs:enumeration value="true"/>
<xs:enumeration value="false"/>
<xs:simpleType name="transactionEnabledType">
Enumeration of allowed values for the transaction interceptor config.
<xs:restriction base="xs:token">
<xs:enumeration value="full"/>
<xs:enumeration value="none"/>
<xs:enumeration value="spec"/>
<xs:simpleType name="securityEnabledType">
Enumeration of allowed values for the security interceptor config.
<xs:restriction base="xs:token">
<xs:enumeration value="identity"/>
<xs:enumeration value="client"/>
<xs:enumeration value="elytron"/>
<xs:enumeration value="none"/>
<xs:simpleType name="sslConfigType">
Enumeration of allowed values for the SSL config.
<xs:restriction base="xs:token">
<xs:enumeration value="None"/>
<xs:enumeration value="ServerAuth"/>
<xs:enumeration value="ClientAuth"/>
<xs:enumeration value="MutualAuth"/>