354 lines
18 KiB
XML
354 lines
18 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
~ Copyright The WildFly Authors
|
|
~ SPDX-License-Identifier: Apache-2.0
|
|
-->
|
|
|
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
|
targetNamespace="urn:jboss:domain:iiop-openjdk:2.0"
|
|
xmlns="urn:jboss:domain:iiop-openjdk:2.0"
|
|
elementFormDefault="qualified"
|
|
attributeFormDefault="unqualified"
|
|
version="2.0">
|
|
|
|
<!-- The iiop subsystem root element -->
|
|
<xs:element name="subsystem" type="iiopSubsystemType"/>
|
|
|
|
<xs:complexType name="iiopSubsystemType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The iiopSubsystemType specifies the elements that can be used to configure the various aspects of the
|
|
iiop subsystem.
|
|
|
|
* orb: holds the attributes used to configure the Object Request Broker (ORB).
|
|
* naming: holds the attributes used to configure the CORBA Naming Service.
|
|
* security: holds the attributes that control the ORB security features.
|
|
* properties: allows for the specification of generic name/value properties.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element name="properties" minOccurs="0" maxOccurs="1" type="genericPropertiesType"/>
|
|
<xs:element name="orb" minOccurs="0" maxOccurs="1" type="orbConfigType"/>
|
|
<xs:element name="tcp" minOccurs="0" maxOccurs="1" type="tcpConfigType"/>
|
|
<xs:element name="initializers" minOccurs="0" maxOccurs="1" type="initializersConfigType"/>
|
|
<xs:element name="naming" minOccurs="0" maxOccurs="1" type="namingConfigType"/>
|
|
<xs:element name="security" minOccurs="0" maxOccurs="1" type="securityConfigType"/>
|
|
<xs:element name="interop" minOccurs="0" maxOccurs="1" type="interopConfigType"/>
|
|
<xs:element name="transport-config" type="iorTransportConfigType" minOccurs="0" maxOccurs="1"/>
|
|
<xs:element name="as-context" minOccurs="0" maxOccurs="1" type="iorASContextType"/>
|
|
<xs:element name="sas-context" minOccurs="0" maxOccurs="1" type="iorSASContextType"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="orbConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
the orbConfigType specifies the elements and attributes that can be used to configure the behavior of the
|
|
Object Request Broker (ORB).
|
|
* giop-version-version: the GIOP version to be used.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="giop-version" type="xs:string" use="optional" default="1.2"/>
|
|
<xs:attribute name="socket-binding" type="xs:string" use="optional" default="iiop"/>
|
|
<xs:attribute name="ssl-socket-binding" type="xs:string" use="optional" default="iiop-ssl"/>
|
|
<xs:attribute name="persistent-server-id" type="xs:string" use="optional" default="1"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="tcpConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The orbTCPConfigType specifies the attributes used to configure the TCP connections.
|
|
|
|
* high-water-mark: each time the number of connections exceeds this value ORB tries to reclaim connections.
|
|
* number-to-reclaim: number of reclaimed connections is specified by this property.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="high-water-mark" type="xs:integer" use="optional"/>
|
|
<xs:attribute name="number-to-reclaim" type="xs:integer" use="optional"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="initializersConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The initializersConfigType specifies the attributes used to configure the ORB initializers.
|
|
|
|
* security: indicates whether the security (SAS and CSIv2) initializers should be installed. There are four possibilities:
|
|
identity - The server will just send the current username. The receiving server must trust this
|
|
server.
|
|
client - The client interceptor will be installed. Remote calls from this server will propagate
|
|
by sending the current username and password
|
|
elytron - The client-side interceptor uses Elytron authentication configurations that match the target
|
|
URI to obtain the security identity (and associated password) that will be relayed to the
|
|
server. It combines the previous two modes by checking the target security requirements in
|
|
order to determine the type of security token that must be constructed.
|
|
none - Security interceptors are not installed
|
|
* authentication-context: when the security attribute is set to 'elytron', the authentication-context
|
|
attribute must be defined to indicate the name of the Elytron authentication context that will be
|
|
used to match the target URI in order to obtain an authentication configuration.
|
|
* transactions: indicates which transaction initializers should be installed. There are three possibilities:
|
|
full - This requires JTS to be enabled in the transactions subsystem config, and will enable full transaction
|
|
interoperability with other JBoss AS instances.
|
|
spec - This does not require JTS to be enabled, but will install the minimum set of transaction interceptors
|
|
required for EJB spec compliance. These interceptors detect an incoming transaction and throw an
|
|
exception if the invocation should be run in the incoming transaction context.
|
|
none - No transaction initializers will be installed.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="security" type="securityEnabledType" use="optional" default="none"/>
|
|
<xs:attribute name="authentication-context" type="xs:string" use="optional" default="none"/>
|
|
<xs:attribute name="transactions" type="transactionEnabledType" use="optional" default="none"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="namingConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The namingConfigType specifies the attributes used to configure the naming service.
|
|
|
|
* root-context: the naming service root context.
|
|
* export-corbaloc: indicates whether the root context should be exported as corbaloc::address:port/NameService
|
|
(true) or not (false).
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="root-context" type="xs:string" use="optional" default="NameService"/>
|
|
<xs:attribute name="export-corbaloc" type="trueFalseType" use="optional" default="true"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="securityConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The securityConfigType specifies the attributes used to configure the ORB security features.
|
|
|
|
* support-ssl: indicates whether SSL is to be supported (true) or not (false). If set to true, then either
|
|
the security-domain attribute must be set or the server-ssl-context and client-ssl-context pair
|
|
must be set. The former tells the subsystem to use a legacy JSSE domain to build SSL contexts
|
|
while the other two tell the subsystem to use the org.wildfly.security.ssl-context capability
|
|
to obtain the server and client side SSL contexts.
|
|
* security-domain: the name of the legacy JSSE domain that holds the key and trust stores that will
|
|
be used to create the SSL context when establishing SSL connections. if defined , then the
|
|
server-ssl-context and client-ssl-contexts attributes must not be set.
|
|
* server-ssl-context: the dynamic name of the capability that provides the SSL context that will be used
|
|
to create server side SSL sockets. If the defined, the client-ssl-context attribute must also be
|
|
defined and the security-domain attribute must not be set.
|
|
* client-ssl-context: the dynamic name of the capability that provides the SSL context that will be used
|
|
to create client side SSL sockets. If the defined, the server-ssl-context attribute must also be
|
|
defined and the security-domain attribute must not be set.
|
|
* add-component-via-interceptor: indicates whether SSL components should be added by an IOR interceptor
|
|
(true) or not (false).
|
|
* server-requires-ssl: indicates wheter IIOP connections to the server require SSL
|
|
* client-requires-ssl: indicates wheter IIOP connections from the server require SSL
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="support-ssl" type="trueFalseType" use="optional" default="false"/>
|
|
<xs:attribute name="security-domain" type="xs:string" use="optional"/>
|
|
<xs:attribute name="server-ssl-context" type="xs:string" use="optional"/>
|
|
<xs:attribute name="client-ssl-context" type="xs:string" use="optional"/>
|
|
<xs:attribute name="add-component-via-interceptor" type="trueFalseType" use="optional" default="true"/>
|
|
<xs:attribute name="server-requires-ssl" type="xs:boolean" use="optional" default="false"/>
|
|
<xs:attribute name="client-requires-ssl" type="xs:boolean" use="optional" default="false"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="interopConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The interopConfigType specifies the attributes used to configure the ORB interoperability features.
|
|
|
|
* iona: indicates wheter interoperability with IONA's ASP is enabled.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="iona" type="xs:boolean" use="optional" default="false"/>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="genericPropertiesType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Enclosing element for a list of generic properties.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:sequence>
|
|
<xs:element name="property" minOccurs="0" maxOccurs="unbounded" type="genericPropertyType"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
|
|
<xs:complexType name="genericPropertyType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The property element allows for the specification of generic name/value properties. It is useful to specify
|
|
configuration attributes that have not been covered in this schema.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="name" type="xs:string" use="required"/>
|
|
<xs:attribute name="value" type="xs:string" use="required"/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="iorTransportEnum">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enumeration of allowed values for IOR transport config fields.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="none"/>
|
|
<xs:enumeration value="supported"/>
|
|
<xs:enumeration value="required"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:complexType name="iorTransportConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The iorTransportconfigType specifies the attributes used to setup the IOR transport settings.
|
|
|
|
* integrity: indicates whether the transport must require integrity protection or not. Valid values are
|
|
"none", "supported" and "required".
|
|
* confidentiality: indicates whether the transport must require confidentiality protection or not. Valid
|
|
values are "none", "supported" and "required".
|
|
* trust-in-target: indicates if the transport must require trust in target to be established. Valid values
|
|
are "none" and "supported".
|
|
* trust-in-client: indicates if the transport must require trust in client to be established. Valid values
|
|
are "none", "supported" and "required".
|
|
* detect-replay: indicates whether the transport must require replay detection or not. Valid values are
|
|
"none", "supported" and "required".
|
|
* detect-misordering: indicates whether the transport must require misordering detection or not. Valid
|
|
values are "none", "supported" and "required".
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="integrity" type="iorTransportEnum" use="optional" default="none"/>
|
|
<xs:attribute name="confidentiality" type="iorTransportEnum" use="optional" default="none"/>
|
|
<xs:attribute name="trust-in-target" type="iorTransportEnum" use="optional" default="none"/>
|
|
<xs:attribute name="trust-in-client" type="iorTransportEnum" use="optional" default="none"/>
|
|
<xs:attribute name="detect-replay" type="iorTransportEnum" use="optional" default="none"/>
|
|
<xs:attribute name="detect-misordering" type="iorTransportEnum" use="optional" default="none"/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="authMethodEnum">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enumeration of allowed values for AS Context auth method.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="none"/>
|
|
<xs:enumeration value="username_password"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:complexType name="iorASContextType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The iorASContextType specifies the attributes used to setup the IOR Authentication Service settings.
|
|
|
|
* auth-method: the authentication method. Valid values are "none" and "username_password".
|
|
* realm: the Authentication Service realm name. If not provided it will be set to "Default".
|
|
* requires: indicates if authentication is required (true) or not (false).
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="auth-method" type="authMethodEnum" use="optional" default="username_password"/>
|
|
<xs:attribute name="realm" type="xs:string" use="optional"/>
|
|
<xs:attribute name="required" type="xs:boolean" use="optional" default="false"/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="callerPropagationEnum">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enumeration of allowed values for SAS Context caller propagation.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="none"/>
|
|
<xs:enumeration value="supported"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:complexType name="iorSASContextType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
The iorSASContextType specifies the attributes used to setup the IOR Secure Attribute Service settings.
|
|
|
|
* caller-propagation: indicates whether the caller should be propagated in the SAS context or not. Valid
|
|
values are "none" and "supported".
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:attribute name="caller-propagation" type="callerPropagationEnum" use="optional" default="none"/>
|
|
</xs:complexType>
|
|
|
|
<xs:simpleType name="trueFalseType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
<![CDATA[
|
|
Enumeration of allowed values for the standard IIOP attributes.
|
|
]]>
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="true"/>
|
|
<xs:enumeration value="false"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:simpleType name="transactionEnabledType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enumeration of allowed values for the transaction interceptor config.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="full"/>
|
|
<xs:enumeration value="none"/>
|
|
<xs:enumeration value="spec"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:simpleType name="securityEnabledType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enumeration of allowed values for the security interceptor config.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="identity"/>
|
|
<xs:enumeration value="client"/>
|
|
<xs:enumeration value="elytron"/>
|
|
<xs:enumeration value="none"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
<xs:simpleType name="sslConfigType">
|
|
<xs:annotation>
|
|
<xs:documentation>
|
|
Enumeration of allowed values for the SSL config.
|
|
</xs:documentation>
|
|
</xs:annotation>
|
|
<xs:restriction base="xs:token">
|
|
<xs:enumeration value="None"/>
|
|
<xs:enumeration value="ServerAuth"/>
|
|
<xs:enumeration value="ClientAuth"/>
|
|
<xs:enumeration value="MutualAuth"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
|
|
</xs:schema>
|