Appendix A. Reference Material
A.1. Server Runtime Arguments
The application server startup script accepts arguments and switches at runtime. This allows the server to start under alternative configurations to those defined in the standalone.xml
, domain.xml
, and host.xml
configuration files.
Alternative configurations might include starting the server with an alternative socket bindings set or a secondary configuration.
The available parameters list can be accessed by passing the help switch -h
or --help
at startup.
Argument or Switch | Operating Mode | Description |
---|---|---|
--admin-only | Standalone |
Set the server’s running type to |
--admin-only | Domain |
Set the host controller’s running type to |
-b=<value>, -b <value> | Standalone, Domain |
Set system property |
-b<interface>=<value> | Standalone, Domain |
Set system property |
--backup | Domain | Keep a copy of the persistent domain configuration even if this host is not the domain controller. |
-c=<config>, -c <config> | Standalone |
Name of the server configuration file to use. The default is |
-c=<config>, -c <config> | Domain |
Name of the server configuration file to use. The default is |
--cached-dc | Domain | If the host is not the domain controller and cannot contact the domain controller at boot, boot using a locally cached copy of the domain configuration. |
--debug [<port>] | Standalone | Activate debug mode with an optional argument to specify the port. Only works if the launch script supports it. |
-D<name>[=<value>] | Standalone, Domain | Set a system property. |
--domain-config=<config> | Domain |
Name of the server configuration file to use. The default is |
--git-repo | Standalone |
The location of the Git repository that is used to manage and persist server configuration data. This can be |
--git-branch | Standalone | The branch or tag name in the Git repository to use. This argument should name an existing branch or tag name as it will not be created if it does not exist. If you use a tag name, you put the repository in a detached HEAD state, meaning future commits are not attached to any branches. Tag names are read-only and are normally used when you need to replicate a configuration across several nodes. |
--git-auth | Standalone |
The URL to an Elytron configuration file that contains the credentials to be used when connecting to a remote Git repository. This argument is required if your remote Git repository requires authentication. Although Git supports SSH authentication, Elytron does not; therefore, only default SSH authentication is supported using private keys without a password. This argument is not used with a |
-h, --help | Standalone, Domain | Display the help message and exit. |
--host-config=<config> | Domain |
Name of the host configuration file to use. The default is |
--interprocess-hc-address=<address> | Domain | Address on which the host controller should listen for communication from the process controller. |
--interprocess-hc-port=<port> | Domain | Port on which the host controller should listen for communication from the process controller. |
--master-address=<address> | Domain |
Set system property |
--master-port=<port> | Domain |
Set system property |
--read-only-server-config=<config> | Standalone |
Name of the server configuration file to use. This differs from |
--read-only-domain-config=<config> | Domain |
Name of the domain configuration file to use. This differs from |
--read-only-host-config=<config> | Domain |
Name of the host configuration file to use. This differs from |
-P=<url>, -P <url>, --properties=<url> | Standalone, Domain | Load system properties from the given URL. |
--pc-address=<address> | Domain | Address on which the process controller listens for communication from processes it controls. |
--pc-port=<port> | Domain | Port on which the process controller listens for communication from processes it controls. |
-S<name>[=<value>] | Standalone | Set a security property. |
-secmgr | Standalone, Domain | Runs the server with a security manager installed. |
--server-config=<config> | Standalone |
Name of the server configuration file to use. The default is |
--start-mode=<mode> | Standalone |
Set the start mode of the server. This option cannot be used in conjunction with
|
-u=<value>, -u <value> | Standalone, Domain |
Set system property |
-v, -V, --version | Standalone, Domain | Display the application server version and exit. |
The configuration files that ship with JBoss EAP are set up to handle the behavior of the switches, for example, -b
and -u
. If you change your configuration files to no longer use the system property controlled by the switch, then adding it to the launch command will have no effect.
A.2. RPM Service Configuration Files
The RPM installation of JBoss EAP includes two additional configuration files compared to a ZIP or installer installation. These files are used by the service init script to specify the JBoss EAP launch environment. The location of these service configuration files differ for Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7 and later versions.
For Red Hat Enterprise Linux 7 and later, RPM service configuration files are loaded using systemd
, so variable expressions are not expanded.
File | Description |
---|---|
/etc/sysconfig/eap7-standalone | Settings specific to standalone JBoss EAP servers on Red Hat Enterprise Linux 6. |
/etc/sysconfig/eap7-domain | Settings specific to JBoss EAP running as a managed domain on Red Hat Enterprise Linux 6. |
File | Description |
---|---|
/etc/opt/rh/eap7/wildfly/eap7-standalone.conf | Settings specific to standalone JBoss EAP servers on Red Hat Enterprise Linux 7 and later. |
/etc/opt/rh/eap7/wildfly/eap7-domain.conf | Settings specific to JBoss EAP running as a managed domain on Red Hat Enterprise Linux 7 and later. |
A.3. RPM Service Configuration Properties
The following table shows a list of available configuration properties for the JBoss EAP RPM service along with their default values.
If a property has the same name in both the RPM service configuration file, such as /etc/sysconfig/eap7-standalone
, and in the JBoss EAP startup configuration file, such as EAP_HOME/bin/standalone.conf
, the value that takes precedence is the one in the JBoss EAP startup configuration file. One such property is JAVA_HOME
.
Property | Description |
---|---|
JAVA_HOME | The directory where your Java Runtime Environment is installed.
Default value: |
JAVAPTH | The path where the Java executable files are installed.
Default value: |
WILDFLY_STARTUP_WAIT | The number of seconds that the init script will wait until confirming that the server has launched successfully after receiving a start or restart command. This property only applies to Red Hat Enterprise Linux 6.
Default value: |
WILDFLY_SHUTDOWN_WAIT | The number of seconds that the init script will wait for the server to shutdown before continuing when it receives a stop or restart command. This property only applies to Red Hat Enterprise Linux 6.
Default value: |
WILDFLY_CONSOLE_LOG | The file that the CONSOLE log handler will be redirected to.
Default value: |
WILDFLY_SH | The script which is used to launch to JBoss EAP server.
Default value: |
WILDFLY_SERVER_CONFIG | The server configuration file to use.
There is no default for this property. Either |
WILDFLY_HOST_CONFIG |
For a managed domain, this property allows a user to specify the host configuration file, such as |
WILDFLY_MODULEPATH | The path of the JBoss EAP module directory.
Default value: |
WILDFLY_BIND |
Sets the |
WILDFLY_OPTS | Additional arguments to include on startup. For example: -Dorg.wildfly.openssl.path=PATH_TO_OPENSSL_LIBS
|
A.4. Overview of JBoss EAP Subsystems
The table below gives a brief description of the JBoss EAP subsystems.
JBoss EAP Subsystem | Description |
---|---|
batch-jberet | Configure an environment for running batch applications and manage batch jobs. |
bean-validation | Configure bean validation for validating Java object data. |
core-management | Register listeners for server lifecycle events and track configuration changes. |
datasources | Create and configure datasources and manage JDBC database drivers. |
deployment-scanner | Configure deployment scanners to monitor particular locations for applications to deploy. |
ee | Configure common functionality in the Java EE platform, such as defining global modules, enabling descriptor-based property replacement, and configuring default bindings. |
ejb3 | Configure Enterprise JavaBeans (EJBs), including session and message-driven beans.
More information for the |
elytron | Configure server and application security.
More information on the |
iiop-openjdk |
Configure Common Object Request Broker Architecture (CORBA) services for JTS transactions and other ORB services, including security. In JBoss EAP 6, this functionality was contained in the |
infinispan | Configure caching functionality for JBoss EAP high availability services. |
io | Define workers and buffer pools to be used by other subsystems. |
jaxrs | Enable the deployment and functionality of JAX-RS applications. |
jca | Configure the general settings for the Java EE Connector Architecture (JCA) container and resource adapter deployments. |
jdr | Enable the gathering of diagnostic data to aid in troubleshooting. JBoss EAP subscribers can provide this information to Red Hat when requesting support. |
jgroups | Configure the protocol stacks and communication mechanisms for how servers in a cluster talk to each other. |
jmx | Configure remote Java Management Extensions (JMX) access. |
jpa | Manages the Java Persistence API (JPA) 2.1 container-managed requirements and allows you to deploy persistent unit definitions, annotations, and descriptors.
More information for the |
jsf | Manage JavaServer Faces (JSF) implementations. |
jsr77 | Provide Java EE management capabilities defined by the JSR-77 specification. |
logging | Configure system and application-level logging through a system of log categories and log handlers. |
| Configure mail server attributes and custom mail transports to create a mail service that allows applications deployed to JBoss EAP to send mail using that service. |
messaging-activemq |
Configure JMS destinations, connection factories, and other settings for Artemis, the integrated messaging provider. In JBoss EAP 6, messaging functionality was contained in the
More information for the |
microprofile-config-smallrye | Use MicroProfile Config SmallRye to provide portable externalization of configuration data, allowing applications to access the latest configuration properties without restarting the server. Important Eclipse Microprofile Config is provided as Technology Preview only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features. |
microprofile-health-smallrye |
Use SmallRye Health to monitor server health. See Monitor Server Health Using Eclipse MicroProfile Health for information about the Important Eclipse Microprofile Health is provided as Technology Preview only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features. |
microprofile-opentracing-smallrye |
Use SmallRye OpenTracing to trace requests across service boundaries. See Tracing Requests with the MicroProfile OpenTracing SmallRye Subsystem for information about the Important Eclipse Microprofile OpenTracing is provided as Technology Preview only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features. |
modcluster | Configure the server-side mod_cluster worker node. |
naming | Bind entries into global JNDI namespaces and configure the remote JNDI interface. |
picketlink-federation | Configure PicketLink SAML-based single sign-on (SSO).
More information on the |
picketlink-identity-management | Configure PicketLink identity management services. This subsystem is unsupported. |
pojo | Enable deployment of applications containing JBoss Microcontainer services, as supported by previous versions of JBoss EAP. |
remoting | Configure settings for inbound and outbound connections for local and remote services. |
request-controller | Configure settings to suspend and shut down servers gracefully. |
resource-adapters | Configure and maintain resource adapters for communication between Java EE applications and an Enterprise Information System (EIS) using the Java Connector Architecture (JCA) specification. |
rts | Unsupported implementation of REST-AT. |
sar | Enable deployment of SAR archives containing MBean services, as supported by previous versions of JBoss EAP. |
security | Legacy method to configure application security settings.
More information on the |
security-manager | Configure Java security policies to be used by the Java Security Manager.
More information on the |
singleton | Define singleton policies to configure the behavior of singleton deployments or to create singleton MSC services.
More information on the |
transactions | Configure the Transaction Manager (TM) options, such as timeout values, transaction logging, and whether to use Java Transaction Service (JTS).
More information on the |
undertow |
Configure JBoss EAP’s web server and servlet container settings. In JBoss EAP 6, this functionality was contained in the |
webservices | Configure published endpoint addresses and endpoint handler chains, as well as the host name, ports, and WSDL address for the web services provider.
More information for the |
weld | Configure Contexts and Dependency Injection (CDI) functionality for JBoss EAP. |
xts | Configure settings for coordinating web services in a transaction. |
A.5. Add-User Utility Arguments
The following table describes the arguments available for the add-user.sh
or add-user.bat
script, which is a utility for adding new users to the properties file for out-of-the-box authentication.
Command Line Argument | Description |
---|---|
-a | Create a user in the application realm. If omitted, the default is to create a user in the management realm. |
-dc <value> |
The domain configuration directory that will contain the properties files. If it is omitted, the default directory is |
-sc <value> |
An alternative standalone server configuration directory that will contain the properties files. If omitted, the default directory is |
-up, --user-properties <value> |
The name of the alternative user properties file. It can be an absolute path or it can be a file name used in conjunction with the |
-g, --group <value> | A comma-separated list of groups to assign to this user. |
-gp, --group-properties <value> |
The name of the alternative group properties file. It can be an absolute path or it can be a file name used in conjunction with the |
-p, --password <value> | The password of the user. |
-u, --user <value> | The name of the user. User names can only contain the following characters, in any number and in any order:
|
-r, --realm <value> |
The name of the realm used to secure the management interfaces. If omitted, the default is |
-s, --silent |
Run the |
-e, --enable | Enable the user. |
-d, --disable | Disable the user. |
-cw, --confirm-warning | Automatically confirm warning in interactive mode. |
-h, --help |
Display usage information for the |
-ds, --display-secret | Print the secret value in non-interactive mode. |
A.6. Management Audit Logging Attributes
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-config_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
enabled | Whether audit logging is enabled. |
log-boot | Whether operations should be logged on server boot. |
log-read-only | Whether operations that do not modify the configuration or any runtime services should be logged. |
Attribute | Description |
---|---|
compact |
If |
date-format |
The date format to use as understood by |
date-separator |
The separator between the date and the rest of the formatted log message. This is ignored if |
escape-control-characters |
If |
escape-new-line |
If |
include-date | Whether or not to include the date in the formatted log record. |
Attribute | Description |
---|---|
disabled-due-to-failure | Whether this handler has been disabled due to logging failures (read-only). |
failure-count | The number of logging failures since the handler was initialized (read-only). |
formatter | The JSON formatter used to format the log messages. |
max-failure-count | The maximum number of logging failures before disabling this handler. |
path | The path of the audit log file. |
relative-to |
The name of another previously named path, or of one of the standard paths provided by the system. If |
rotate-at-startup | Whether the old log file should be rotated at server startup. |
Attribute | Description |
---|---|
app-name | The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product. |
disabled-due-to-failure | Whether this handler has been disabled due to logging failures (read-only). |
facility | The facility to use for syslog logging as defined in section 6.2.1 of RFC-5424 and section 4.1.1 of RFC-3164. |
failure-count | The number of logging failures since the handler was initialized (read-only). |
formatter | The JSON formatter used to format the log messages. |
max-failure-count | The maximum number of logging failures before disabling this handler. |
max-length |
The maximum length in bytes a log message, including the header, is allowed to be. If undefined, it will default to |
protocol |
The protocol to use for the syslog handler. Must be one and only one of |
syslog-format |
The syslog format: |
truncate |
Whether or not a message, including the header, should truncate the message if the length in bytes is greater than the value of the |
Syslog servers vary in their implementation, so not all settings are applicable to all syslog servers. Testing has been conducted using the rsyslog syslog implementation.
This table lists only the high-level attributes. Each attribute has configuration parameters, and some have child configuration parameters.
A.7. Interface Attributes
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-config_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Interface Element | Description |
---|---|
any | Element indicating that part of the selection criteria for an interface should be that it meets at least one, but not necessarily all, of the nested set of criteria. |
any-address |
Empty element indicating that sockets using this interface should be bound to a wildcard address. The IPv6 wildcard address ( |
inet-address | Either an IP address in IPv6 or IPv4 dotted decimal notation, or a host name that can be resolved to an IP address. |
link-local-address | Empty element indicating that part of the selection criteria for an interface should be whether or not an address associated with it is link-local. |
loopback | Empty element indicating that part of the selection criteria for an interface should be whether or not it is a loopback interface. |
loopback-address | A loopback address that may not actually be configured on the machine’s loopback interface. Differs from inet-address type in that the given value will be used even if no NIC can be found that has the IP address associated with it. |
multicast | Empty element indicating that part of the selection criteria for an interface should be whether or not it supports multicast. |
name | The name of the interface. |
nic | The name of a network interface (e.g. eth0, eth1, lo). |
nic-match | A regular expression against which the names of the network interfaces available on the machine can be matched to find an acceptable interface. |
not | Element indicating that part of the selection criteria for an interface should be that it does not meet any of the nested set of criteria. |
point-to-point | Empty element indicating that part of the selection criteria for an interface should be whether or not it is a point-to-point interface. |
public-address | Empty element indicating that part of the selection criteria for an interface should be whether or not it has a publicly routable address. |
site-local-address | Empty element indicating that part of the selection criteria for an interface should be whether or not an address associated with it is site-local. |
subnet-match |
A network IP address and the number of bits in the address' network prefix, written in slash notation, for example, |
up | Empty element indicating that part of the selection criteria for an interface should be whether or not it is currently up. |
virtual | Empty element indicating that part of the selection criteria for an interface should be whether or not it is a virtual interface. |
A.8. Socket Binding Attributes
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-config_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
The following tables show the attributes that can be configured for each of the three types of socket bindings.
Attribute | Description |
---|---|
client-mappings | Specifies the client mappings for this socket binding. A client connecting to this socket should use the destination address specified in the mapping that matches its desired outbound interface. This allows for advanced network topologies that use either network address translation, or have bindings on multiple network interfaces to function. Each mapping should be evaluated in declared order, with the first successful match used to determine the destination. |
fixed-port | Whether the port value should remain fixed even if numeric offsets are applied to the other sockets in the socket group. |
interface |
Name of the interface to which the socket should be bound, or, for multicast sockets, the interface on which it should listen. This should be one of the declared interfaces. If not defined, the value of the |
multicast-address | Multicast address on which the socket should receive multicast traffic. If unspecified, the socket will not be configured to receive multicast. |
multicast-port |
Port on which the socket should receive multicast traffic. Must be configured if |
name | The name of the socket. Services needing to access the socket configuration information will find it using this name. This attribute is required. |
port | Number of the port to which the socket should be bound. Note that this value can be overridden if servers apply a port-offset to increment or decrement all port values. |
Attribute | Description |
---|---|
fixed-source-port | Whether the port value should remain fixed even if numeric offsets are applied to the other outbound sockets in the socket group. |
host | The host name or IP address of the remote destination to which this outbound socket will connect. |
port | The port number of the remote destination to which the outbound socket should connect. |
source-interface | The name of the interface that will be used for the source address of the outbound socket. |
source-port | The port number that will be used as the source port of the outbound socket. |
Attribute | Description |
---|---|
fixed-source-port | Whether the port value should remain fixed even if numeric offsets are applied to the other outbound sockets in the socket group. |
socket-binding-ref | The name of the local socket binding that will be used to determine the port to which this outbound socket connects. |
source-interface | The name of the interface that will be used for the source address of the outbound socket. |
source-port | The port number that will be used as the source port of the outbound socket. |
A.9. Default Socket Bindings
The following tables show the default socket bindings for each socket binding group.
Socket Binding | Port | Description |
---|---|---|
ajp | 8009 | Apache JServ Protocol. Used for HTTP clustering and load balancing. |
http | 8080 | The default port for deployed web applications. |
https | 8443 | SSL-encrypted connection between deployed web applications and clients. |
management-http | 9990 | Used for HTTP communication with the management layer. |
management-https | 9993 | Used for HTTPS communication with the management layer. |
txn-recovery-environment | 4712 | The JTA transaction recovery manager. |
txn-status-manager | 4713 | The JTA / JTS transaction manager. |
Socket Binding | Port | Multicast Port | Description |
---|---|---|---|
ajp | 8009 | Apache JServ Protocol. Used for HTTP clustering and load balancing. | |
http | 8080 | The default port for deployed web applications. | |
https | 8443 | SSL-encrypted connection between deployed web applications and clients. | |
jgroups-mping | 45700 | Multicast. Used to discover initial membership in a HA cluster. | |
jgroups-tcp | 7600 | Unicast peer discovery in HA clusters using TCP. | |
jgroups-udp | 55200 | 45688 | Multicast peer discovery in HA clusters using UDP. |
management-http | 9990 | Used for HTTP communication with the management layer. | |
management-https | 9993 | Used for HTTPS communication with the management layer. | |
modcluster | 23364 | Multicast port for communication between JBoss EAP and the HTTP load balancer. | |
txn-recovery-environment | 4712 | The JTA transaction recovery manager. | |
txn-status-manager | 4713 | The JTA / JTS transaction manager. |
Socket Binding | Port | Description |
---|---|---|
ajp | 8009 | Apache JServ Protocol. Used for HTTP clustering and load balancing. |
http | 8080 | The default port for deployed web applications. |
https | 8443 | SSL-encrypted connection between deployed web applications and clients. |
iiop | 3528 | CORBA services for JTS transactions and other ORB-dependent services. |
iiop-ssl | 3529 | SSL-encrypted CORBA services. |
management-http | 9990 | Used for HTTP communication with the management layer. |
management-https | 9993 | Used for HTTPS communication with the management layer. |
txn-recovery-environment | 4712 | The JTA transaction recovery manager. |
txn-status-manager | 4713 | The JTA / JTS transaction manager. |
Name | Port | Multicast Port | Description |
---|---|---|---|
ajp | 8009 | Apache JServ Protocol. Used for HTTP clustering and load balancing. | |
http | 8080 | The default port for deployed web applications. | |
https | 8443 | SSL-encrypted connection between deployed web applications and clients. | |
iiop | 3528 | CORBA services for JTS transactions and other ORB-dependent services. | |
iiop-ssl | 3529 | SSL-encrypted CORBA services. | |
jgroups-mping | 45700 | Multicast. Used to discover initial membership in a HA cluster. | |
jgroups-tcp | 7600 | Unicast peer discovery in HA clusters using TCP. | |
jgroups-udp | 55200 | 45688 | Multicast peer discovery in HA clusters using UDP. |
management-http | 9990 | Used for HTTP communication with the management layer. | |
management-https | 9993 | Used for HTTPS communication with the management layer. | |
modcluster | 23364 | Multicast port for communication between JBoss EAP and the HTTP load balancer. | |
txn-recovery-environment | 4712 | The JTA transaction recovery manager. | |
txn-status-manager | 4713 | The JTA / JTS transaction manager. |
Name | Port | Multicast Port | Description |
---|---|---|---|
http | 8080 | The default port for deployed web applications. | |
https | 8443 | SSL-encrypted connection between deployed web applications and clients. | |
management-http | 9990 | Used for HTTP communication with the management layer. | |
management-https | 9993 | Used for HTTPS communication with the management layer. | |
mcmp-management | 8090 | The port for the Mod-Cluster Management Protocol (MCMP) connection to transmit lifecycle events. | |
modcluster | 23364 | Multicast port for communication between JBoss EAP and the HTTP load balancer. |
A.10. Module Command Arguments
The following arguments can be passed to the module add
management CLI command:
Argument | Description |
---|---|
--absolute-resources |
Use this argument to specify a list of absolute file system paths to reference from its
See |
--allow-nonexistent-resources |
Use this argument to create empty directories for resources specified by |
--dependencies | Use this argument to provide a comma-separated list of module names that this module depends on. |
--export-dependencies | Use this argument to specify exported dependencies. module add --name=com.mysql --resources=/path/to/mysql-connector-java-8.0.12.jar --export-dependencies=javax.api,javax.transaction.api
|
--main-class | Use this argument to specify the fully qualified class name that declares the module’s main method. |
--module-root-dir |
Use this argument if you have defined an external JBoss EAP module directory to use instead of the default module add --module-root-dir=/path/to/my-external-modules/ --name=com.mysql --resources=/path/to/mysql-connector-java-8.0.12.jar --dependencies=javax.api,javax.transaction.api |
--module-xml |
Use this argument to provide a file system path to a |
--name | Use this argument to provide the name of the module to add. This argument is required. |
--properties |
Use this argument to provide a comma-separated list of |
--resource-delimiter |
Use this argument to set a user-defined file path separator for the list of resources provided to the |
--resources |
Use this argument to specify the resources for this module by providing a list of file system paths. The files are copied to this module directory and referenced from its
See |
--slot |
Use this argument to add the module to a slot other than the default module add --name=com.mysql --slot=8.0 --resources=/path/to/mysql-connector-java-8.0.12.jar --dependencies=javax.api,javax.transaction.api
|
A.11. Deployment Scanner Marker Files
Marker files are used by the deployment scanner to mark the status of an application within the deployment directory of the JBoss EAP server instance. A marker file has the same name as the deployment, with the file suffix indicating the state of the application’s deployment.
For example, a successful deployment of test-application.war
would have a marker file named test-application.war.deployed
.
The following table lists the available marker file types and their meanings.
Filename Suffix | Origin | Description |
---|---|---|
.deployed | System-generated | Indicates that the content has been deployed. The content will be undeployed if this file is deleted. |
.dodeploy | User-generated | Indicates that the content should be deployed or redeployed. |
.failed | System-generated | Indicates deployment failure. The marker file contains information about the cause of failure. If the marker file is deleted, the content will be eligible for auto-deployment again. |
.isdeploying | System-generated | Indicates that the deployment is in progress. This marker file will be deleted upon completion. |
.isundeploying | System-generated |
Triggered by deleting a |
.pending | System-generated | Indicates that the deployment scanner recognizes the need to deploy content, but an issue is currently preventing auto-deployment (for example, if content is in the process of being copied). This marker serves as a global deployment road-block, meaning that the scanner will not instruct the server to deploy or undeploy any content while this marker file exists. |
.skipdeploy | User-generated | Disables auto-deploy of an application while present. Useful as a method of temporarily blocking the auto-deployment of exploded content, preventing the risk of incomplete content edits being pushed. Can be used with zipped content, although the scanner detects in-progress changes to zipped content and waits until completion. |
.undeployed | System-generated | Indicates that the content has been undeployed. Deletion of this marker file has no impact to content redeployment. |
A.12. Deployment Scanner Attributes
The deployment scanner contains the following configurable attributes.
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/jboss-as-deployment-scanner_2_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Name | Default | Description |
---|---|---|
auto-deploy-exploded | false |
Allows the automatic deployment of exploded content without requiring a |
auto-deploy-xml | true |
Allows the automatic deployment of XML content without requiring a |
auto-deploy-zipped | true |
Allows the automatic deployment of zipped content without requiring a |
deployment-timeout | 600 | The time value in seconds for the deployment scanner to allow a deployment attempt before being canceled. |
path | deployments |
The actual file system path to be scanned. Treated as an absolute path, unless the |
relative-to | jboss.server.base.dir | Reference to a file system path defined as a path in the server configuration. |
runtime-failure-causes-rollback | false | Whether a runtime failure of a deployment causes a rollback of the deployment as well as all other (possibly unrelated) deployments as part of the scan operation. |
scan-enabled | true |
Allows the automatic scanning for applications by |
scan-interval | 5000 |
The time interval in milliseconds that the repository should be scanned for changes. A value of less than |
A.13. Managed Domain JVM Configuration Attributes
The following JVM configuration options can be set for a managed domain at the host, server group, or server level. Note that valid values for some of these attributes are dependent upon your JVM. See your JDK vendor’s documentation for additional information.
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-config_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
agent-lib |
Sets the value of the |
agent-path |
Sets the value of the |
debug-enabled | Whether to enable debug. This attribute only applies to JVM configurations at the server level. |
debug-options | Specifies the JVM options to use when debug is enabled. This attribute only applies to JVM configurations at the server level. |
env-classpath-ignored |
Whether to ignore the |
environment-variables | Specifies key/value pair environment variables. |
heap-size |
Sets the value of the |
java-agent |
Sets the value of the |
java-home |
Sets the value of the |
jvm-options | Specifies any additional JVM options needed. |
launch-command |
Specifies an operating system level command to prefix before the |
max-heap-size |
Sets the value of the |
max-permgen-size | Sets the maximum size of the permanent generation. Deprecated: The JVM no longer provides a separate permanent generation space. |
permgen-size | Sets the initial permanent generation size. Deprecated: The JVM no longer provides a separate permanent generation space. |
stack-size |
Sets the value of the |
type |
Specifies which vendor provided the JVM in use. Available options are |
A.14. Mail Subsystem Attributes
The following tables describe the attributes in the mail
subsystem for mail sessions and the following mail server types:
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-mail_3_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
debug | Whether to enable JavaMail debugging. |
from | The default "from" address to use if not set when sending. |
jndi-name | The JNDI name to which the mail session should be bound. |
Attribute | Description |
---|---|
credential-reference | Credential, from a credential store, to authenticate on the server. |
outbound-socket-binding-ref | Reference to the outbound socket binding for the mail server. |
password | The password to authenticate on the server. |
ssl | Whether the server requires SSL. |
tls | Whether the server requires TLS. |
username | The username to authenticate on the server. |
Attribute | Description |
---|---|
credential-reference | Credential, from a credential store, to authenticate on the server. |
outbound-socket-binding-ref | Reference to the outbound socket binding for the mail server. |
password | The password to authenticate on the server. |
ssl | Whether the server requires SSL. |
tls | Whether the server requires TLS. |
username | The username to authenticate on the server. |
Attribute | Description |
---|---|
credential-reference | Credential, from a credential store to authenticate on the server. |
outbound-socket-binding-ref | Reference to the outbound socket binding for the mail server. |
password | The password to authenticate on the server. |
ssl | Whether the server requires SSL. |
tls | Whether the server requires TLS. |
username | The username to authenticate on the server. |
Attribute | Description |
---|---|
credential-reference | Credential, from a credential store, to authenticate on the server. |
outbound-socket-binding-ref | Reference to the outbound socket binding for the mail server. |
password | The password to authenticate on the server. |
properties | The JavaMail properties for this server. |
ssl | Whether the server requires SSL. |
tls | Whether the server requires TLS. |
username | The username to authenticate on the server. |
A.15. Root Logger Attributes
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/jboss-as-logging_3_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that excludes log entries that do not match a pattern: |
handlers | A list of log handlers that are used by the root logger. |
level | The lowest level of log message that the root logger records. |
A filter-spec
specified for the root logger is not inherited by other handlers. Instead a filter-spec
must be specified per handler.
A.16. Log Category Attributes
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/jboss-as-logging_6_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
category | The log category from which log messages will be captured. |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
handlers | A list of log handlers associated with the logger. |
level | The lowest level of log message that the log category records. |
use-parent-handlers |
If set to |
A.17. Log Handler Attributes
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/jboss-as-logging_6_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
autoflush |
If set to |
enabled |
If set to |
encoding | The character encoding scheme to be used for the output. |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
formatter | The log formatter used by this log handler. |
level | The lowest level of log message the log handler records. |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
named-formatter | The name of the defined formatter to be used on the handler. |
target | The system output stream where the output of the log handler is sent. This can be one of the following:
|
Attribute | Description |
---|---|
append |
If set to |
autoflush |
If set to |
enabled |
If set to |
encoding | The character encoding scheme to be used for the output. |
file |
The object that represents the file where the output of this log handler is written to. It has two configuration properties, |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
formatter | The log formatter used by this log handler. |
level | The lowest level of log message the log handler records. |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
named-formatter | The name of the defined formatter to be used on the handler. |
Attribute | Description |
---|---|
append |
If set to |
autoflush |
If set to |
enabled |
If set to |
encoding | The character encoding scheme to be used for the output. |
file |
Object that represents the file to which the output of this log handler is written. It has two configuration properties, |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
formatter | The log formatter used by this log handler. |
level | The lowest level of log message the log handler records. |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
named-formatter | The name of the defined formatter to be used on the handler. |
suffix |
This string is included in the suffix appended to rotated logs. The format of the |
Attribute | Description |
---|---|
append |
If set to |
autoflush |
If set to |
enabled |
If set to |
encoding | The character encoding scheme to be used for the output. |
file |
Object that represents the file where the output of this log handler is written to. It has two configuration properties, |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
formatter | The log formatter used by this log handler. |
level | The lowest level of log message the log handler records. |
max-backup-index |
The maximum number of rotated logs that are kept. When this number is reached, the oldest log is reused. The default is
If the |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
named-formatter | The name of the defined formatter to be used on the handler. |
rotate-on-boot |
If set to |
rotate-size |
The maximum size that the log file can reach before it is rotated. A single character appended to the number indicates the size units: |
suffix |
This string is included in the suffix appended to rotated logs. The format of the |
Attribute | Description |
---|---|
append |
If set to |
autoflush |
If set to |
enabled |
If set to |
encoding | The character encoding scheme to be used for the output. |
file |
Object that represents the file where the output of this log handler is written to. It has two configuration properties, |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
formatter | The log formatter used by this log handler. |
level | The lowest level of log message the log handler records. |
max-backup-index |
The maximum number of rotated logs that are kept. When this number is reached, the oldest log is reused. The default is
If the |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
named-formatter | The name of the defined formatter to be used on the handler. |
rotate-on-boot |
If set to |
rotate-size |
The maximum size that the log file can reach before it is rotated. A single character appended to the number indicates the size units: |
suffix |
This string is included in the suffix appended to rotated logs. The format of the |
Attribute | Description |
---|---|
app-name |
The app name used when formatting the message in RFC5424 format. By default the app name is |
enabled |
If set to |
facility | The facility as defined by RFC-5424 and RFC-3164. |
hostname | The name of the host from which the messages are being sent. For example, the name of the host the application server is running on. |
level | The lowest level of log message the log handler records. |
port | The port on which the syslog server is listening. |
server-address | The address of the syslog server. |
syslog-format | Formats the log message according to the RFC specification. |
Attribute | Description |
---|---|
autoflush | Whether to automatically flush after each write. |
block-on-reconnect |
If set to |
enabled |
If set to |
encoding | The character encoding used by this handler |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
level | The lowest level of log message the log handler records. |
named-formatter | The name of the defined formatter to be used on the handler. |
outbound-socket-binding-ref | The reference to the outbound socket binding for the socket connection. |
protocol |
The protocol the socket should communicate over. Allowed values are |
ssl-context |
The reference to the defined SSL context. This is only used if |
Attribute | Description |
---|---|
class | The logging handler class to be used. |
enabled |
If set to |
encoding | The character encoding scheme to be used for the output. |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
formatter | The log formatter used by this log handler. |
level | The lowest level of log message the log handler records. |
module | The module one which the logging handler depends. |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
named-formatter | The name of the defined formatter to be used on the handler. |
properties | The properties used for the logging handler. |
Attribute | Description |
---|---|
enabled |
If set to |
filter |
Defines a simple filter type. Deprecated in favor of |
filter-spec |
An expression value that defines a filter. The following expression defines a filter that does not match a pattern: |
level | The lowest level of log message the log handler records. |
name | The name of the log handler. Deprecated since the handler’s address contains the name. |
overflow-action |
How this handler responds when its queue length is exceeded. This can be set to |
queue-length | Maximum number of log messages that will be held by this handler while waiting for sub-handlers to respond. |
subhandlers | The list of log handlers to which this async handler passes its log messages. |
A.18. Log Formatter Attributes
Symbol | Description |
---|---|
%c | The category of the logging event. |
%p | The level of the log entry (INFO, DEBUG, etc.). |
%P | The localized level of the log entry. |
%d |
The current date/time ( |
%r | The relative time (milliseconds since the log was initialized). |
%z |
The time zone, which must be specified before the date ( |
%k | A log resource key (used for localization of log messages). |
%m | The log message (including exception trace). |
%s | The simple log message (no exception trace). |
%e | The exception stack trace (no extended module information). |
%E | The exception stack trace (with extended module information). |
%t | The name of the current thread. |
%n | A newline character. |
%C | The class of the code calling the log method (slow). |
%F | The filename of the class calling the log method (slow). |
%l | The source location of the code calling the log method (slow). |
%L | The line number of the code calling the log method (slow). |
%M | The method of the code calling the log method (slow). |
%x | The Nested Diagnostic Context. |
%X | The Message Diagnostic Context. |
%% |
A literal percent ( |
Attribute | Description |
---|---|
date-format |
The date-time format pattern. The pattern must be a valid |
exception-output-type | Indicates how the cause of the logged message, if one is available, is added to the JSON output. The allowed values are:
|
key-overrides | Allows the names of the keys for the JSON properties to be overridden. |
meta-data | Sets the metadata to be used in the JSON formatter. |
pretty-print | Whether or not pretty printing should be used when formatting. |
print-details | Whether or not details should be printed. The details include the source class name, source file name, source method name, source module name, source module version and source line number. Note Printing the details can be expensive as the values are retrieved from the caller. |
record-delimiter | The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed. |
zone-id | The zone ID for formatting the date and time. The system default is used if left undefined. |
Attribute | Description |
---|---|
date-format |
The date-time format pattern. The pattern must be a valid |
exception-output-type | Indicates how the cause of the logged message, if one is available, is added to the XML output. The allowed values are:
|
key-overrides | Allows the names of the keys for the XML properties to be overridden. |
meta-data | Sets the meta data to use in the XML format. Properties are added to each log message. |
namespace-uri |
Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the |
pretty-print | Whether or not pretty printing should be used when formatting. |
print-details | Whether or not details should be printed. The details include the source class name, source file name, source method name, source module name, source module version and source line number. Note Printing the details can be expensive as the values are retrieved from the caller. |
record-delimiter | The value to be used to indicate the end of a record. If this is null, no delimiter is used at the end of the record. The default value is a line feed. |
zone-id | The zone ID for formatting the date and time. The system default is used if left undefined. |
A.19. Datasource Connection URLs
Datasource | Connection URL |
---|---|
IBM DB2 | jdbc:db2://SERVER_NAME:PORT/DATABASE_NAME |
MariaDB | jdbc:mariadb://SERVER_NAME:PORT/DATABASE_NAME |
MariaDB Galera Cluster | jdbc:mariadb://SERVER_NAME:PORT,SERVER_NAME:PORT/DATABASE_NAME |
Microsoft SQL Server | jdbc:sqlserver://SERVER_NAME:PORT;DatabaseName=DATABASE_NAME |
MySQL | jdbc:mysql://SERVER_NAME:PORT/DATABASE_NAME |
Oracle | jdbc:oracle:thin:@SERVER_NAME:PORT:ORACLE_SID |
PostgreSQL | jdbc:postgresql://SERVER_NAME:PORT/DATABASE_NAME |
Sybase | jdbc:sybase:Tds:SERVER_NAME:PORT/DATABASE_NAME |
A.20. Datasource Attributes
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-datasources_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Datasource Type | Description |
---|---|---|
allocation-retry | Non-XA, XA |
The number of times that allocating a connection should be tried before throwing an exception. The default is |
allocation-retry-wait-millis | Non-XA, XA |
The amount of time, in milliseconds, to wait between retrying to allocate a connection. The default is |
allow-multiple-users | Non-XA, XA |
Whether multiple users will access the datasource through the |
authentication-context | Non-XA, XA |
The Elytron authentication context which defines the |
background-validation | Non-XA, XA |
Whether connections should be validated on a background thread versus being validated prior to use. Background validation is typically not to be used with |
background-validation-millis | Non-XA, XA | The frequency, in milliseconds, that background validation will run. |
blocking-timeout-wait-millis | Non-XA, XA | The maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time. |
capacity-decrementer-class | Non-XA, XA | Class defining the policy for decrementing connections in the pool. |
capacity-decrementer-properties | Non-XA, XA | Properties to be injected in the class defining the policy for decrementing connections in the pool. |
capacity-incrementer-class | Non-XA, XA | Class defining the policy for incrementing connections in the pool. |
capacity-incrementer-properties | Non-XA, XA | Properties to be injected in the class defining the policy for incrementing connections in the pool. |
check-valid-connection-sql | Non-XA, XA | An SQL statement to check validity of a pool connection. This may be called when a managed connection is obtained from the pool. |
connectable | Non-XA, XA | Enable the use of CMR, which means that a local resource can reliably participate in an XA transaction. |
connection-listener-class | Non-XA, XA |
Specifies class name extending |
connection-listener-property | Non-XA, XA |
Properties to be injected into the class specified in the |
connection-properties | Non-XA Only |
Arbitrary string name/value pair connection properties to pass to the |
connection-url | Non-XA Only | The JDBC driver connection URL. |
credential-reference | Non-XA, XA | Credential, from a credential store, to authenticate on datasource. |
datasource-class | Non-XA Only | The fully-qualified name of the JDBC datasource class. |
driver-class | Non-XA Only | The fully-qualified name of the JDBC driver class. |
driver-name | Non-XA, XA | Defines the JDBC driver the datasource should use. It is a symbolic name matching the name of installed driver. If the driver is deployed as JAR, the name is the name of the deployment. |
elytron-enabled | Non-XA, XA |
Enables Elytron security for handling authentication of connections. The Elytron |
enabled | Non-XA, XA | Whether the datasource should be enabled. |
enlistment-trace | Non-XA, XA |
Whether enlistment traces should be recorded. This is |
exception-sorter-class-name | Non-XA, XA |
An instance of |
exception-sorter-properties | Non-XA, XA | The exception sorter properties. |
flush-strategy | Non-XA, XA | Specifies how the pool should be flushed in case of an error. Valid values are:
|
idle-timeout-minutes | Non-XA, XA |
The maximum time, in minutes, a connection may be idle before being closed. If not specified, the default is |
initial-pool-size | Non-XA, XA | The initial number of connections a pool should hold. |
interleaving | XA Only | Whether to enable interleaving for XA connections. |
jndi-name | Non-XA, XA | The unique JNDI name for the datasource. |
jta | Non-XA Only | Enable JTA integration. |
max-pool-size | Non-XA, XA | The maximum number of connections that a pool can hold. |
mcp | Non-XA, XA |
The |
min-pool-size | Non-XA, XA | The minimum number of connections that a pool can hold. |
new-connection-sql | Non-XA, XA | An SQL statement to execute whenever a connection is added to the connection pool. |
no-recovery | XA Only | Whether the connection pool should be excluded from recovery. |
no-tx-separate-pool | XA Only |
Whether to create a separate sub-pool for each context. This may be required for some Oracle datasources, which may not allow XA connections to be used both inside and outside of a JTA transaction. Using this option will cause your total pool size to be twice the |
pad-xid | XA Only | Whether to pad the Xid. |
password | Non-XA, XA | The password to use when creating a new connection. |
pool-fair | Non-XA, XA |
Defines if pool should be fair. This setting is part of a |
pool-prefill | Non-XA, XA | Whether the pool should be prefilled. |
pool-use-strict-min | Non-XA, XA |
Whether |
prepared-statements-cache-size | Non-XA, XA | The number of prepared statements per connection in a Least Recently Used (LRU) cache. |
query-timeout | Non-XA, XA | The timeout for queries, in seconds. The default is no timeout. |
reauth-plugin-class-name | Non-XA, XA | The fully-qualified class name of the reauthentication plugin implementation to reauthenticate physical connections. |
reauth-plugin-properties | Non-XA, XA | The properties for the reauthentication plugin. |
recovery-authentication-context | XA Only |
The Elytron authentication context which defines the |
recovery-credential-reference | XA Only | Credential, from a credential store, to authenticate on datasource. |
recovery-elytron-enabled | XA Only |
Enables Elytron security for handling authentication of connections for recovery. The Elytron |
recovery-password | XA Only | The password to use to connect to the resource for recovery. |
recovery-plugin-class-name | XA Only | The fully-qualified class name of the recovery plugin implementation. |
recovery-plugin-properties | XA Only | The properties for the recovery plugin. |
recovery-security-domain | XA Only | The security domain to use to connect to the resource for recovery. |
recovery-username | XA Only | The user name to use to connect to the resource for recovery. |
same-rm-override | XA Only |
Whether the |
security-domain | Non-XA, XA | The name of a JAAS security-manager which handles authentication. This name correlates to the application-policy/name attribute of the JAAS login configuration. |
set-tx-query-timeout | Non-XA, XA | Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if no transaction exists. |
share-prepared-statements | Non-XA, XA |
Whether JBoss EAP should cache, instead of close or terminate, the underlying physical statement when the wrapper supplied to the application is closed by application code. The default is |
spy | Non-XA, XA |
Enable spy functionality on the JDBC layer. This logs all JDBC traffic to the datasource. Note that the logging category |
stale-connection-checker-class-name | Non-XA, XA |
An instance of |
stale-connection-checker-properties | Non-XA, XA | The stale connection checker properties. |
statistics-enabled | Non-XA, XA |
Whether runtime statistics are enabled. The default is |
track-statements | Non-XA, XA | Whether to check for unclosed statements when a connection is returned to a pool and a statement is returned to the prepared statement cache. If false, statements are not tracked. Valid values:
|
tracking | Non-XA, XA | Whether to track connection handles across transaction boundaries. |
transaction-isolation | Non-XA, XA |
The
|
url-delimiter | Non-XA, XA | The delimiter for URLs in connection-url for High Availability (HA) datasources. |
url-property | XA Only |
The property for the |
url-selector-strategy-class-name | Non-XA, XA |
A class that implements |
use-ccm | Non-XA, XA | Enable the cached connection manager. |
use-fast-fail | Non-XA, XA | If true, fail a connection allocation on the first attempt if the connection is invalid. If false, keep trying until the pool is exhausted. |
use-java-context | Non-XA, XA | Whether to bind the datasource into global JNDI. |
use-try-lock | Non-XA, XA |
A timeout value for internal locks. This attempts to obtain the lock for the configured number of seconds, before timing out, rather than failing immediately if the lock is unavailable. Uses |
user-name | Non-XA, XA | The user name to use when creating a new connection. |
valid-connection-checker-class-name | Non-XA, XA |
An implementation of |
valid-connection-checker-properties | Non-XA, XA | The valid connection checker properties. |
validate-on-match | Non-XA, XA |
Whether connection validation is performed when a connection factory attempts to match a managed connection. This should be used when a client must have a connection validated prior to use. Validate-on-match is typically not to be used with |
wrap-xa-resource | XA Only |
Whether to wrap the XAResource in an |
xa-datasource-class | XA Only |
The fully-qualified name of the |
xa-datasource-properties | XA Only | String name/value pair of XA datasource properties. |
xa-resource-timeout | XA Only |
If non-zero, this value is passed to the |
Attribute | Datasource Type | Description |
---|---|---|
datasource-class-info | Non-XA, XA |
The available properties for the |
A.21. Datasource Statistics
Name | Description |
---|---|
ActiveCount | The number of active connections. Each of the connections is either in use by an application or available in the pool. |
AvailableCount | The number of available connections in the pool. |
AverageBlockingTime | The average time spent blocking on obtaining an exclusive lock on the pool. This value is in milliseconds. |
AverageCreationTime | The average time spent creating a connection. This value is in milliseconds. |
AverageGetTime | The average time spent obtaining a connection. |
AveragePoolTime | The average time that a connection spent in the pool. |
AverageUsageTime | The average time spent using a connection. |
BlockingFailureCount | The number of failures trying to obtain a connection. |
CreatedCount | The number of connections created. |
DestroyedCount | The number of connections destroyed. |
IdleCount | The number of connections that are currently idle. |
InUseCount | The number of connections currently in use. |
MaxCreationTime | The maximum time it took to create a connection. This value is in milliseconds. |
MaxGetTime | The maximum time for obtaining a connection. |
MaxPoolTime | The maximum time for a connection in the pool. |
MaxUsageTime | The maximum time using a connection. |
MaxUsedCount | The maximum number of connections used. |
MaxWaitCount | The maximum number of requests waiting for a connection at the same time. |
MaxWaitTime | The maximum time spent waiting for an exclusive lock on the pool. |
TimedOut | The number of timed out connections. |
TotalBlockingTime | The total time spent waiting for an exclusive lock on the pool. This value is in milliseconds. |
TotalCreationTime | The total time spent creating connections. This value is in milliseconds. |
TotalGetTime | The total time spent obtaining connections. |
TotalPoolTime | The total time spent by connections in the pool. |
TotalUsageTime | The total time spent using connections. |
WaitCount | The number of requests that had to wait to obtain a connection. |
XACommitAverageTime | The average time for an XAResource commit invocation. |
XACommitCount | The number of XAResource commit invocations. |
XACommitMaxTime | The maximum time for an XAResource commit invocation. |
XACommitTotalTime | The total time for all XAResource commit invocations. |
XAEndAverageTime | The average time for an XAResource end invocation. |
XAEndCount | The number of XAResource end invocations. |
XAEndMaxTime | The maximum time for an XAResource end invocation. |
XAEndTotalTime | The total time for all XAResource end invocations. |
XAForgetAverageTime | The average time for an XAResource forget invocation. |
XAForgetCount | The number of XAResource forget invocations. |
XAForgetMaxTime | The maximum time for an XAResource forget invocation. |
XAForgetTotalTime | The total time for all XAResource forget invocations. |
XAPrepareAverageTime | The average time for an XAResource prepare invocation. |
XAPrepareCount | The number of XAResource prepare invocations. |
XAPrepareMaxTime | The maximum time for an XAResource prepare invocation. |
XAPrepareTotalTime | The total time for all XAResource prepare invocations. |
XARecoverAverageTime | The average time for an XAResource recover invocation. |
XARecoverCount | The number of XAResource recover invocations. |
XARecoverMaxTime | The maximum time for an XAResource recover invocation. |
XARecoverTotalTime | The total time for all XAResource recover invocations. |
XARollbackAverageTime | The average time for an XAResource rollback invocation. |
XARollbackCount | The number of XAResource rollback invocations. |
XARollbackMaxTime | The maximum time for an XAResource rollback invocation. |
XARollbackTotalTime | The total time for all XAResource rollback invocations. |
XAStartAverageTime | The average time for an XAResource start invocation. |
XAStartCount | The number of XAResource start invocations. |
XAStartMaxTime | The maximum time for an XAResource start invocation. |
XAStartTotalTime | The total time for all XAResource start invocations. |
Name | Description |
---|---|
PreparedStatementCacheAccessCount | The number of times that the statement cache was accessed. |
PreparedStatementCacheAddCount | The number of statements added to the statement cache. |
PreparedStatementCacheCurrentSize | The number of prepared and callable statements currently cached in the statement cache. |
PreparedStatementCacheDeleteCount | The number of statements discarded from the cache. |
PreparedStatementCacheHitCount | The number of times that statements from the cache were used. |
PreparedStatementCacheMissCount | The number of times that a statement request could not be satisfied with a statement from the cache. |
A.22. Agroal Datasource Attributes
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-agroal_1_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
connectable | Whether to enable CMR (Commit Markable Resource) functionality on this datasource. This applies to non-XA datasources only. |
jndi-name | Specifies the JNDI name for the datasource. |
jta | Whether to enable JTA integration. This applies to non-XA datasources only. |
statistics-enabled |
Whether to enable statistics for this datasource. Defaults to |
Attribute | Description |
---|---|
authentication-context |
Reference to an authentication context in the |
connection-properties | Properties to be passed to the JDBC driver when creating a connection. |
credential-reference | Credential, from a credential store, to authenticate with. |
driver | A unique reference to the JDBC driver. |
new-connection-sql | A SQL statement to be executed on a connection after creation. |
password | The password to use for basic authentication with the database. |
transaction-isolation |
Set the |
url | The JDBC driver connection URL. |
username | The username to use for basic authentication with the database. |
Attribute | Description |
---|---|
background-validation | The time, in milliseconds, between background validation runs. |
blocking-timeout | The maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. |
idle-removal | The time, in minutes, that a connection must be idle before it can be removed. |
initial-size | The initial number of connections the pool should hold. |
leak-detection | The time, in milliseconds, that a connection must be held before a leak warning. |
max-size | The maximum number of connections in the pool. |
min-size | The minimum number of connections the pool should hold. |
A.23. Transaction Manager Configuration Options
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-txn_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
default-timeout |
The default transaction timeout. This defaults to |
enable-statistics |
Deprecated in favor of |
enable-tsm-status |
Whether to enable the transaction status manager (TSM) service, which is used for out-of-process recovery. This option is not supported, as running an out-of-process recovery manager to contact the |
hornetq-store-enable-async-io |
Deprecated in favor of |
jdbc-action-store-drop-table |
Whether JDBC action store should drop tables. The default is |
jdbc-action-store-table-prefix | Optional prefix for table used to write transaction logs in configured JDBC action store. |
jdbc-communication-store-drop-table |
Whether JDBC communication store should drop tables. The default is |
jdbc-communication-store-table-prefix | Optional prefix for table used to write transaction logs in configured JDBC communication store. |
jdbc-state-store-drop-table |
Whether JDBC state store should drop tables. The default is |
jdbc-state-store-table-prefix | Optional prefix for table used to write transaction logs in configured JDBC state store. |
jdbc-store-datasource |
JNDI name of non-XA datasource used. Datasource should be defined in the |
journal-store-enable-async-io |
Whether |
jts |
Whether to use Java Transaction Service (JTS) transactions. Defaults to |
maximum-timeout |
If a transaction is set to have a transaction timeout of |
node-identifier | The node identifier for the transaction manager. If this option is not set, you will see a warning upon server startup. This option is required in the following situations:
The node-identifier must be unique for each transaction manager as it is required to enforce data integrity during recovery. The node-identifier must also be unique for JTA because multiple nodes may interact with the same resource manager or share a transaction object store. |
object-store-path |
A relative or absolute file system path where the transaction manager object store stores data. By default relative to the |
object-store-relative-to |
References a global path configuration in the domain model. The default value is the data directory for JBoss EAP, which is the value of the property |
process-id-socket-binding |
The name of the socket binding configuration to use if the transaction manager should use a socket-based process ID. Will be |
process-id-socket-max-ports | The transaction manager creates a unique identifier for each transaction log. Two different mechanisms are provided for generating unique identifiers: a socket-based mechanism and a mechanism based on the process identifier of the process.
In the case of the socket-based identifier, a socket is opened and its port number is used for the identifier. If the port is already in use, the next port is probed, until a free one is found. The process-id-socket-max-ports represents the maximum number of sockets the transaction manager will try before failing. The default value is |
process-id-uuid |
Set to |
recovery-listener |
Whether or not the transaction recovery process should listen on a network socket. Defaults to |
socket-binding |
Specifies the name of the socket binding used by the transaction periodic recovery listener when |
statistics-enabled |
Whether statistics should be enabled. The default is |
status-socket-binding | Specifies the socket binding to use for the transaction status manager. This configuration option is not supported. |
use-hornetq-store |
Deprecated in favor of |
use-jdbc-store |
Use the JDBC store for writing transaction logs. Set to |
use-journal-store |
Use Apache ActiveMQ Artemis journaled storage mechanisms instead of file-based storage for the transaction logs. This is disabled by default, but can improve I/O performance. It is not recommended for JTS transactions on separate transaction managers. When changing this option, the server has to be restarted using the |
Attribute | Description |
---|---|
expose-all-logs |
Whether to expose all logs. The default is |
type |
Specifies the implementation type of the logging store. The default is |
Attribute | Description |
---|---|
batch-size |
The batch size for this CMR resource. The default is |
immediate-cleanup |
Whether to perform immediate cleanup for this CMR resource. The default is |
jndi-name | The JNDI name of this CMR resource. |
name |
The table name for storing XIDs. The default is |
A.24. IIOP Subsystem Attributes
Attribute names in this table are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-iiop-openjdk_3_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
add-component-via-interceptor | Indicates whether SSL components should be added by an IOR interceptor. Deprecated. |
auth-method |
The authentication method. Valid values are |
authentication-context |
The name of the authentication context used when the security initializer is set to |
caller-propagation |
Indicates whether the caller identity should be propagated in the SAS context. Valid values are |
client-requires |
Value that indicates the client SSL required parameters. Valid values are |
client-requires-ssl | Indicates whether IIOP connections from the server require SSL. |
client-ssl-context | The name of the SSL context used to create client-side SSL sockets. |
client-supports |
Value that indicates the client SSL supported parameters. Valid values are |
confidentiality |
Indicates whether the transport must require confidentiality protection or not. Valid values are |
detect-misordering |
Indicates whether the transport must require misordering detection or not. Valid values are |
detect-replay |
Indicates whether the transport must require replay detection or not. Valid values are |
export-corbaloc |
Indicates whether the root context should be exported as |
giop-version | The GIOP version to be used. |
high-water-mark |
TCP connection cache parameter. Each time the number of connections exceeds this value, the ORB tries to reclaim connections. The number of reclaimed connections is specified by the |
integrity |
Indicates whether the transport must require integrity protection or not. Valid values are |
number-to-reclaim |
TCP connection cache parameter. Each time the number of connections exceeds the |
persistent-server-id | Persistent ID of the server. Persistent object references are valid across many activations of the server and they identify it using this property. As a result of that, many activations of the same server should have this property set to the same value, and different server instances running on the same host should have different server IDs. |
properties | A list of generic key/value properties. |
realm | The authentication service realm name. |
required | Indicates whether authentication is required. |
root-context | The naming service root context. |
security |
Indicates whether the security interceptors are to be installed. Valid values are |
security-domain | The name of the security domain that holds the keystores and truststores that will be used to establish SSL connections. |
server-requires |
Value that indicates the server SSL required parameters. Valid values are |
server-requires-ssl | Indicates whether IIOP connections to the server require SSL. |
server-ssl-context | The name of the SSL context used to create server-side SSL sockets. |
server-supports |
Value that indicates the server SSL supported parameters. Valid values are |
socket-binding | The name of the socket binding configuration that specifies the ORB port. |
ssl-socket-binding | The name of the socket binding configuration that specifies the ORB SSL port. |
support-ssl | Indicates whether SSL is supported. |
transactions |
Indicates whether the transactions interceptors are to be installed or not. Valid values are |
trust-in-client |
Indicates if the transport must require trust in client to be established. Valid values are |
trust-in-target |
Indicates if the transport must require trust in target to be established. Valid values are |
A.25. Resource Adapter Attributes
The following tables describe the resource adapter attributes.
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-resource-adapters_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Description |
---|---|
archive | The resource adapter archive. |
beanvalidationgroups | The bean validation groups that should be used. |
bootstrap-context | The unique name of the bootstrap context that should be used. |
config-properties | Custom defined config properties. |
module | The module from which the resource adapter will be loaded. |
statistics-enabled | Whether runtime statistics are enabled or not. |
transaction-support |
The transaction support level of the resource adapter. Valid values are |
wm-elytron-security-domain | Defines the name of the Elytron security domain that should be used. |
wm-security |
Toggle on/off |
wm-security-default-groups |
A default groups list that should be added to the used |
wm-security-default-principal |
A default principal name that should be added to the used |
wm-security-domain | The name of the security domain that should be used. |
wm-security-mapping-groups | List of groups mappings. |
wm-security-mapping-required | Defines if a mapping is required for security credentials. |
wm-security-mapping-users | List of user mappings. |
If your resource adapter is using bootstrap-context
along with a work manager that has elytron-enabled
set to true
, you must use the wm-elytron-security-domain
attribute instead of the wm-security-domain
attribute for security domain specification.
Attribute | Description |
---|---|
class-name | The fully qualified class name of an administration object. |
enabled | Specifies if the administration object should be enabled. |
jndi-name | The JNDI name for the administration object. |
use-java-context | Setting this to false will bind the object into global JNDI. |
Attribute | Description |
---|---|
allocation-retry | Indicates the number of times that allocating a connection should be tried before throwing an exception. |
allocation-retry-wait-millis | The amount of time, in milliseconds, to wait between retrying to allocate a connection. |
authentication-context |
The Elytron authentication context which defines the |
authentication-context-and-application |
Indicates that either application-supplied parameters, such as from |
background-validation | Specifies that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart. |
background-validation-millis | The amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart. |
blocking-timeout-wait-millis | The maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time. |
capacity-decrementer-class | Class defining the policy for decrementing connections in the pool. |
capacity-decrementer-properties | Properties to inject in class defining the policy for decrementing connections in the pool. |
capacity-incrementer-class | Class defining the policy for incrementing connections in the pool. |
capacity-incrementer-properties | Properties to inject in class defining the policy for incrementing connections in the pool. |
class-name | The fully qualified class name of a managed connection factory or admin object. |
connectable | Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction. |
elytron-enabled |
Enables Elytron security for handling authentication of connections. The Elytron |
enabled | Specifies if the resource adapter should be enabled. |
enlistment | Specifies if lazy enlistment should be used if supported by the resource adapter. |
enlistment-trace |
Specifies if JBoss EAP/IronJacamar should record enlistment traces. This is |
flush-strategy | Specifies how the pool should be flushed in case of an error. Valid values are:
|
idle-timeout-minutes |
The maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the |
initial-pool-size | The initial number of connections a pool should hold. |
interleaving | Specifies whether to enable interleaving for XA connections. |
jndi-name | The JNDI name for the connection factory. |
max-pool-size | The maximum number of connections for a pool. No more connections will be created in each sub-pool. |
mcp |
The |
min-pool-size | The minimum number of connections for a pool. |
no-recovery | Specifies if the connection pool should be excluded from recovery. |
no-tx-separate-pool | Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts. |
pad-xid | Specifies whether the Xid should be padded. |
pool-fair | Specifies if pool use should be fair. |
pool-prefill | Specifies if the pool should be prefilled. Changing this value requires a server restart. |
pool-use-strict-min |
Specifies if the |
recovery-authentication-context |
The Elytron authentication context used for recovery. If no |
recovery-credential-reference | Credential, from a credential store, to authenticate on recovery of the connection. |
recovery-elytron-enabled |
Indicates that an Elytron authentication context will be used for recovery. The default is |
recovery-password | The password used for recovery. |
recovery-plugin-class-name | The fully qualified class name of the recovery plugin implementation. |
recovery-plugin-properties | The properties for the recovery plugin. |
recovery-security-domain | The security domain used for recovery. |
recovery-username | The user name used for recovery. |
same-rm-override |
Unconditionally set whether |
security-application |
Indicates that application-supplied parameters, such as from |
security-domain |
The security domain which defines the |
security-domain-and-application |
Indicates that either application-supplied parameters, such as from |
sharable | Enable the use of sharable connections, which allows lazy association to be enabled if supported. |
tracking | Specifies if IronJacamar should track connection handles across transaction boundaries. |
use-ccm | Enable the use of a cached connection manager. |
use-fast-fail |
When set to |
use-java-context |
Setting this to |
validate-on-match | Specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation. |
wrap-xa-resource |
Specifies whether |
xa-resource-timeout |
The value is passed to |
A.26. Resource Adapter Statistics
Name | Description |
---|---|
ActiveCount | The number of active connections. Each of the connections is either in use by an application or available in the pool |
AvailableCount | The number of available connections in the pool. |
AverageBlockingTime | The average time spent blocking on obtaining an exclusive lock on the pool. The value is in milliseconds. |
AverageCreationTime | The average time spent creating a connection. The value is in milliseconds. |
CreatedCount | The number of connections created. |
DestroyedCount | The number of connections destroyed. |
InUseCount | The number of connections currently in use. |
MaxCreationTime | The maximum time it took to create a connection. The value is in milliseconds. |
MaxUsedCount | The maximum number of connections used. |
MaxWaitCount | The maximum number of requests waiting for a connection at the same time. |
MaxWaitTime | The maximum time spent waiting for an exclusive lock on the pool. |
TimedOut | The number of timed out connections. |
TotalBlockingTime | The total time spent waiting for an exclusive lock on the pool. The value is in milliseconds. |
TotalCreationTime | The total time spent creating connections. The value is in milliseconds. |
WaitCount | The number of requests that had to wait for a connection. |
A.27. Undertow Subsystem Attributes
See the tables below for the attributes of the various elements of the undertow
subsystem.
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-undertow_4_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Default | Description |
---|---|---|
default-security-domain | other | The default security domain used by web deployments. |
default-server | default-server | The default server to use for deployments. |
default-servlet-container | default | The default servlet container to use for deployments. |
default-virtual-host | default-host | The default virtual host to use for deployments. |
instance-id | ${jboss.node.name} | The cluster instance ID. |
statistics-enabled | false | Whether statistics are enabled. |
Application Security Domain Attributes
The application security domain attributes has the following structure:
application-security-domain Attributes
Attribute | Default | Description |
---|---|---|
enable-jacc | false | Enable authorization using JACC. |
http-authentication-factory | The HTTP Authentication Factory to be used by deployments that reference the mapped security domain. | |
override-deployment-config | false | Whether the authentication configuration in the deployment should be overridden by the factory. |
referencing-deployments | The deployments currently referencing this mapping. | |
security-domain |
The |
single-sign-on Attributes
Attribute | Default | Description |
---|---|---|
client-ssl-context | Reference to the SSL context used to secure back-channel logout connection. | |
cookie-name | JSESSIONIDSSO | Name of the cookie. |
credential-reference | The credential reference to decrypt the private key entry. | |
domain | The cookie domain that will be used. | |
http-only | false | Set cookie httpOnly attribute. |
key-alias | Alias of the private key entry used for signing and verifying back-channel logout connection. | |
key-store | Reference to keystore containing a private key entry. | |
path | / | Cookie path. |
secure | false | Set cookie secure attribute. |
Buffer Cache Attributes
Attribute | Default | Description |
---|---|---|
buffer-size | 1024 | The size of the buffers. Smaller buffers allow space to be utilized more effectively. |
buffers-per-region | 1024 | The numbers of buffers per region. |
max-regions | 10 | The maximum number of regions. This controls the maximum amount of memory that can be used for caching. |
Byte Buffer Pool Attributes
Attribute | Default | Description |
---|---|---|
buffer-size | The size, in bytes, of each buffer slice. If not specified, the size is set based on the available RAM of your system:
For performance tuning advice on this attribute, see Configuring Buffer Pools in the JBoss EAP Performance Tuning Guide. | |
direct | Boolean value that denotes if this buffer is a direct or heap pool. If not specified, the value is set based on the available RAM of your system:
Note that direct pools also have a corresponding heap pool. | |
leak-detection-percent | 0 | The percentage of buffers that should be allocated with a leak detector. |
max-pool-size | The maximum number of buffers to keep in the pool. Buffers will still be allocated above this limit, but will not be retained if the pool is full. | |
thread-local-cache-size | 12 | The size of the per-thread cache. This is a maximum size, the cache will use smart sizing to only keep buffers on the thread if the thread is actually allocating buffers. |
Servlet Container Attributes
The servlet container component has the following structure:
servlet-container Attributes
Attribute | Default | Description |
---|---|---|
allow-non-standard-wrappers | false | Whether request and response wrappers that do not extend the standard wrapper classes can be used. |
default-buffer-cache | default | The buffer cache to use for caching static resources. |
default-cookie-version | 0 | The default cookie version to use for cookies created by the application. |
default-encoding | Default encoding to use for all deployed applications. | |
default-session-timeout | 30 | The default session timeout in minutes for all applications deployed in the container. |
directory-listing | If directory listing should be enabled for default servlets. | |
disable-caching-for-secured-pages | true | Whether to set headers to disable caching for secured paged. Disabling this can cause security problems, as sensitive pages may be cached by an intermediary. |
disable-file-watch-service | false |
If set to |
disable-session-id-reuse | false |
If set to |
eager-filter-initialization | false | Whether to call filter init() on deployment start rather than when first requested. |
ignore-flush | false | Ignore flushes on the servlet output stream. In most cases these just hurt performance for no good reason. |
max-sessions | The maximum number of sessions that can be active at one time. | |
proactive-authentication | true |
Whether proactive authentication should be used. If this is |
session-id-length | 30 | The length of the generated session ID. Longer session ID’s are more secure. |
stack-trace-on-error | local-only |
If an error page with the stack trace should be generated on error. Values are |
use-listener-encoding | false | Use encoding defined on listener. |
mime-mapping Attributes
Attribute | Default | Description |
---|---|---|
value | The mime type for this mapping. |
crawler-session-management Attributes
Configures special session handling for crawler bots.
When using the management CLI to manage the crawler-session-management
element, it is available under settings
in the servlet-container
element. For example:
/subsystem=undertow/servlet-container=default/setting=crawler-session-management:add /subsystem=undertow/servlet-container=default/setting=crawler-session-management:read-resource
Attribute | Default | Description |
---|---|---|
session-timeout | The session timeout in seconds for sessions that are owned by crawlers. | |
user-agents | Regular expression that is used to match the user agent of a crawler. |
jsp Attributes
When using the management CLI to manage the jsp
element, it is available under settings
in the servlet-container
element. For example:
/subsystem=undertow/servlet-container=default/setting=jsp:read-resource
Attribute | Default | Description |
---|---|---|
check-interval | 0 | Check interval for JSP updates using a background thread. This has no effect for most deployments where JSP change notifications are handled using the file system notification API. This only takes effect if the file watch service is disabled. |
development | false | Enable development mode which enables reloading JSP on-the-fly. |
disabled | false | Enable the JSP container. |
display-source-fragment | true | When a runtime error occurs, attempts to display corresponding JSP source fragment. |
dump-smap | false | Write SMAP data to a file. |
error-on-use-bean-invalid-class-attribute | false | Enable errors when using a bad class in useBean. |
generate-strings-as-char-arrays | false | Generate String constants as char arrays. |
java-encoding | UTF8 | Specify the encoding used for Java sources. |
keep-generated | true | Keep the generated servlets. |
mapped-file | true | Map to the JSP source. |
modification-test-interval | 4 | Minimum amount of time between two tests for updates, in seconds. |
optimize-scriptlets | false | If JSP scriptlets should be optimized to remove string concatenation. |
recompile-on-fail | false | Retry failed JSP compilations on each request. |
scratch-dir | Specify a different work directory. | |
smap | true | Enable SMAP. |
source-vm | 1.8 | Source VM level for compilation. |
tag-pooling | true | Enable tag pooling. |
target-vm | 1.8 | Target VM level for compilation. |
trim-spaces | false | Trim some spaces from the generated servlet. |
x-powered-by | true | Enable advertising the JSP engine in x-powered-by. |
persistent-sessions Attributes
When using the management CLI to manage the persistent-sessions
element, it is available under settings
in the servlet-container
element. For example:
/subsystem=undertow/servlet-container=default/setting=persistent-sessions:add /subsystem=undertow/servlet-container=default/setting=persistent-sessions:read-resource
Attribute | Default | Description |
---|---|---|
path | The path to the persistent session data directory. If this is null, sessions will be stored in memory. | |
relative-to | The directory the path is relative to. |
session-cookie Attributes
When using the management CLI to manage the session-cookie
element, it is available under settings
in the servlet-container
element. For example:
/subsystem=undertow/servlet-container=default/setting=session-cookie:add /subsystem=undertow/servlet-container=default/setting=session-cookie:read-resource
Attribute | Default | Description |
---|---|---|
comment | Cookie comment. | |
domain | Cookie domain. | |
http-only | Whether the cookie is http-only. | |
max-age | Maximum age of the cookie. | |
name | Name of the cookie. | |
secure | Whether the cookie is secure. |
websockets Attributes
When using the management CLI to manage the websockets
element, it is available under settings
in the servlet-container
element. For example:
/subsystem=undertow/servlet-container=default/setting=websockets:read-resource
Attribute | Default | Description |
---|---|---|
buffer-pool | default | The buffer pool to use for websocket deployments. |
deflater-level | 0 | Configures the level of compression of the DEFLATE algorithm. |
dispatch-to-worker | true |
Whether callbacks should be dispatched to a worker thread. If this is |
per-message-deflate | false | Enables websocket’s per-message compression extension. |
worker | default | The worker to use for websocket deployments. |
welcome-file Attributes
Defines a welcome file and has no options.
Filter Attributes
These components can be found at /subsystem=undertow/configuration=filter
.
custom-filter Filters
Attribute | Default | Description |
---|---|---|
class-name | Class name of HttpHandler. | |
module | Module name where class can be loaded from. | |
parameters | Filter parameters. |
error-page Filters
The error pages
Attribute | Default | Description |
---|---|---|
code | Error page code. | |
path | Error page path. |
expression-filter Filters
A filter parsed from the Undertow expression language.
Attribute | Default | Description |
---|---|---|
expression | The expression that defines the filter. | |
module | Module to use to load the filter definitions. |
gzip Filters
Defines the gzip filter and has no attributes.
mod-cluster Filters
The mod-cluster filter component has the following structure:
Attribute | Default | Description |
---|---|---|
advertise-frequency | 10000 | The frequency in milliseconds that mod_cluster advertises itself on the network. |
advertise-path | / | The path that mod_cluster is registered under. |
advertise-protocol | http | The protocol that is in use. |
advertise-socket-binding | The multicast group that is used to advertise. | |
broken-node-timeout | 60000 | The amount of time that must elapse before a broken node is removed from the table. |
cached-connections-per-thread | 5 | The number of connections that will be kept alive indefinitely. |
connection-idle-timeout | 60 |
The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum, which is configured by |
connections-per-thread | 10 | The number of connections that will be maintained to back-end servers, per IO thread. |
enable-http2 | false | Whether the load balancer should attempt to upgrade back-end connections to HTTP/2. If HTTP/2 is not supported, HTTP or HTTPS will be used as normal. |
failover-strategy | LOAD_BALANCED | The attribute that determines how a failover node is chosen, in the event that the node to which a session has affinity is not available. |
health-check-interval | 10000 | The frequency of health check pings to back-end nodes. |
http2-enable-push | true | Whether push should be enabled for HTTP/2 connections. |
http2-header-table-size | 4096 | The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression. |
http2-initial-window-size | 65535 | The flow control window size, in bytes, that controls how quickly the client can send data to the server. |
http2-max-concurrent-streams | The maximum number of HTTP/2 streams that can be active at any time on a single connection. | |
http2-max-frame-size | 16384 | The maximum HTTP/2 frame size, in bytes. |
http2-max-header-list-size | The maximum size, in bytes, of request headers the server is prepared to accept. | |
management-access-predicate |
A predicate that is applied to incoming requests to determine if they can perform mod cluster management commands. Provides additional security on top of what is provided by limiting management to requests that originate from the | |
management-socket-binding | The socket binding of the mod_cluster management port. When using mod_cluster two HTTP listeners should be defined, a public one to handle requests, and one bound to the internal network to handle mod cluster commands. This socket binding should correspond to the internal listener, and should not be publicly accessible. | |
max-ajp-packet-size | 8192 | The maximum size, in bytes, for AJP packets. Increasing this will allow AJP to work for requests and responses that have a large amount of headers. This must be the same between load balancers and backend servers. |
max-request-time | -1 | The maximum amount of time that a request to a back-end node can take before it is killed. |
max-retries | 1 | The number of times that an attempt to retry a request will be made, if the request fails. Note If a request is not considered idempotent, it will only be retried if the proxy can be sure that it was not sent to the backend server. |
request-queue-size | 10 | The number of requests that can be queued if the connection pool is full before requests are rejected with a 503. |
security-key | The security key that is used for the mod_cluster group. All members must use the same security key. | |
security-realm |
The security realm that provides the SSL configuration. Deprecated: Use the | |
ssl-context |
The reference to the | |
use-alias | false | Whether an alias check is performed. |
worker | default | The XNIO worker that is used to send the advertise notifications. |
Attribute | Default | Description |
---|---|---|
max-attempts | The number of attempts to send the request to a back-end server. | |
sticky-session | If sticky sessions are enabled. | |
sticky-session-cookie | The session cookie name. | |
sticky-session-force |
If this is | |
sticky-session-path | The path of the sticky session cookie. | |
sticky-session-remove | Remove the session cookie if the request cannot be routed to the correct host. | |
wait-worker | The number of seconds to wait for an available worker. |
load-balancing-group Attributes
Defines a load balancing group and has no options.
Attribute | Default | Description |
---|---|---|
aliases | The nodes aliases. | |
cache-connections | The number of connections to keep alive indefinitely. | |
elected | The elected count. | |
flush-packets | If received data should be immediately flushed. | |
load | The current load of this node. | |
load-balancing-group | The load balancing group this node belongs to. | |
max-connections | The maximum number of connections per IO thread. | |
open-connections | The current number of open connections. | |
ping | The nodes ping. | |
queue-new-requests | If a request is received and there is no worker immediately available should it be queued. | |
read | The number of bytes read from the node. | |
request-queue-size | The size of the request queue. | |
status | The current status of this node. | |
timeout | The request timeout. | |
ttl |
The time connections will stay alive with no requests before being closed, if the number of connections is larger than | |
uri | The URI that the load balancer uses to connect to the node. | |
written | The number of bytes transferred to the node. |
Attribute | Default | Description |
---|---|---|
requests | The number of requests against this context. | |
status | The status of this context. |
request-limit Filters
Attribute | Default | Description |
---|---|---|
max-concurrent-requests | Maximum number of concurrent requests. | |
queue-size | Number of requests to queue before they start being rejected. |
response-header Filters
Response header filter allows you to add custom headers.
Attribute | Default | Description |
---|---|---|
header-name | The header name. | |
header-value | The header value. |
rewrite Filters
Attribute | Default | Description |
---|---|---|
redirect | false | Whether a redirect will be done instead of a rewrite. |
target | The expression that defines the target. If you are redirecting to a constant target put single quotes around the value. |
Handler Attributes
These components can be found at /subsystem=undertow/configuration=handler
.
file Attributes
Attribute | Default | Description |
---|---|---|
cache-buffer-size | 1024 | Size of the buffers. |
cache-buffers | 1024 | Number of buffers. |
case-sensitive | true |
Whether to use case-sensitive file handling. Note that setting this to |
directory-listing | false | Whether to enable directory listing. |
follow-symlink | false | Whether to enable following symbolic links. |
path | Path on the file system from where file handler will serve resources. | |
safe-symlink-paths | Paths that are safe to be targets of symbolic links. |
Using WebDAV for Static Resources
Previous versions of JBoss EAP allowed for using WebDAV with the web
subsystem, by way of the WebdavServlet
, to host static resources and enable additional HTTP methods for accessing and manipulating those files. In JBoss EAP 7, the undertow
subsystem does provide a mechanism for serving static files using a file handler, but the undertow
subsystem does not support WebDAV. If you want to use WebDAV with JBoss EAP 7, you can write a custom WebDAV servlet.
reverse-proxy attributes
The reverse-proxy handler component has the following structure:
Attribute | Default | Description |
---|---|---|
cached-connections-per-thread | 5 | The number of connections that will be kept alive indefinitely. |
connection-idle-timeout | 60 | The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread). |
connections-per-thread | 40 | The number of connections that will be maintained to back-end servers, per IO thread. |
max-request-time | -1 | The maximum time that a proxy request can be active for, before being killed. Defaults to unlimited. |
max-retries | 1 | The number of times that an attempt to retry a request will be made, if the request fails. Note If a request is not considered idempotent, it will only be retried if the proxy can be sure that it was not sent to the backend server. |
problem-server-retry | 30 | Time in seconds to wait before attempting to reconnect to a server that is down. |
request-queue-size | 10 | The number of requests that can be queued if the connection pool is full before requests are rejected with a 503. |
session-cookie-names | JSESSIONID | Comma-separated list of session cookie names. Generally this will just be JSESSIONID. |
Attribute | Default | Description |
---|---|---|
enable-http2 | false |
If |
instance-id | The instance ID, or JVM route, that will be used to enable sticky sessions. | |
outbound-socket-binding | Outbound socket binding for this host. | |
path | / | Optional path if host is using non root resource. |
scheme | http | The kind of scheme that is used. |
security-realm | The security realm that provides the SSL configuration for the connection to the host. | |
ssl-context | Reference to the SSLContext to be used by this handler. |
Server Attributes
The server component has the following structure:
server Attributes
Attribute | Default | Description |
---|---|---|
default-host | default-host | The server’s default virtual host. |
servlet-container | default | The server’s default servlet container. |
ajp-listener Attributes
Attribute | Default | Description |
---|---|---|
allow-encoded-slash | false |
If a request comes in with encoded characters, for example |
allow-equals-in-cookie-value | false | Whether to allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped. |
allow-unescaped-characters-in-url | false |
Whether to allow non-escaped characters in a URL. If set to |
always-set-keep-alive | true | Whether a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification. |
buffer-pipelined-data | false | Whether to buffer pipelined requests. |
buffer-pool | default | The AJP listener’s buffer pool. |
decode-url | true |
If this is |
disallowed-methods | ["TRACE"] | A comma-separated list of HTTP methods that are not allowed. |
enabled | true | If the listener is enabled. Deprecated: Enabled attributes can cause problems in enforcement of configuration consistency. |
max-ajp-packet-size | 8192 | The maximum supported size of AJP packets. If this is modified it has be increased on the load balancer and the back-end server. |
max-buffered-request-size | 16384 | Maximum size of a buffered request, in bytesRequests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation. |
max-connections |
The maximum number of concurrent connections. If no value is set in the server configuration, the limit for the number of concurrent connections is | |
max-cookies | 200 | The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities. |
max-header-size | 1048576 | The maximum size in bytes of a HTTP request header. |
max-headers | 200 | The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities. |
max-parameters | 1000 | The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative. For example, you can potentially have max parameters * 2 total parameters. |
max-post-size | 10485760 | The maximum size of a post that will be accepted |
no-request-timeout | 60000 | The length of time in milliseconds that the connection can be idle before it is closed by the container. |
read-timeout |
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket’s next read will throw a | |
receive-buffer | The receive buffer size. | |
record-request-start-time | false | Whether to record the request start time, to allow for request time to be logged. This has a small but measurable performance impact. |
redirect-socket | If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, whether to automatically redirect the request to the socket binding port specified here. | |
request-parse-timeout | The maximum amount of time in milliseconds that can be spent parsing the request. | |
resolve-peer-address | false | Enables host DNS lookup. |
scheme | The listener scheme, can be HTTP or HTTPS. By default the scheme will be taken from the incoming AJP request. | |
secure | false |
If this is |
send-buffer | The send buffer size. | |
socket-binding | The AJP listener’s socket binding. | |
tcp-backlog | Configure a server with the specified backlog. | |
tcp-keep-alive | Configure a channel to send TCP keep-alive messages in an implementation-dependent manner. | |
url-charset | UTF-8 | URL charset. |
worker | default | The listener’s XNIO worker. |
write-timeout |
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket’s next write will throw a |
host Attributes
Attribute | Default | Description |
---|---|---|
alias | Comma-separated list of aliases for the host. | |
default-response-code | 404 | If set, this will be response code sent back in case requested context does not exist on server. |
default-web-module | ROOT.war | Default web module. |
disable-console-redirect | false |
If set to |
queue-requests-on-start | true |
If set to |
filter-ref Attributes
Attribute | Default | Description |
---|---|---|
predicate | Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition. | |
priority | 1 |
Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others above the same context. Values range from |
location Attributes
Attribute | Default | Description |
---|---|---|
handler | Default handler for this location. |
filter-ref Attributes
Attribute | Default | Description |
---|---|---|
predicate | Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition. | |
priority | 1 | Defines filter order. It should be set to 1 or more. A higher number instructs the server to be included earlier in the handler chain than others under the same context. |
access-log Attributes
When using the management CLI to manage the access-log
element, it is available under settings
in the host
element. For example:
/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add /subsystem=undertow/server=default-server/host=default-host/setting=access-log:read-resource
Attribute | Default | Description |
---|---|---|
directory | ${jboss.server.log.dir} | The directory in which to save logs. |
extended | false | Whether the log uses the extended log file format. |
pattern | common | The access log pattern. Note
If you set the /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=record-request-start-time,value=true) |
predicate | Predicate that determines if the request should be logged. | |
prefix | access_log. | Prefix for the log file name. |
relative-to | The directory the path is relative to. | |
rotate | true | Whether to rotate the access log every day. |
suffix | log | Suffix for the log file name. |
use-server-log | false | Whether the log should be written to the server log, rather than a separate file. |
worker | default | Name of the worker to use for logging. |
http-invoker Attributes
Attribute | Default | Description |
---|---|---|
http-authentication-factory | The HTTP authentication factory to use for authentication. | |
path | wildfly-services | The path that the services are installed under. |
security-realm | The legacy security realm to use for authentication. |
single-sign-on Attributes
When using the management CLI to manage the single-sign-on
element, it is available under settings
in the host
element. For example:
/subsystem=undertow/server=default-server/host=default-host/setting=single-sign-on:add /subsystem=undertow/server=default-server/host=default-host/setting=single-sign-on:read-resource
While distributed single sign-on is no different from an application perspective from previous versions of JBoss EAP, in JBoss EAP 7 the caching and distribution of authentication information is handled differently. For JBoss EAP 7, when running the ha profile, by default each host will have its own Infinispan cache which will store the relevant session and SSO cookie information. This cache is based on the default cache of the web cache container. JBoss EAP will also handle propagating information between all hosts' individual caches.
Attribute | Default | Description |
---|---|---|
cookie-name | JSESSIONIDSSO | Name of the cookie. |
domain | The cookie domain that will be used. | |
http-only | false | Set cookie httpOnly attribute. |
path | / | Cookie path. |
secure | false | Set cookie secure attribute. |
http-listener Attributes
Attribute | Default | Description |
---|---|---|
allow-encoded-slash | false |
If a request comes in with encoded characters, for example |
allow-equals-in-cookie-value | false | Whether to allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped. |
allow-unescaped-characters-in-url | false |
Whether to allow non-escaped characters in a URL. If set to |
always-set-keep-alive | true | Whether a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification. |
buffer-pipelined-data | false | Whether to buffer pipelined requests. |
buffer-pool | default | The listener’s buffer pool. |
certificate-forwarding | false |
Whether certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the |
decode-url | true | Whether the parser will decode the URL and query parameters using the selected character encoding, defaulting to UTF-8. If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired. |
disallowed-methods | ["TRACE"] | A comma-separated list of HTTP methods that are not allowed. |
enable-http2 | false | Whether to enable HTTP/2 support for this listener. |
enabled | true | Whether the listener is enabled. Deprecated: Enabled attributes can cause problems in enforcement of configuration consistency. |
http2-enable-push | true | Whether server push is enabled for this connection. |
http2-header-table-size | 4096 | The size, in bytes, of the header table used for HPACK compression. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression. |
http2-initial-window-size | 65535 | The flow control window size, in bytes, that controls how quickly the client can send data to the server. |
http2-max-concurrent-streams | The maximum number of HTTP/2 streams that can be active at any time on a single connection. | |
http2-max-frame-size | 16384 | The maximum HTTP/2 frame size, in bytes. |
http2-max-header-list-size | The maximum size of request headers the server is prepared to accept. | |
max-buffered-request-size | 16384 | Maximum size of a buffered request, in bytesRequests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation. |
max-connections |
The maximum number of concurrent connections. If no value is set in the server configuration, the limit for the number of concurrent connections is | |
max-cookies | 200 | The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities. |
max-header-size | 1048576 | The maximum size in bytes of a HTTP request header. |
max-headers | 200 | The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities. |
max-parameters | 1000 | The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative. For example, you can potentially have max parameters * 2 total parameters). |
max-post-size | 10485760 | The maximum size of a post that will be accepted. |
no-request-timeout | 60000 | The length of time in milliseconds that the connection can be idle before it is closed by the container. |
proxy-address-forwarding | false | Whether to enable x-forwarded-host and similar headers and set a remote IP address and host name. |
proxy-protocol | false |
Whether to use the PROXY protocol to transport connection information. If set to |
read-timeout |
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket’s next read will throw a | |
receive-buffer | The receive buffer size. | |
record-request-start-time | false | Whether to record the request start time, to allow for request time to be logged. This has a small but measurable performance impact. |
redirect-socket | If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, whether to automatically redirect the request to the socket binding port specified here. | |
request-parse-timeout | The maximum amount of time in milliseconds that can be spent parsing the request. | |
require-host-http11 | false |
It requires all HTTP/1.1 requests to have a |
resolve-peer-address | false | Enables host DNS lookup. |
secure | false |
If this is |
send-buffer | The send buffer size. | |
socket-binding | The listener’s socket binding | |
tcp-backlog | Configure a server with the specified backlog. | |
tcp-keep-alive | Configure a channel to send TCP keep-alive messages in an implementation-dependent manner. | |
url-charset | UTF-8 | URL charset. |
worker | default | The listener’s XNIO worker. |
write-timeout |
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket’s next write will throw a |
https-listener Attributes
Attribute | Default | Description |
---|---|---|
allow-encoded-slash | false |
If a request comes in with encoded characters, for example |
allow-equals-in-cookie-value | false | Whether to allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped. |
allow-unescaped-characters-in-url | false |
Whether to allow non-escaped characters in a URL. If set to |
always-set-keep-alive | true | Whether a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification. |
buffer-pipelined-data | false | Whether to buffer pipelined requests. |
buffer-pool | default | The listener’s buffer pool. |
certificate-forwarding | false |
Whether certificate forwarding should be enabled or not. If this is enabled then the listener will take the certificate from the |
decode-url | true | Whether the parser will decode the URL and query parameters using the selected character encoding, defaulting to UTF-8. If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired. |
disallowed-methods | ["TRACE"] | A comma-separated list of HTTP methods that are not allowed. |
enable-http2 | false | Enables HTTP/2 support for this listener. |
enable-spdy | false | Enables SPDY support for this listener. Deprecated: SPDY has been replaced by HTTP/2. |
enabled | true | If the listener is enabled. Deprecated: Enabled attributes can cause problems in enforcement of configuration consistency. |
enabled-cipher-suites | Configures Enabled SSL ciphers. Deprecated: Where an SSLContext is referenced it should be configured with the cipher suites to be supported. | |
enabled-protocols | Configures SSL protocols. Deprecated: Where an SSLContext is referenced it should be configured with the cipher suites to be supported. | |
http2-enable-push | true | If server push is enabled for this connection. |
http2-header-table-size | 4096 | The size, in bytes, of the header table used for HPACK compression. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression. |
http2-initial-window-size | 65535 | The flow control window size, in bytes, that controls how quickly the client can send data to the server. |
http2-max-concurrent-streams | The maximum number of HTTP/2 streams that can be active at any time on a single connection. | |
http2-max-frame-size | 16384 | The maximum HTTP/2 frame size, in bytes. |
http2-max-header-list-size | The maximum size of request headers the server is prepared to accept. | |
max-buffered-request-size | 16384 | Maximum size of a buffered request, in bytesRequests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation. |
max-connections |
The maximum number of concurrent connections. If no value is set in the server configuration, the limit for the number of concurrent connections is | |
max-cookies | 100 | The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities. |
max-header-size | 1048576 | The maximum size in bytes of a HTTP request header. |
max-headers | 200 | The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities. |
max-parameters | 1000 | The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative. For example, you can potentially have max parameters * 2 total parameters. |
max-post-size | 10485760 | The maximum size of a post that will be accepted. |
no-request-timeout | 60000 | The length of time in milliseconds that the connection can be idle before it is closed by the container. |
proxy-address-forwarding | false | Enables handling of x-forwarded-host header, and other x-forwarded-* headers, and uses this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address. |
proxy-protocol | false |
Whether to use the PROXY protocol to transport connection information. If set to |
read-timeout |
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket’s next read will throw a | |
receive-buffer | The receive buffer size. | |
record-request-start-time | false | Whether to record the request start time, to allow for request time to be logged. This has a small but measurable performance impact. |
request-parse-timeout | The maximum amount of time in milliseconds that can be spent parsing the request. | |
require-host-http11 | false | Require that all HTTP/1.1 requests have a 'Host' header. If the request does not include this header it will be rejected with a 403. |
resolve-peer-address | false | Enables host DNS lookup. |
secure | false |
If this is |
security-realm |
The listener’s security realm. Deprecated: Use the | |
send-buffer | The send buffer size. | |
socket-binding | The listener’s socket binding. | |
ssl-context | Reference to the SSLContext to be used by this listener. | |
ssl-session-cache-size | The maximum number of active SSL sessions. Deprecated: This can now be configured on the Elytron security context. | |
ssl-session-timeout | The timeout for SSL sessions, in seconds. Deprecated: This can now be configured on the Elytron security context. | |
tcp-backlog | Configure a server with the specified backlog. | |
tcp-keep-alive | Configure a channel to send TCP keep-alive messages in an implementation-dependent manner. | |
url-charset | UTF-8 | URL charset. |
verify-client | NOT_REQUESTED | The desired SSL client authentication mode for SSL channels. Deprecated: Where an SSLContext is referenced it should be configured directly for the required mode of client verification. |
worker | default | The listener’s XNIO worker. |
write-timeout |
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket’s next write will throw a |
A.28. Undertow Subsystem Statistics
Name | Description |
---|---|
bytes-received | The number of bytes that have been received by this listener. |
bytes-sent | The number of bytes that have been sent out on this listener. |
error-count | The number of 500 responses that have been sent by this listener. |
max-processing-time | The maximum processing time taken by a request on this listener. |
processing-time | The total processing time of all requests handed by this listener. |
request-count | The number of requests this listener has served. |
Name | Description |
---|---|
bytes-received | The number of bytes that have been received by this listener. |
bytes-sent | The number of bytes that have been sent out on this listener. |
error-count | The number of 500 responses that have been sent by this listener. |
max-processing-time | The maximum processing time taken by a request on this listener. |
processing-time | The total processing time of all requests handed by this listener. |
request-count | The number of requests this listener has served. |
Name | Description |
---|---|
bytes-received | The number of bytes that have been received by this listener. |
bytes-sent | The number of bytes that have been sent out on this listener. |
error-count | The number of 500 responses that have been sent by this listener. |
max-processing-time | The maximum processing time taken by a request on this listener. |
processing-time | The total processing time of all requests handed by this listener. |
request-count | The number of requests this listener has served. |
A.29. Default Behavior of HTTP Methods
Compared to the web
subsystem in previous JBoss EAP releases, the undertow
subsystem in JBoss EAP 7.2 has different default behaviors of HTTP methods. The following table outlines the default behaviors in JBoss EAP 7.2.
HTTP Method | JSP | Static HTML | Static HTML by File Handler |
---|---|---|---|
GET | OK | OK | OK |
POST | OK | NOT_ALLOWED | OK |
HEAD | OK | OK | OK |
PUT | NOT_ALLOWED | NOT_ALLOWED | NOT_ALLOWED |
TRACE | NOT_ALLOWED | NOT_ALLOWED | NOT_ALLOWED |
DELETE | NOT_ALLOWED | NOT_ALLOWED | NOT_ALLOWED |
OPTIONS | NOT_ALLOWED | OK | NOT_ALLOWED |
For servlets, the default behavior depends on its implementation, except for the TRACE
method, which has a default behavior of NOT_ALLOWED
.
A.30. Remoting Subsystem Attributes
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-remoting_4_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Default | Description |
---|---|---|
worker-read-threads | 1 | The number of read threads to create for the remoting worker. |
worker-task-core-threads | 4 | The number of core threads for the remoting worker task thread pool. |
worker-task-keepalive | 60 | The number of milliseconds to keep non-core remoting worker task threads alive. |
worker-task-limit | 16384 | The maximum number of remoting worker tasks to allow before rejecting. |
worker-task-max-threads | 16 | The maximum number of threads for the remoting worker task thread pool. |
worker-write-threads | 1 | The number of write threads to create for the remoting worker. |
The above attributes of the remoting
element are deprecated. These attributes should now be configured using the io
subsystem.
Attribute | Default | Description |
---|---|---|
auth-realm | The authentication realm to use if no authentication CallbackHandler is specified. | |
authentication-retries | 3 | Specify the number of times a client is allowed to retry authentication before closing the connection. |
authorize-id | The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name. | |
buffer-region-size | The size of allocated buffer regions. | |
heartbeat-interval | 2147483647 | The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message. |
max-inbound-channels | 40 | The maximum number of concurrent inbound messages on a channel. |
max-inbound-message-size | 9223372036854775807 | The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side. |
max-inbound-messages | 80 | The maximum number of inbound channels to support for a connection. |
max-outbound-channels | 40 | The maximum number of concurrent outbound messages on a channel. |
max-outbound-message-size | 9223372036854775807 | The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side. |
max-outbound-messages | 65535 | The maximum number of outbound channels to support for a connection. |
receive-buffer-size | 8192 | The size of the largest buffer that this endpoint will accept over a connection. |
receive-window-size | 131072 | The maximum window size of the receive direction for connection channels, in bytes. |
sasl-protocol |
|
When a |
send-buffer-size | 8192 | The size of the largest buffer that this endpoint will transmit over a connection. |
server-name | The server side of the connection passes it’s name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this. | |
transmit-window-size | 131072 | The maximum window size of the transmit direction for connection channels, in bytes. |
worker |
| Worker to use |
When using the management CLI to update the endpoint
element, it is available under configuration
in the remoting
element. For example: /subsystem=remoting/configuration=endpoint/
.
Connector Attributes
The connector component has the following structure:
Attribute | Default | Description |
---|---|---|
authentication-provider |
The | |
sasl-authentication-factory | Reference to the SASL authentication factory to secure this connector. | |
sasl-protocol |
| The protocol to pass into the SASL mechanisms used for authentication. |
security-realm | The associated security realm to use for authentication for this connector. | |
server-name | The server name to send in the initial message exchange and for SASL based authentication. | |
socket-binding | The name (or names) of the socket binding(s) to attach to. | |
ssl-context | Reference to the SSL context to use for this connector. |
Attribute | Default | Description |
---|---|---|
value | The property value. |
Security Attributes
The security
component allows you to configure the security for the connector, but contains no direct configuration attributes. It can be configured using its nested components, such as sasl.
Attribute | Default | Description |
---|---|---|
include-mechanisms |
The optional nested | |
qop |
The optional nested Quality-of-protection values for this list are:
| |
reuse-session | false |
The optional nested |
server-auth | false |
The optional nested |
strength |
The optional nested Cipher strength values for this list are:
|
sasl-policy Attributes
The sasl-policy
component allows you to specify an optional policy to use to narrow down the available set of mechanisms, but contains no direct configuration attributes. It can be configured using its nested components, such as policy.
Attribute | Default | Description |
---|---|---|
forward-secrecy | true |
The optional nested |
no-active | true |
The optional nested |
no-anonymous | true |
The optional nested |
no-dictionary | true |
The optional nested |
no-plain-text | true |
The optional nested |
pass-credentials | true |
The optional nested |
HTTP Connector Attributes
The http-connector component has the following structure:
Attribute | Default | Description |
---|---|---|
authentication-provider |
The | |
connector-ref |
The name (or names) of a connector in the | |
sasl-authentication-factory | Reference to the SASL authentication factory to secure this connector. | |
sasl-protocol |
| The protocol to pass into the SASL mechanisms used for authentication. |
security-realm | The associated security realm to use for authentication for this connector. | |
server-name | The server name to send in the initial message exchange and for SASL based authentication. |
Outbound Connection Attributes
The outbound-connection
component has the following structure:
Attribute | Default | Description |
---|---|---|
uri | The connection URI for the outbound connection. |
Attribute | Default | Description |
---|---|---|
value | The property value. |
The above property
attributes are related to the XNIO Options that will be used during the connection creation.
Remote Outbound Connection
The remote-outbound-connection
component has the following structure:
Attribute | Default | Description |
---|---|---|
authentication-context | Reference to the authentication context instance containing the configuration for outbound connections. | |
outbound-socket-binding-ref |
Name of the | |
protocol |
|
The protocol to use for the remote connection. Defaults to |
security-realm |
Reference to the security realm to use to obtain the password and SSL configuration. Deprecated: Outbound security settings should be migrated to an | |
username |
The user name to use when authenticating against the remote server. Deprecated: Outbound security settings should be migrated to an |
Local Outbound Connection Attributes
The local-outbound-connection
component has the following structure:
Attribute | Default | Description |
---|---|---|
outbound-socket-binding-ref |
Name of the |
A.31. IO Subsystem Attributes
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/wildfly-io_2_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Default | Description |
---|---|---|
io-threads | The number of I/O threads to create for the worker. If not specified, the number of threads is set to the number of CPUs × 2. | |
stack-size | 0 | The stack size, in bytes, to attempt to use for worker threads. |
task-keepalive | 60000 | The number of milliseconds to keep non-core task threads alive. |
task-core-threads | 2 | The number of threads for the core task thread pool. |
task-max-threads |
The maximum number of threads for the worker task thread pool. If not specified, the maximum number of threads is set to the number of CPUs × 16, taking the |
Attribute | Default | Description |
---|---|---|
Note IO buffer pools are deprecated in JBoss EAP 7.2. While they are still set as the default in the current release, they will be replaced by Undertow byte buffer pools in a future release. See Byte Buffer Pool Attributes for the byte buffer pool attribute list. | ||
buffer-size | The size, in bytes, of each buffer slice. If not specified, the size is set based on the available RAM of your system:
For performance tuning advice on this attribute, see Configuring Buffer Pools in the JBoss EAP Performance Tuning Guide. | |
buffers-per-slice | How many slices, or sections, to divide the larger buffer into. This can be more memory efficient than allocating many separate buffers. If not specified, the number of slices is set based on the available RAM of your system:
| |
direct-buffers | Whether the buffer pool uses direct buffers, which are faster in many cases with NIO. Note that some platforms do not support direct buffers. |
A.32. JSF Module Templates
The following are example templates used for the various JSF modules required when installing a different JSF version for JBoss EAP. See Installing a JSF Implementation for full instructions.
Example: Mojarra JSF Implementation JAR module.xml
Be sure to use the appropriate values for the following replaceable variables in the template:
-
JSF_IMPL_NAME
-
JSF_VERSION
<module xmlns="urn:jboss:module:1.8" name="com.sun.jsf-impl:JSF_IMPL_NAME-JSF_VERSION"> <properties> <property name="jboss.api" value="private"/> </properties> <dependencies> <module name="javax.faces.api:JSF_IMPL_NAME-JSF_VERSION"/> <module name="javaee.api"/> <module name="javax.servlet.jstl.api"/> <module name="org.apache.xerces" services="import"/> <module name="org.apache.xalan" services="import"/> <module name="org.jboss.weld.core"/> <module name="org.jboss.weld.spi"/> <module name="javax.xml.rpc.api"/> <module name="javax.rmi.api"/> <module name="org.omg.api"/> </dependencies> <resources> <resource-root path="jsf-impl-JSF_VERSION.jar"/> </resources> </module>
Example: MyFaces JSF Implementation JAR module.xml
Be sure to use the appropriate values for the following replaceable variables in the template:
-
JSF_IMPL_NAME
-
JSF_VERSION
<module xmlns="urn:jboss:module:1.8" name="com.sun.jsf-impl:JSF_IMPL_NAME-JSF_VERSION"> <properties> <property name="jboss.api" value="private"/> </properties> <dependencies> <module name="javax.faces.api:JSF_IMPL_NAME-JSF_VERSION"> <imports> <include path="META-INF/**"/> </imports> </module> <module name="javaee.api"/> <module name="javax.servlet.jstl.api"/> <module name="org.apache.xerces" services="import"/> <module name="org.apache.xalan" services="import"/> <!-- extra dependencies for MyFaces --> <module name="org.apache.commons.collections"/> <module name="org.apache.commons.codec"/> <module name="org.apache.commons.beanutils"/> <module name="org.apache.commons.digester"/> <!-- extra dependencies for MyFaces 1.1 <module name="org.apache.commons.logging"/> <module name="org.apache.commons.el"/> <module name="org.apache.commons.lang"/> --> <module name="javax.xml.rpc.api"/> <module name="javax.rmi.api"/> <module name="org.omg.api"/> </dependencies> <resources> <resource-root path="JSF_IMPL_NAME-impl-JSF_VERSION.jar"/> </resources> </module>
Example: Mojarra JSF API JAR module.xml
Be sure to use the appropriate values for the following replaceable variables in the template:
-
JSF_IMPL_NAME
-
JSF_VERSION
<module xmlns="urn:jboss:module:1.8" name="javax.faces.api:JSF_IMPL_NAME-JSF_VERSION"> <dependencies> <module name="com.sun.jsf-impl:JSF_IMPL_NAME-JSF_VERSION"/> <module name="javax.enterprise.api" export="true"/> <module name="javax.servlet.api" export="true"/> <module name="javax.servlet.jsp.api" export="true"/> <module name="javax.servlet.jstl.api" export="true"/> <module name="javax.validation.api" export="true"/> <module name="org.glassfish.javax.el" export="true"/> <module name="javax.api"/> <module name="javax.websocket.api"/> </dependencies> <resources> <resource-root path="jsf-api-JSF_VERSION.jar"/> </resources> </module>
Example: MyFaces JSF API JAR module.xml
Be sure to use the appropriate values for the following replaceable variables in the template:
-
JSF_IMPL_NAME
-
JSF_VERSION
<module xmlns="urn:jboss:module:1.8" name="javax.faces.api:JSF_IMPL_NAME-JSF_VERSION"> <dependencies> <module name="javax.enterprise.api" export="true"/> <module name="javax.servlet.api" export="true"/> <module name="javax.servlet.jsp.api" export="true"/> <module name="javax.servlet.jstl.api" export="true"/> <module name="javax.validation.api" export="true"/> <module name="org.glassfish.javax.el" export="true"/> <module name="javax.api"/> <!-- extra dependencies for MyFaces 1.1 <module name="org.apache.commons.logging"/> <module name="org.apache.commons.el"/> <module name="org.apache.commons.lang"/> --> </dependencies> <resources> <resource-root path="myfaces-api-JSF_VERSION.jar"/> </resources> </module>
Example: Mojarra JSF Injection JAR module.xml
Be sure to use the appropriate values for the following replaceable variables in the template:
-
JSF_IMPL_NAME
-
JSF_VERSION
-
INJECTION_VERSION
-
WELD_VERSION
<module xmlns="urn:jboss:module:1.8" name="org.jboss.as.jsf-injection:JSF_IMPL_NAME-JSF_VERSION"> <properties> <property name="jboss.api" value="private"/> </properties> <resources> <resource-root path="wildfly-jsf-injection-INJECTION_VERSION.jar"/> <resource-root path="weld-core-jsf-WELD_VERSION.jar"/> </resources> <dependencies> <module name="com.sun.jsf-impl:JSF_IMPL_NAME-JSF_VERSION"/> <module name="java.naming"/> <module name="java.desktop"/> <module name="org.jboss.as.jsf"/> <module name="org.jboss.as.web-common"/> <module name="javax.servlet.api"/> <module name="org.jboss.as.ee"/> <module name="org.jboss.as.jsf"/> <module name="javax.enterprise.api"/> <module name="org.jboss.logging"/> <module name="org.jboss.weld.core"/> <module name="org.jboss.weld.api"/> <module name="javax.faces.api:JSF_IMPL_NAME-JSF_VERSION"/> </dependencies> </module>
Example: MyFaces JSF Injection JAR module.xml
Be sure to use the appropriate values for the following replaceable variables in the template:
-
JSF_IMPL_NAME
-
JSF_VERSION
-
INJECTION_VERSION
-
WELD_VERSION
<module xmlns="urn:jboss:module:1.8" name="org.jboss.as.jsf-injection:JSF_IMPL_NAME-JSF_VERSION"> <properties> <property name="jboss.api" value="private"/> </properties> <resources> <resource-root path="wildfly-jsf-injection-INJECTION_VERSION.jar"/> <resource-root path="weld-jsf-WELD_VERSION.jar"/> </resources> <dependencies> <module name="com.sun.jsf-impl:JSF_IMPL_NAME-JSF_VERSION"/> <module name="javax.api"/> <module name="org.jboss.as.web-common"/> <module name="javax.servlet.api"/> <module name="org.jboss.as.jsf"/> <module name="org.jboss.as.ee"/> <module name="org.jboss.as.jsf"/> <module name="javax.enterprise.api"/> <module name="org.jboss.logging"/> <module name="org.jboss.weld.core"/> <module name="org.jboss.weld.api"/> <module name="org.wildfly.security.elytron"/> <module name="javax.faces.api:JSF_IMPL_NAME-JSF_VERSION"/> </dependencies> </module>
Example: MyFaces commons-digester JAR module.xml
Be sure to use the appropriate value for the VERSION
replaceable variable in the template.
<module xmlns="urn:jboss:module:1.5" name="org.apache.commons.digester">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="commons-digester-VERSION.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.apache.commons.collections"/>
<module name="org.apache.commons.logging"/>
<module name="org.apache.commons.beanutils"/>
</dependencies>
</module>
A.33. JGroups Subsystem Attributes
See the tables below for the attributes of the various elements of the jgroups
subsystem.
Attribute names in these tables are listed as they appear in the management model, for example, when using the management CLI. See the schema definition file located at EAP_HOME/docs/schema/jboss-as-jgroups_5_0.xsd
to view the elements as they appear in the XML, as there may be differences from the management model.
Attribute | Default | Description |
---|---|---|
default-channel | ee | The default JGroups channel. |
default-stack | The default JGroups protocol stack. |
Channel Attributes
The channel element has the following structure:
fork
-
protocol
-
-
protocol
channel Attributes
Attribute | Default | Description |
---|---|---|
cluster | The cluster name of the JGroups channel. If undefined, the name of the channel will be used. | |
module | org.wildfly.clustering.server | The module from which to load channel services. |
stack | The protocol stack of the JGroups channel. | |
statistics-enabled | false | Whether statistics are enabled. |
stats-enabled | false |
Whether statistics are enabled. Deprecated: Use the |
Stack Attributes
The stack element has the following structure:
stack Attributes
Attribute | Default | Description |
---|---|---|
statistics-enabled | false | Indicates whether or not all protocols in the stack will collect statistics. |
protocol Attributes
For a list of commonly used protocols, see the JGroups Protocols section.
Attribute | Default | Description |
---|---|---|
module | org.jgroups | The module with which to resolve the protocol type. |
properties | Properties of this protocol. | |
statistics-enabled | false | Indicates whether or not this protocol will collect statistics, overriding the stack configuration. |
relay Attributes
Attribute | Default | Description |
---|---|---|
module | org.jgroups | The module with which to resolve the protocol type. |
properties | Properties of this protocol. | |
site | The name of the local site. | |
statistics-enabled | false | Indicates whether or not this protocol will collect statistics, overriding the stack configuration. |
remote-site Attributes
Attribute | Default | Description |
---|---|---|
channel | The name of the bridge channel used to communicate with this remote site. | |
cluster |
The cluster name of the bridge channel to this remote site. Deprecated: Use an explicitly defined | |
stack |
The stack from which to create a bridge to this remote site. Deprecated: Use an explicitly defined |
transport Attributes
Attribute | Default | Description |
---|---|---|
default-executor |
The thread pool executor to handle incoming messages. Deprecated: Configure the predefined | |
diagnostics-socket-binding | The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication. | |
machine | Machine, or host, identifier for this node. Used by Infinispan’s topology-aware consistent hash. | |
module | org.jgroups | Module with which to resolve the protocol type. |
oob-executor |
The thread pool executor to handle incoming out-of-band messages. Deprecated: Configure the predefined | |
properties | Properties of this transport. | |
rack | Rack, such as the server rack, identifier for this node. Used by Infinispan’s topology-aware consistent hash. | |
shared | false |
If |
site | Site, such as the data center, identifier for this node. Used by Infinispan’s topology-aware consistent hash. | |
socket-binding | The socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication. | |
statistics-enabled | false | Indicates whether or not this protocol will collect statistics, overriding the stack configuration. |
thread-factory |
The thread factory to use for handling asynchronous transport-specific tasks. Deprecated: Configure the predefined | |
timer-executor |
The thread pool executor to handle protocol-related timing tasks. Deprecated: Configure the predefined |
thread-pool Attributes
Attribute | Default | Description |
---|---|---|
keepalive-time | 5000L | The amount of milliseconds that pool threads should be kept running when idle. If not specified, then threads will run until the executor is shut down. |
max-threads | 4 | The maximum thread pool size. |
min-threads | 2 |
The core thread pool size, which is smaller than |
queue-length | 500 | The queue length. |
A.34. JGroups Protocols
Protocol | Protocol Type | Description |
---|---|---|
ASYM_ENCRYPT | Encryption | Uses a secret key, stored in a coordinator on the cluster, for encrypting messages between cluster members. |
AUTH | Authentication | Provides a layer of authentication to cluster members. |
azure.AZURE_PING | Discovery | Supports node discovery using Microsoft Azure’s blob storage. |
FD_ALL | Failure Detection | Provides failure detection based on a simple heartbeat protocol. |
FD_SOCK | Failure Detection | Provides failure detection based on a ring of TCP sockets created between cluster members. |
JDBC_PING | Discovery | Discovers cluster members by using a shared database where members write their address. |
MERGE3 | Merge | Merges the subclusters together in the event of a cluster split. |
MFC | Flow Control | Provides multicast flow control between a sender and all cluster members. |
MPING | Discovery | Discovers cluster members with IP multicast. |
pbcast.GMS | Group Membership |
Handles group membership, including new members joining the cluster, leave requests by existing members, and |
pbcast.NAKACK2 | Message Transmission | Ensures message reliability and order, guaranteeing that all messages sent by one sender will be received in the order they were sent. |
pbcast.STABLE | Message Stability | Deletes messages that have been seen by all members. |
PING | Discovery | Initial discovery of members, with support for dynamic discovery of cluster members. |
SASL | Authentication | Provides a layer of authentication to cluster members using SASL mechanisms. |
SYM_ENCRYPT | Encryption | Uses a shared keystore for encrypting messages between cluster members. |
S3_PING | Discovery | Uses Amazon S3 to discover initial members. |
TCPGOSSIP | Discovery | Discovers cluster members by using an external gossip router. |
TCPPING | Discovery | Contains a static list of cluster member’s addresses to form the cluster. |
UFC | Flow Control | Provides unicast flow control between a sender and all cluster members |
UNICAST3 | Message Transmission | Ensures message reliability and order for unicast messages, guaranteeing that all messages sent by one sender will be received in the order they were sent. |
VERIFY_SUSPECT | Failure Detection | Verifies that a suspected member has died by pinging the member one final time before evicting it. |
Generic Protocol Attributes
All of the protocols have access to the following attributes.
Attribute | Default | Description |
---|---|---|
module | org.jgroups | The module with which to resolve the protocol type. |
properties | Properties of this protocol. | |
statistics-enabled | false | Whether statistics are enabled. |
Authentication Protocols
The authentication protocols are used to perform authentication, and are primarily responsible for ensuring that only authenticated members can join the cluster. These protocols sit below the GMS
protocol, so that they may listen for requests to join the cluster.
AUTH Attributes
While the AUTH
protocol contains no additional attributes, it must have a token defined as a child element.
When defining this protocol, the auth-protocol
element is used instead of the protocol
element.
Token Types
When using Elytron for security, it is recommended to use one of the following authentication tokens. These authentication tokens were intentionally designed for use with Elytron, and may not be used with legacy security configurations.
Token | Description |
---|---|
cipher-token | An authentication token where the shared secret is transformed. RSA is the default algorithm used for the transformation. |
digest-token | An authentication token where the shared secret is transformed. SHA-256 is the default algorithm used for the transformation. |
plain-token | An authentication token with no additional transformations to the shared secret. |
The following authentication tokens are inherited from JGroups, and are eligible for use in any configuration where authentication is desired.
Token | Description |
---|---|
MD5Token | An authentication token where the shared secret is encrypted using either an MD5 or SHA hash. MD5 is the default algorithm used for the encryption. |
SimpleToken | An authentication token with no additional transformations to the shared secret. This token is case-insensitive, and case is not considered when determining if strings match. |
X509Token | An authentication token where the shared secret is encrypted using an X509 certificate. |
SASL Attributes
Attribute | Default | Description |
---|---|---|
client_callback_handler |
The class name of the | |
client_name | The name to use when a node acts as a client. This name will also be used to obtain the subject if using a JAAS login module. | |
client_password | The password to use when a node acts as a client. This password will also be used to obtain the subject if using a JAAS login module. | |
login_module_name |
The name of the JAAS login module to use as a subject for creating the SASL client and server. This attribute is only required by certain | |
mech |
The name of the SASL authentication mechanism. This name can be any mechanism supported by the local SASL provider, and the JDK supplies | |
sasl_props |
Properties of the defined | |
server_callback_handler |
The class name of the | |
server_name | The fully qualified server name. | |
timeout | 5000 | The number of milliseconds to wait for a response to a challenge. |
Discovery Protocols
The following protocols are used to find an initial membership for the cluster, which can then be used to determine the current coordinator. A list of the discovery protocols are below.
- AZURE_PING
- JDBC_PING
- MPING
- PING
- S3_PING
- TCPGOSSIP
- TCPPING
AZURE_PING Attributes
Attribute | Default | Description |
---|---|---|
container | The name of the blob container to use for PING data. This must be a valid DNS name. | |
storage_access_key | The secret access key for the storage account. | |
storage_account_name | The name of the Microsoft Azure storage account that contains your blob container. |
JDBC_PING Attributes
Attribute | Default | Description |
---|---|---|
data-source | Datasource reference, to be used instead of the connection and JNDI lookup properties. |
When defining a JDBC_PING
protocol, the jdbc-protocol
element is used instead of the protocol
element.
S3_PING Attributes
Attribute | Default | Description |
---|---|---|
access_key | The Amazon S3 access key used to access an S3 bucket. | |
host | s3.amazonaws.com | Destination of the S3 web service. |
location | Name of the Amazon S3 bucket to use. The bucket must exist and use a unique name. | |
pre_signed_delete_url | The pre-signed URL to be used for the DELETE operation. | |
port |
| The port on which the web service is listening. |
pre_signed_put_url | The pre-signed URL to be used for the PUT operation. | |
prefix |
If set, and | |
secret_access_key | The Amazon S3 secret access key used to access an S3 bucket. | |
use_ssl | true | Determines if SSL is used when contacting the host and port combination. |
TCPGOSSIP Attributes
Attribute | Default | Description |
---|---|---|
socket-binding |
The socket binding specification for this protocol layer. Deprecated: Use | |
socket-bindings | The outbound socket bindings for this protocol. |
When defining a TCPGOSSIP
protocol, the socket-discovery-protocol
element is used instead of the protocol
element.
TCPPING Attributes
Attribute | Default | Description |
---|---|---|
socket-binding |
The socket binding specification for this protocol layer. Deprecated: Use | |
socket-bindings | The outbound socket bindings for this protocol. |
When defining a TCPPING
protocol, the socket-discovery-protocol
element is used instead of the protocol
element.
Encrypt Protocols
The following protocols are used to secure the communication stack. Encryption is based on a shared secret key that all members of the cluster have. This key is either acquired from a shared keystore, when using SYM_ENCRYPT
or from a public/private key exchange, when using ASYM_ENCRYPT
. When defining any of the following protocols an encrypt-protocol
element is created in the resulting XML.
If using ASYM_ENCRYPT
, then the same stack must have an AUTH
protocol defined. The AUTH
protocol is optional when using SYM_ENCRYPT
.
ASYM_ENCRYPT Attributes
Attribute | Default | Description |
---|---|---|
key-alias | The alias of the encryption key from the specified keystore. | |
key-credential-reference | The credentials required to obtain the encryption key from the keystore. | |
key-store | A reference to |