128 lines
6.0 KiB
XML
128 lines
6.0 KiB
XML
<Server>
|
|
|
|
<!-- Use a custom version of StandardService that allows the
|
|
connectors to be started independent of the normal lifecycle
|
|
start to allow web apps to be deployed before starting the
|
|
connectors.
|
|
-->
|
|
<Service name="jboss.web"
|
|
className="org.jboss.web.tomcat.tc5.StandardService">
|
|
|
|
<!-- A HTTP/1.1 Connector on port 8080 -->
|
|
<Connector port="@ADEMPIERE_WEB_PORT@" address="${jboss.bind.address}"
|
|
maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
|
|
emptySessionPath="true"
|
|
enableLookups="false" redirectPort="@ADEMPIERE_SSL_PORT@" acceptCount="100"
|
|
connectionTimeout="20000" disableUploadTimeout="true"/>
|
|
|
|
<!-- A AJP 1.3 Connector on port 8009 -->
|
|
<Connector port="8009" address="${jboss.bind.address}"
|
|
emptySessionPath="true" enableLookups="false" redirectPort="8443"
|
|
protocol="AJP/1.3"/>
|
|
|
|
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
|
|
<Connector port="@ADEMPIERE_SSL_PORT@" address="${jboss.bind.address}"
|
|
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
|
|
emptySessionPath="true"
|
|
scheme="https" secure="true" clientAuth="false"
|
|
keystoreFile="@ADEMPIERE_KEYSTORE@"
|
|
keystorePass="@ADEMPIERE_KEYSTOREPASS@"
|
|
sslProtocol = "TLS" />
|
|
|
|
<Engine name="jboss.web" defaultHost="localhost">
|
|
|
|
<!-- The JAAS based authentication and authorization realm implementation
|
|
that is compatible with the jboss 3.2.x realm implementation.
|
|
- certificatePrincipal : the class name of the
|
|
org.jboss.security.auth.certs.CertificatePrincipal impl
|
|
used for mapping X509[] cert chains to a Princpal.
|
|
-->
|
|
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
|
|
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
|
|
/>
|
|
<!-- A subclass of JBossSecurityMgrRealm that uses the authentication
|
|
behavior of JBossSecurityMgrRealm, but overrides the authorization
|
|
checks to use JACC permissions with the current java.security.Policy
|
|
to determine authorized access.
|
|
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
|
|
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
|
|
/>
|
|
-->
|
|
|
|
<Host name="localhost"
|
|
autoDeploy="false" deployOnStartup="false" deployXML="false">
|
|
|
|
<!-- Uncomment to enable request dumper. This Valve "logs interesting
|
|
contents from the specified Request (before processing) and the
|
|
corresponding Response (after processing). It is especially useful
|
|
in debugging problems related to headers and cookies."
|
|
-->
|
|
<!--
|
|
<Valve className="org.apache.catalina.valves.RequestDumperValve" />
|
|
-->
|
|
|
|
<!-- Access logger -->
|
|
<!--
|
|
<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
|
|
prefix="localhost_access_log." suffix=".log"
|
|
pattern="common" directory="${jboss.server.home.dir}/log"
|
|
resolveHosts="false" />
|
|
-->
|
|
|
|
<!-- Uncomment to enable single sign-on across web apps
|
|
deployed to this host. Does not provide SSO across a cluster.
|
|
|
|
If this valve is used, do not use the JBoss ClusteredSingleSignOn
|
|
valve shown below.
|
|
-->
|
|
<!--
|
|
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
|
-->
|
|
|
|
<!-- Uncomment to enable single sign-on across web apps
|
|
deployed to this host AND to all other hosts in the cluster
|
|
with the same virtual hostname.
|
|
|
|
If this valve is used, do not use the standard Tomcat SingleSignOn
|
|
valve shown above.
|
|
|
|
This valve uses JGroups to communicate across the cluster. The
|
|
JGroups Channel used for this communication can be configured
|
|
by editing the "sso-channel.xml" file found in the same folder
|
|
as this file. If this valve is running on a machine with multiple
|
|
IP addresses, configuring the "bind_addr" property of the JGroups
|
|
UDP protocol may be necessary. Another possible configuration
|
|
change would be to enable encryption of intra-cluster communications.
|
|
See the sso-channel.xml file for more details.
|
|
|
|
Besides the attributes supported by the standard Tomcat
|
|
SingleSignOn valve (see the Tomcat docs), this version also supports
|
|
the following attribute:
|
|
|
|
partitionName the name of the cluster partition in which
|
|
this node participates. If not set, the default
|
|
value is "sso-partition/" + the value of the
|
|
"name" attribute of the Host element that
|
|
encloses this element (e.g. "sso-partition/localhost")
|
|
-->
|
|
<!--
|
|
<Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
|
|
-->
|
|
|
|
<!-- Uncomment to check for unclosed connections and transaction terminated checks
|
|
in servlets/jsps.
|
|
Important: You need to uncomment the dependency on the CachedConnectionManager
|
|
in META-INF/jboss-service.xml
|
|
<Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
|
|
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
|
|
transactionManagerObjectName="jboss:service=TransactionManager" />
|
|
-->
|
|
|
|
</Host>
|
|
|
|
</Engine>
|
|
|
|
</Service>
|
|
|
|
</Server>
|