169 lines
8.2 KiB
XML
169 lines
8.2 KiB
XML
<Server>
|
|
|
|
<!--APR library loader. Documentation at /docs/apr.html -->
|
|
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
|
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
|
|
<Listener className="org.apache.catalina.core.JasperListener" />
|
|
|
|
<!-- Use a custom version of StandardService that allows the
|
|
connectors to be started independent of the normal lifecycle
|
|
start to allow web apps to be deployed before starting the
|
|
connectors.
|
|
-->
|
|
<Service name="jboss.web">
|
|
|
|
<!-- A "Connector" represents an endpoint by which requests are received
|
|
and responses are returned. Documentation at :
|
|
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
|
|
Java AJP Connector: /docs/config/ajp.html
|
|
APR (HTTP/AJP) Connector: /docs/apr.html
|
|
Define a non-SSL HTTP/1.1 Connector on port 8080
|
|
-->
|
|
<Connector port="@ADEMPIERE_WEB_PORT@" address="${jboss.bind.address}"
|
|
maxThreads="250" maxHttpHeaderSize="8192"
|
|
emptySessionPath="true" protocol="HTTP/1.1"
|
|
enableLookups="false" redirectPort="@ADEMPIERE_SSL_PORT@" acceptCount="100"
|
|
connectionTimeout="20000" disableUploadTimeout="true" />
|
|
|
|
<!-- Define a SSL HTTP/1.1 Connector on port 8443
|
|
This connector uses the JSSE configuration, when using APR, the
|
|
connector should be using the OpenSSL style configuration
|
|
described in the APR documentation -->
|
|
<Connector port="@ADEMPIERE_SSL_PORT@" protocol="HTTP/1.1" SSLEnabled="true"
|
|
maxThreads="150" scheme="https" secure="true"
|
|
clientAuth="false"
|
|
keystoreFile="@ADEMPIERE_KEYSTORE@"
|
|
keystorePass="@ADEMPIERE_KEYSTOREPASS@"
|
|
sslProtocol="TLS" />
|
|
|
|
<!-- Define an AJP 1.3 Connector on port 8009 -->
|
|
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
|
|
emptySessionPath="true" enableLookups="false" redirectPort="8443" />
|
|
|
|
<Engine name="jboss.web" defaultHost="localhost">
|
|
|
|
<!-- The JAAS based authentication and authorization realm implementation
|
|
that is compatible with the jboss 3.2.x realm implementation.
|
|
- certificatePrincipal : the class name of the
|
|
org.jboss.security.auth.certs.CertificatePrincipal impl
|
|
used for mapping X509[] cert chains to a Princpal.
|
|
- allRolesMode : how to handle an auth-constraint with a role-name=*,
|
|
one of strict, authOnly, strictAuthOnly
|
|
+ strict = Use the strict servlet spec interpretation which requires
|
|
that the user have one of the web-app/security-role/role-name
|
|
+ authOnly = Allow any authenticated user
|
|
+ strictAuthOnly = Allow any authenticated user only if there are no
|
|
web-app/security-roles
|
|
-->
|
|
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
|
|
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
|
|
allRolesMode="authOnly"
|
|
/>
|
|
<!-- A subclass of JBossSecurityMgrRealm that uses the authentication
|
|
behavior of JBossSecurityMgrRealm, but overrides the authorization
|
|
checks to use JACC permissions with the current java.security.Policy
|
|
to determine authorized access.
|
|
- allRolesMode : how to handle an auth-constraint with a role-name=*,
|
|
one of strict, authOnly, strictAuthOnly
|
|
+ strict = Use the strict servlet spec interpretation which requires
|
|
that the user have one of the web-app/security-role/role-name
|
|
+ authOnly = Allow any authenticated user
|
|
+ strictAuthOnly = Allow any authenticated user only if there are no
|
|
web-app/security-roles
|
|
<Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
|
|
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
|
|
allRolesMode="authOnly"
|
|
/>
|
|
-->
|
|
|
|
<Host name="localhost"
|
|
autoDeploy="false" deployOnStartup="false" deployXML="false"
|
|
configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
|
|
>
|
|
|
|
<!-- Uncomment to enable request dumper. This Valve "logs interesting
|
|
contents from the specified Request (before processing) and the
|
|
corresponding Response (after processing). It is especially useful
|
|
in debugging problems related to headers and cookies."
|
|
-->
|
|
<!--
|
|
<Valve className="org.apache.catalina.valves.RequestDumperValve" />
|
|
-->
|
|
|
|
<!-- Access logger -->
|
|
<!--
|
|
<Valve className="org.apache.catalina.valves.AccessLogValve"
|
|
prefix="localhost_access_log." suffix=".log"
|
|
pattern="common" directory="${jboss.server.log.dir}"
|
|
resolveHosts="false" />
|
|
-->
|
|
|
|
<!-- Uncomment to enable single sign-on across web apps
|
|
deployed to this host. Does not provide SSO across a cluster.
|
|
|
|
If this valve is used, do not use the JBoss ClusteredSingleSignOn
|
|
valve shown below.
|
|
|
|
A new configuration attribute is available beginning with
|
|
release 4.0.4:
|
|
|
|
cookieDomain configures the domain to which the SSO cookie
|
|
will be scoped (i.e. the set of hosts to
|
|
which the cookie will be presented). By default
|
|
the cookie is scoped to "/", meaning the host
|
|
that presented it. Set cookieDomain to a
|
|
wider domain (e.g. "xyz.com") to allow an SSO
|
|
to span more than one hostname.
|
|
-->
|
|
<!--
|
|
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
|
-->
|
|
|
|
<!-- Uncomment to enable single sign-on across web apps
|
|
deployed to this host AND to all other hosts in the cluster.
|
|
|
|
If this valve is used, do not use the standard Tomcat SingleSignOn
|
|
valve shown above.
|
|
|
|
Valve uses a JBossCache instance to support SSO credential
|
|
caching and replication across the cluster. The JBossCache
|
|
instance must be configured separately. By default, the valve
|
|
shares a JBossCache with the service that supports HttpSession
|
|
replication. See the "jboss-web-cluster-service.xml" file in the
|
|
server/all/deploy directory for cache configuration details.
|
|
|
|
Besides the attributes supported by the standard Tomcat
|
|
SingleSignOn valve (see the Tomcat docs), this version also
|
|
supports the following attributes:
|
|
|
|
cookieDomain see above
|
|
|
|
treeCacheName JMX ObjectName of the JBossCache MBean used to
|
|
support credential caching and replication across
|
|
the cluster. If not set, the default value is
|
|
"jboss.cache:service=TomcatClusteringCache", the
|
|
standard ObjectName of the JBossCache MBean used
|
|
to support session replication.
|
|
-->
|
|
<!--
|
|
<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
|
|
-->
|
|
|
|
<!-- Check for unclosed connections and transaction terminated checks
|
|
in servlets/jsps.
|
|
|
|
Important: The dependency on the CachedConnectionManager
|
|
in META-INF/jboss-service.xml must be uncommented, too
|
|
-->
|
|
<Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
|
|
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
|
|
transactionManagerObjectName="jboss:service=TransactionManager" />
|
|
|
|
</Host>
|
|
|
|
</Engine>
|
|
|
|
</Service>
|
|
|
|
</Server>
|