From e116770933e0827f1ec2fbb41a9abd0423ccb75e Mon Sep 17 00:00:00 2001 From: Cheryl King Date: Fri, 25 Aug 2023 15:41:32 -0500 Subject: [PATCH] Post process schema (#206) * remove anyAttribute from default and generated xsds if no extraProperties * Update cached schema --- .../lemminx/LibertyXSDURIResolver.java | 6 + .../lemminx/services/DockerService.java | 5 + .../langserver/lemminx/util/DocumentUtil.java | 125 + .../src/main/resources/formatxsd.xsl | 11 + .../xsd/liberty/server-cached-23006.xsd | 83319 ++++++++-------- .../java/io/openliberty/DocumentUtilTest.java | 55 + lemminx-liberty/src/test/resources/sample.xsd | 271 + 7 files changed, 41714 insertions(+), 42078 deletions(-) create mode 100644 lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/util/DocumentUtil.java create mode 100644 lemminx-liberty/src/main/resources/formatxsd.xsl create mode 100644 lemminx-liberty/src/test/java/io/openliberty/DocumentUtilTest.java create mode 100644 lemminx-liberty/src/test/resources/sample.xsd diff --git a/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/LibertyXSDURIResolver.java b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/LibertyXSDURIResolver.java index c2a27277..ed5ca0fd 100644 --- a/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/LibertyXSDURIResolver.java +++ b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/LibertyXSDURIResolver.java @@ -29,6 +29,7 @@ import io.openliberty.tools.langserver.lemminx.services.DockerService; import io.openliberty.tools.langserver.lemminx.services.LibertyProjectsManager; import io.openliberty.tools.langserver.lemminx.services.LibertyWorkspace; +import io.openliberty.tools.langserver.lemminx.util.DocumentUtil; import io.openliberty.tools.langserver.lemminx.util.LibertyUtils; public class LibertyXSDURIResolver implements URIResolverExtension, IExternalGrammarLocationProvider { @@ -159,6 +160,11 @@ private String generateServerSchemaXsd(LibertyWorkspace libertyWorkspace, Path s return null; } + if (xsdDestFile.exists()) { + // do some post processing to remove the anyAttribute element from parent element if there is no extraProperties sibling + DocumentUtil.removeExtraneousAnyAttributeElements(xsdDestFile); + } + LOGGER.info("Caching schema file with URI: " + xsdDestFile.toURI().toString()); } catch (Exception e) { LOGGER.warning(e.getMessage()); diff --git a/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/services/DockerService.java b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/services/DockerService.java index 6a26fff4..1fb6a814 100644 --- a/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/services/DockerService.java +++ b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/services/DockerService.java @@ -21,6 +21,7 @@ import java.util.concurrent.TimeUnit; import java.util.logging.Logger; +import io.openliberty.tools.langserver.lemminx.util.DocumentUtil; import io.openliberty.tools.langserver.lemminx.util.LibertyUtils; public class DockerService { @@ -124,6 +125,10 @@ public String generateServerSchemaXsdFromContainer(LibertyWorkspace libertyWorks if (!xsdFile.exists()) { return null; } + + // do some post processing to remove the anyAttribute element from parent element if there is no extraProperties sibling + DocumentUtil.removeExtraneousAnyAttributeElements(xsdFile); + LOGGER.info("Using schema file at: " + xsdFile.toURI().toString()); return xsdFile.toURI().toString(); } diff --git a/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/util/DocumentUtil.java b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/util/DocumentUtil.java new file mode 100644 index 00000000..c842f1ed --- /dev/null +++ b/lemminx-liberty/src/main/java/io/openliberty/tools/langserver/lemminx/util/DocumentUtil.java @@ -0,0 +1,125 @@ +/******************************************************************************* +* Copyright (c) 2023 IBM Corporation and others. +* +* This program and the accompanying materials are made available under the +* terms of the Eclipse Public License v. 2.0 which is available at +* http://www.eclipse.org/legal/epl-2.0. +* +* SPDX-License-Identifier: EPL-2.0 +* +* Contributors: +* IBM Corporation - initial API and implementation +*******************************************************************************/ + +package io.openliberty.tools.langserver.lemminx.util; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStreamWriter; +import java.util.ArrayList; +import java.util.List; +import java.util.logging.Logger; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; + +public class DocumentUtil { + private static final Logger LOGGER = Logger.getLogger(DocumentUtil.class.getName()); + + public static Document getDocument(File inputFile) throws Exception { + try { + DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); + docFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); + docFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + docFactory.setNamespaceAware(true); + DocumentBuilder docBuilder = docFactory.newDocumentBuilder(); + return docBuilder.parse(inputFile); + } catch (Exception e) { + LOGGER.warning("Error creating document from xml file: " + inputFile.getAbsolutePath() +" exception: "+e.getMessage()); + throw e; + } + } + + public static void writeDocToXmlFile(Document doc, File inputFile) throws Exception { + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + // Need to use this xsl to prevent extra lines in the updated xsd file. It is a known issue in Java 9 and up that is not going to be fixed. + // It was a design decision. Ref link: https://bugs.openjdk.org/browse/JDK-8262285?attachmentViewMode=list + InputStream is = DocumentUtil.class.getClassLoader().getResourceAsStream("formatxsd.xsl"); + Transformer transformer = transformerFactory.newTransformer(new StreamSource(is)); + transformer.setOutputProperty(OutputKeys.METHOD, "xml"); + transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty(OutputKeys.STANDALONE, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); + transformer.setOutputProperty(OutputKeys.DOCTYPE_PUBLIC, "yes"); + + doc.setXmlStandalone(true); + DOMSource source = new DOMSource(doc); + StreamResult file = new StreamResult(new OutputStreamWriter(new FileOutputStream(inputFile), "UTF-8")); + transformer.transform(source, file); + } + + public static void removeExtraneousAnyAttributeElements(File schemaFile) { + try { + Document doc = getDocument(schemaFile); + boolean updated = false; + + List anyAttrElements = getElementsByName(doc,"anyAttribute"); + for (Element anyAttr : anyAttrElements) { + Node anyAttrParent = anyAttr.getParentNode(); + // if the parent node does not contain a element, remove the anyAttribute element + if (anyAttrParent != null && anyAttrParent.getNodeType() == Node.ELEMENT_NODE) { + Element anyAttrParentElement = (Element) anyAttrParent; + NodeList extraPropertiesList = anyAttrParentElement.getElementsByTagNameNS("*", "extraProperties"); + if (extraPropertiesList == null || extraPropertiesList.getLength() == 0) { + if (anyAttrParent.removeChild(anyAttr) != null) { + updated = true; + } + } + } + } + + if (updated) { + writeDocToXmlFile(doc, schemaFile); + LOGGER.info("Finished post processing of schema file: "+schemaFile.getCanonicalPath()); + } + } catch (Exception e) { + LOGGER.warning("Received exception during post processing of schema file "+schemaFile.getAbsolutePath()+" : "+e.getMessage()); + } + } + + public static List getElementsByName(Document doc, String name) { + List elements = new ArrayList(); + try { + doc.getDocumentElement().normalize(); + NodeList nList = doc.getElementsByTagNameNS("*", name); + if (nList != null) { + for (int temp = 0; temp < nList.getLength(); temp++) { + + Node nNode = nList.item(temp); + + if (nNode.getNodeType() == Node.ELEMENT_NODE) { + + Element elem = (Element) nNode; + elements.add(elem); + } + } + } + } catch (Exception e) { + LOGGER.warning("Exception received while parsing "+ doc.getDocumentURI() +": "+e.getMessage()); + } + return elements; + } +} diff --git a/lemminx-liberty/src/main/resources/formatxsd.xsl b/lemminx-liberty/src/main/resources/formatxsd.xsl new file mode 100644 index 00000000..3941269f --- /dev/null +++ b/lemminx-liberty/src/main/resources/formatxsd.xsl @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/lemminx-liberty/src/main/resources/schema/xsd/liberty/server-cached-23006.xsd b/lemminx-liberty/src/main/resources/schema/xsd/liberty/server-cached-23006.xsd index e8ace949..4e797355 100644 --- a/lemminx-liberty/src/main/resources/schema/xsd/liberty/server-cached-23006.xsd +++ b/lemminx-liberty/src/main/resources/schema/xsd/liberty/server-cached-23006.xsd @@ -1,42078 +1,41241 @@ - - - - - Defines the properties of a web application. - - Web Application - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start After - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - - - - - - - - - - - - - - - - - - - - - - Location of an application expressed as an absolute path or a path relative to the server-level apps directory. - - Location - - - - - - Name of an application. - - Name - - - - - - Indicates whether or not the server automatically starts the application. - - Automatically start - - - - - - Enables use of Jandex index files if they are supplied in the application - - Use Jandex - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start after - application - webApplication - enterpriseApplication - ejbApplication - resourceAdapter - springBootApplication - - - - - - Defines the settings for an application classloader. - - Classloader - classloader - - - - - - Context root of an application. - - Application context root - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines the properties of an enterprise application. - - Enterprise Application - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start After - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Location of an application expressed as an absolute path or a path relative to the server-level apps directory. - - Location - - - - - - Name of an application. - - Name - - - - - - Indicates whether or not the server automatically starts the application. - - Automatically start - - - - - - Enables use of Jandex index files if they are supplied in the application - - Use Jandex - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start after - application - webApplication - enterpriseApplication - ejbApplication - resourceAdapter - springBootApplication - - - - - - Defines the settings for an application classloader. - - Classloader - classloader - - - - - - Default client module of an enterprise application. - - Default client module - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a trust association interceptor. - - Trust Association Interceptor - - - - - - A reference to the ID of the shared library configuration. - - Shared Library - - - - - - - - - Enables or disables the interceptor. - - Enable interceptor - - - - - - Fully-qualified package name of the interceptor class. - - Class name - - - - - - Invoke an interceptor before single sign-on (SSO). - - Invoke an interceptor before SSO - - - - - - Invoke an interceptor after single sign-on (SSO). - - Invoke an interceptor after SSO - - - - - - A reference to the ID of the shared library configuration. - - Shared library - library - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Controls the operation of the trust association interceptor (TAI). - - Trust Association Interceptor - - - - - - - - - Controls whether the TAI is invoked for an unprotected URI. - - Invoke TAI for unprotected URI - - - - - - Allow an interceptor to fall back to the application authentication mechanism. - - Allow fall back to application authentication - - - - - - Reserved for the future use. - - Continue after TAI for an unprotected URI - - - - - - Do not create an LTPA cookie for the trust association interceptor (TAI). - - Disable LTPA cookie - - - - - - Select whether to initialize the trust association interceptor (TAI) at the first incoming request or at the server startup. The default is to initialize the TAI at the server startup. - - Initialize the TAI at the first incoming request - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Collection of properties for the interceptor. - - Interceptor Properties - - - - - - - - - Collection of properties for the interceptor. - - Interceptor properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the remote host TCP/IP address of the client application that sent the HTTP request, for example, remoteAddress id="sample" ip="100.100.100.99" matchType="greaterThan". - - Remote Address - - - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - Greater than - - - - - Less than - - - - - - - - - - Specifies the remote host TCP/IP address. - - IP address - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the HTTP request URL, for example, requestUrl id="sample" urlPattern="/account/checking|/account/saving" matchType="contains". - - Request URL - - - - - - - - Specifies the URL pattern. The * character is not supported to be used as a wildcard. - - URL pattern - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the HTTP request header attribute name, for example, requestHeader id="sample" name="email" value="Kevin@yahoo.com|Steven@gmail.com" matchType="contains". - - Request Header - - - - - - - - Specifies the name. - - Name - - - - - - The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains". - - Value - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the user agent, for example, userAgent id="sample" agent="Mozilla/5.0" matchType="contains". - - User Agent - - - - - - - - Specifies the browser's user agent to help identify which browser is being used. - - Agent - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the name of the cookie that the client sends in the HTTP request, for example, cookie id="sample" name="LtpaToken2" matchType="equals". If the cookie element is configured and there is no cookie in the HttpServletRequest, then the authentication filter sets the cookie name to blank. - - Cookie - - - - - - - - Specifies the name. - - Name - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the web application name, for example, webApp id="sample" name="app1|app2" matchType="notContain". - - Web Application - - - - - - - - Specifies the name. - - Name - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the hostname, for example, host id="sample" name="host.mycomp.com" matchType="contains". - - Host - - - - - - - - Specifies the name. - - Name - - - - - - Specifies the match type. - - Match type - - - - - - - - - Equals - - - - - Contains - - - - - Not contain - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies a selection rule that represents conditions that are matched against the HTTP request headers. If all conditions are met, the HTTP request is selected for the authentication. When the value for the matchType attribute is notContain or contains, the filter supports a piped list of values. - - Authentication Filter - - - - - - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Properties that control the behavior of the application manager - - Application Manager - - - - - - - - Enables automatic extraction of WAR files and EAR files - - Automatically expand applications - - - - - - Enables use of Jandex index files if they are supplied in the application - - Use Jandex - - - - - - Specifies how long the server waits for an application to start before it considers it slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Start timeout - - - - - - Specifies how long the server waits for an application to stop before it considers it slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Stop timeout - - - - - - The expandLocation attribute enables a user to set the location where the autoExpanded application is located. The default location is ${server.config.dir}/apps/expanded/. - - Expand location - - - - - - - - - Defines how the server responds to application additions, updates, and deletions. - - Application Monitoring - - - - - - - - Rate at which the server checks for application additions, updates, and deletions. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Application update polling rate - - - - - - Location of the application drop-in directory expressed as an absolute path or a path relative to the server directory. - - Application drop-in directory - - - - - - Monitor the drop-in directory for application additions, updates, and deletions. - - Monitor application drop-in directory - - - - - - Application update method or trigger. - - Application update trigger - - - - - - - - - Server will scan for application changes at the polling interval and update any applications that have detectable changes. - - - - - Server will only update applications when prompted by an MBean called by an external program such as an integrated development environment or a management application. - - - - - Disables all update monitoring. Application changes will not be applied while the server is running. - - - - - - - - - - - - - Defines the properties of an application. - - Application - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start After - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Location of an application expressed as an absolute path or a path relative to the server-level apps directory. - - Location - - - - - - Name of an application. - - Name - - - - - - Type of application archive. - - Application type - - - - - - Context root of an application. - - Application context root - - - - - - Indicates whether or not the server automatically starts the application. - - Automatically start - - - - - - Enables use of Jandex index files if they are supplied in the application - - Use Jandex - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start after - application - webApplication - enterpriseApplication - ejbApplication - resourceAdapter - springBootApplication - - - - - - Defines the settings for an application classloader. - - Classloader - classloader - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Global classloading - - Classloading - - - - - - - - Whether to use jar: or wsjar: URLs for referencing files in archives - - Use jar: URLs - - - - - - - - - The default implementation of the audit file handler which emits audit events to a text file. - - Default Audit File Handler - - - - - - A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log. - - Event - - - - - - Location of the keystore containing the certificate used to encrypt the audit records. - - Audit Encryption Keystore Reference - - - - - - Location of keystore that contains the personal certificate that is used to sign the audit records. - - Audit Signing Keystore Location - - - - - - - A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log. - - Event - auditEvent - - - - - - The maximum size, in MB, of each audit file log. - - Audit file log size - - - - - - - - - - - - - - - - Maximum number of audit file logs to save before the oldest audit file log is wrapped. If an enforced maximum file size exists, this setting is used to determine how many of each of the logs files are kept. - - Maximum number of audit file logs - - - - - - - - - - - - - - - - Location where the audit file log(s) will be written to. If not specified, the audit logs are written to the default log location for the server, WLP_OUTPUT_DIR/serverName/logs. - - Audit file location - - - - - - Indicates whether the audit records in the audit file log will be signed. Default behavior is to not sign the audit records. - - Sign the audit records in the audit log file - - - - - - Indicates whether the audit records in the audit file log will be encrypted. Default behavior is to not encrypt the audit records. - - Encrypt the audit records in the audit file log - - - - - - Alias name of the certificate that is used to encrypt the audit records. - - Alias name of certificate for encrypting - - - - - - Location of the keystore containing the certificate used to encrypt the audit records. - - Audit encryption keystore reference - keyStore - - - - - - Alias name of the personal certificate that is used to sign the audit records. - - Alias name of personal certificate for signing - - - - - - Location of keystore that contains the personal certificate that is used to sign the audit records. - - Audit signing keystore location - keyStore - - - - - - When set to true, the entire audit record, which is in JSON format, will be printed on one line within the audit log. - - Compact json record format - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Collection of login module options. - - Login Module Options - - - - - - - - - Collection of login module options. - - Login module options - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The JAAS login context entry configuration. - - JAAS Login Context Entry - - - - - - - - Name of a JAAS configuration entry. - - Entry name - - - - - - A reference to the ID of a JAAS login module. - - Login module reference - jaasLoginModule - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A login module in the JAAS configuration. - - JAAS Login Module - - - - - - A reference to the ID of the resource adapter or application that provides the JAAS login module class. Specify this configuration attribute only if you do not specify a shared library reference. - - Class Provider - - - - - - A reference to the ID of the shared library configuration. - - Shared Library - - - - - - A collection of JAAS Login module options - - JAAS Login Module Options - - - - - - - Fully-qualified package name of the JAAS login module class. - - Class name - - - - - - The login module's control flag. Valid values are REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL. - - Login module control flag - - - - - - - - - This LoginModule is REQUIRED as per the JAAS specification. The LoginModule is required to succeed. - - - - - This LoginModule is REQUISITE as per the JAAS specification. The LoginModule is required to succeed. If authentication fails, no other LoginModules will be called and control is returned to the caller. - - - - - This LoginModule is SUFFICIENT as per the JAAS specification. The LoginModule is not required to succeed. If authentication is successful, no other LoginModules will be called and control is returned to the caller. - - - - - This LoginModule is OPTIONAL as per the JAAS specification. The LoginModule is not required to succeed. - - - - - - - - - - A reference to the ID of the resource adapter or application that provides the JAAS login module class. Specify this configuration attribute only if you do not specify a shared library reference. - - Class provider - application - webApplication - enterpriseApplication - ejbApplication - resourceAdapter - springBootApplication - - - - - - A reference to the ID of the shared library configuration. - - Shared library - library - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Overrides defaults that are specified in the root attributes of requestTiming for JDBC requests. - - JDBC Timing - - - - - - - - The name of the datasource that is being monitored. The datasource name is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all datasource names are monitored. - - Datasource name - - - - - - The SQL statement that is being monitored. The SQL statement is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all SQL statements are monitored. - - Query name - - - - - - Duration of time that a JDBC request can run before being considered slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Slow request threshold - - - - - - Duration of time that a JDBC request can run before being considered hung. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Hung request threshold - - - - - - Indicates whether thread dumps are created when a hung request is detected. When this value is set to true (default), thread dumps are created. When set to false, thread dumps are not created. - - Enable thread dumps - - - - - - Indicates whether a JDBC request that is hung is to be interrupted. A value of true causes the requestTiming-1.0 feature to attempt to interrupt the hung request. A value of false allows the request to continue to run. - - Interrupt hung requests - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Overrides defaults that are specified in the root attributes of requestTiming for servlet requests. - - Servlet Timing - - - - - - - - The name of the application that is being monitored. The application name is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all applications are monitored. - - Application name - - - - - - The name of the servlet that is being monitored. The servlet name is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all servlets are monitored. - - Servlet name - - - - - - Duration of time that a servlet request can run before being considered slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Slow request threshold - - - - - - Duration of time that a servlet request can run before being considered hung. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Hung request threshold - - - - - - Indicates whether thread dumps are created when a hung request is detected. When this value is set to true (default), thread dumps are created. When set to false, thread dumps are not created. - - Enable thread dumps - - - - - - Indicates whether a servlet request that is hung is to be interrupted. A value of true causes the requestTiming-1.0 feature to attempt to interrupt the hung request. A value of false allows the request to continue to run. - - Interrupt hung requests - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A member of a Basic User Registry group. - - Group Member - - - - - - - - Name of a user in a Basic User Registry group. - - User name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A simple XML-based user registry. - - Basic User Registry - - - - - - A user in a Basic User Registry. - - User - - - - - - A group in a Basic User Registry. - - Group - - - - - - - The realm name represents the user registry. - - Realm name - - - - - - Allow case-insensitive user name authentication. - - Case-insensitive authentication - - - - - - Specifies the X.509 certificate authentication mapping mode for the basic registry: PRINCIPAL_CN, CUSTOM, or NOT_SUPPORTED. - - Certificate map mode - - - - - - - - - The basic registry attempts to authenticate the X.509 certificate by mapping the PrincipalName value in the X.509 certificate to the exact distinguished name (DN) in the repository. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. - - - - - The basic registry attempts to authenticate the X.509 certificate by using the custom X509CertificateMapper implementation that is specified by the certificateMapperId attribute. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. - - - - - The LDAP registry does not support X.509 certificate authentication. Attempts to authenticate with an X.509 certificate fail, and a CertificateMapNotSupportedException exception is thrown. - - - - - - - - - - Specifies the X509CertificateMapper to use when the X.509 certificate authentication mapping mode is CUSTOM. The value must match the value of the 'x509.certificate.mapper.id' property that is specified for the X509CertificateMapper implementation. - - Certificate mapper ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A group in a Basic User Registry. - - Group - - - - - - A member of a Basic User Registry group. - - Group Member - - - - - - - Name of a group in a Basic User Registry. - - Group name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A user in a Basic User Registry. - - User - - - - - - - - Name of a user in a Basic User Registry. - - User name - - - - - - Password of a user in a Basic User Registry. The value can be stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option. - - Password - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configures the Batch persistence store. - - Batch Persistence - - - - - - Persistent store for batch data. - - Batch Persistent Store - - - - - - - Persistent store for batch data. - - Batch persistent store reference - databaseStore - - - - - - - - - Configures the Batch JMS dispatcher. - - Batch JMS Dispatcher - - - - - - The identifier of the JMS connection factory that the Batch dispatcher should use to obtain JMS connections. - - JMS Connection Factory - - - - - - The identifier of the JMS queue that the Batch JMS dispatcher uses to send JMS messages. - - JMS Queue - - - - - - - The identifier of the JMS connection factory that the Batch dispatcher should use to obtain JMS connections. - - Batch dispatcher connection factory reference - jmsConnectionFactory - - - - - - The identifier of the JMS queue that the Batch JMS dispatcher uses to send JMS messages. - - Batch dispatcher queue reference - jmsQueue - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configures the Batch JMS executor. - - Batch JMS Executor - - - - - - The identifier of the JMS activation specification that the Batch executor uses to create JMS listeners. - - JMS Activation Specification - - - - - - The identifier of the JMS queue that the Batch activation specification uses to listen for batch JMS messages. - - JMS Queue - - - - - - The identifier of the JMS connection factory that the Batch executor should user to obtain JMS connections. - - JMS Connection Factory - - - - - - The name of the operation group - - Group name - - - - - - - The identifier of the JMS activation specification that the Batch executor uses to create JMS listeners. - - Batch activation specification reference - jmsActivationSpec - - - - - - The identifier of the JMS queue that the Batch activation specification uses to listen for batch JMS messages. - - Batch executor queue reference - jmsQueue - - - - - - The identifier of the JMS connection factory that the Batch executor should user to obtain JMS connections. - - Batch executor reply connection factory reference - jmsConnectionFactory - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configure the Batch JMS events. - - Batch JMS Events - - - - - - The identifier of the JMS connection factory. - - JMS Connection Factory - - - - - - - The identifier of the JMS connection factory. - - Batch events connection factory reference - jmsConnectionFactory - - - - - - The root of the batch JMS event topic tree. The default topic tree root value is 'batch'. - - JMS event topic root - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - This feature enables the configuration of Basic Extensions using Liberty Libraries (BELL). A BELL enables the server runtime to be extended using shared libraries. - - BELL - - - - - - The library to use for the BELL. - - Library - - - - - - The name of the service that the system will look up in the /META-INF/services folder. If not specified, the system discovers all services located in the META-INF/services folder. - - Service type - - - - - - Name="Value" pairs the system will pass to a service implementation at creation and update. The service implementation class must declare a public constructor, or a public method named updateBell, with a single parameter of type java.util.Map<String, String>. - - Properties - - - - - - - The library to use for the BELL. - - The library reference - library - - - - - - Indicates whether the system makes feature SPI packages visible to the library referenced by the BELL. Enable SPI visibility whenever the BELL provides services that use feature SPI. - - Enable SPI visibility - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Name="Value" pairs the system will pass to a service implementation at creation and update. The service implementation class must declare a public constructor, or a public method named updateBell, with a single parameter of type java.util.Map<String, String>. - - Properties - - - - - - - - - Name="Value" pairs the system will pass to a service implementation at creation and update. The service implementation class must declare a public constructor, or a public method named updateBell, with a single parameter of type java.util.Map<String, String>. - - Properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Binary trace options. The binary trace can be viewed using the logViewer command. - - Binary Trace - - - - - - - - Specifies the maximum size for the binary trace repository in megabytes. When the value for purgeMaxSize is specified with a value of more than 0, cleanup based on repository size is enabled, otherwise it is disabled; a value of 0 means no limit. - - Maximum repository size - com.ibm.hpel.trace.purgeMaxSize - - - - - - - - - - - - - - - - Specifies the duration, in hours, after which a server can remove a trace record. When the value for purgeMinTime is specified with a value of more than 0, cleanup based on trace record age is enabled, otherwise it is disabled; a value of 0 means no limit. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h. - - Minimum retention time - com.ibm.hpel.trace.purgeMinTime - - - - - - Makes the server close the active trace file and start a new one at the specified hour of the day. When the value for fileSwitchTime is specified, file switching is enabled, otherwise it is disabled. - - Hour of the day to switch file - com.ibm.hpel.trace.fileSwitchTime - - - - - - - - - - - - - - - - - - Specifies whether to allow a small delay in saving records to the disk for improved performance. When bufferingEnabled is set to true, records will be briefly held in memory before being written to disk. - - Enable output buffering - com.ibm.hpel.trace.bufferingEnabled - - - - - - Specifies the action to perform when the file system where records are kept runs out of free space. When outOfSpaceAction is set to "StopLogging" the server will stop tracing when records are not able to be written to disk. When this attribute is set to "PurgeOld" the server will attempt to delete the oldest records from the binary trace repository to make space for new records. When this attribute is set to "StopServer" binary trace will stop the server when records cannot be written. - - Action if data can't be stored - com.ibm.hpel.trace.outOfSpaceAction - - - - - - - - - Stop Server - - - - - Remove old records - - - - - Stop Logging - - - - - - - - - - - - - Binary logging options. The binary log can be viewed using the logViewer command. - - Binary Log - - - - - - - - Specifies the maximum size for the binary log repository in megabytes. When the value for purgeMaxSize is specified with a value of more than 0, cleanup based on repository size is enabled, otherwise it is disabled; a value of 0 means no limit. - - Maximum repository size - com.ibm.hpel.log.purgeMaxSize - - - - - - - - - - - - - - - - Specifies the duration, in hours, after which a server can remove a log record. When the value for purgeMinTime is specified with a value of more than 0, cleanup based on log record age is enabled, otherwise it is disabled; a value of 0 means no limit. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h. - - Minimum retention time - com.ibm.hpel.log.purgeMinTime - - - - - - Makes the server close the active log file and start a new one at the specified hour of the day. When the value for fileSwitchTime is specified, file switching is enabled, otherwise it is disabled. - - Hour of the day to switch file - com.ibm.hpel.log.fileSwitchTime - - - - - - - - - - - - - - - - - - Specifies whether to allow a small delay in saving records to the disk for improved performance. When bufferingEnabled is set to true, records will be briefly held in memory before being written to disk. - - Enable output buffering - com.ibm.hpel.log.bufferingEnabled - - - - - - Specifies the action to perform when the file system where records are kept runs out of free space. When outOfSpaceAction is set to "StopLogging" the server will stop logging when records are not able to be written to disk. When this attribute is set to "PurgeOld" the server will attempt to delete the oldest records from the binary log repository to make space for new records. When this attribute is set to "StopServer" the binary log will stop the server when records cannot be written. - - Action if data can't be stored - com.ibm.hpel.log.outOfSpaceAction - - - - - - - - - Stop Server - - - - - Remove old records - - - - - Stop Logging - - - - - - - - - - - - - Controls the built-in authentication service configuration. - - Authentication - - - - - - - - Enables the authentication cache. - - Enable authentication cache - - - - - - Allow an application to login with just an identity in the hashtable properties. Use this option only when you have applications that require this and have other means to validate the identity. - - Allow hashtable login with ID only - - - - - - Specifies whether to return displayName for programmatic APIs like getRemoteUser, getCallerPrincipal, getUserPrincipal when using Custom User Registry. - - Use displayName as securityName in customUR - - - - - - - - - Controls the operation of the authentication cache. - - Authentication Cache - - - - - - The JCache cache reference that is used as the authentication cache. - - JCache Cache Reference - - - - - - - The initial number of entries that are supported by the in-memory authentication cache. This setting does not apply to the JCache cache. - - Initial cache size - - - - - - - - - - - - - - - - The maximum number of entries that are supported by the in-memory authentication cache. This setting does not apply to the JCache cache. - - Maximum cache size - - - - - - - - - - - - - - - - The duration until an entry in the in-memory authentication cache is removed. This setting does not apply to the JCache cache. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Cache eviction timeout - - - - - - Allow lookup by user ID and hashed password. - - Allow lookup by user ID and hashed password - - - - - - The JCache cache reference that is used as the authentication cache. - - JCache cache reference - cache - - - - - - - - - System-wide settings for Kerberos authentication - - Kerberos - - - - - - - - The path of the keytab file that is used to obtain the principal's secret key. If unspecified, the keytab from the Kerberos configuration file is used. If a keytab file is not specified in the Kerberos configuration file, then the location {user.home}/krb5.keytab is checked. - - Kerberos keytab file - - - - - - The location of an MIT style krb5.conf configuration file. The location is passed to the JDK implementation of the Kerberos APIs by using the java.security.krb5.conf system property. If unspecified, the krb5.conf file is searched for according to the JDK implementation of the Kerberos APIs. - - Kerberos conf file - - - - - - - - - Defines the behavior of the Contexts and Dependency Injection (CDI). - - Contexts And Dependency Injection - - - - - - - - The implicit bean archives are scanned for any bean discoveries. The default value is true. Only applies to CDI 1.2 or newer. - - Enable scanning implicit bean archives - - - - - - CDI 4.0 and later consider an archive with an empty beans.xml file to be an implicit bean archive (bean-discovery-mode=ANNOTATED). This property allows an empty beans.xml file to be treated as it was in CDI 3.0 (bean-discovery-mode=ALL). The default value is false. Only applies to CDI 4.0 or newer. - - CDI 3.0 compatibility for empty beans.xml files - - - - - - - - - Defines the behavior of the Contexts and Dependency Injection (CDI) v1.2 or newer. - - Contexts And Dependency Injection V1.2 Or Newer - - - - - - - - The implicit bean archives are scanned for any bean discoveries. The default value is true. - - Enable scanning implicit bean archives - - - - - - - - - Defines channel and chain management settings. - - Channel Framework - - - - - - - - Time interval between start retries. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Chain restart interval - - - - - - Number of retry attempts to make per chain. - - Chain restart attempts - - - - - - - - - - - - - - - - Default amount of time to wait while quiescing chains. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Quiesce timeout - - - - - - Amount of time to wait before notifying of a missing factory configuration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Warning wait time - - - - - - - - - Defines TCP protocol settings. - - TCP Options - - - - - - - - Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Inactivity timeout - - - - - - Enables immediate rebind to a port with no active listener. - - SO_REUSEADDR socket option - - - - - - A comma-separated list of addresses that are allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000". - - Address include list - - - - - - A comma-separated list of addresses that are not allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000". - - Address exclude list - - - - - - A comma-separated list of host names that are allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid. - - Host name include list - - - - - - A comma-separated list of host names that are not allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid. - - Host name exclude list - - - - - - Number of retries to open a TCP/IP port during server startup. There will be a one second delay between retries, until the opening is successful or the port open retry number is reached. - - Port open retries - - - - - - - - - - - - - - - - - - If true, then listening ports do not share the same thread for accepting connections. Otherwise, they share the same thread. - - Accept thread - - - - - - Defines the maximum number of connections allowed to be open on this endpoint. - - Max open connections - - - - - - Queries whether this TCP Channel will delay accepting connections until the server starts. If false, connections are closed until the server starts. If true, the value for the acceptThread tcpOption is also set to true, and connections are delayed until the server starts. - - Wait to accept - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Classloader context propagation configuration. - - Classloader Context - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - List of library references. Library class instances are unique to this classloader, independent of class instances from other classloaders. - - Library - - - - - - List of library references. Library class instances are shared with other classloaders. - - Shared Library - - - - - - List of class provider references. When searching for classes or resources, this class loader will delegate to the specified class providers after searching its own class path. - - Class Provider - - - - - - - Controls whether parent classloader is used before or after this classloader. If parent first is selected then delegate to immediate parent before searching the classpath. If parent last is selected then search the classpath before delegating to the immediate parent. - - Delegation - - - - - - - - - Parent first - - - - - Parent last - - - - - - - - - - List of library references. Library class instances are unique to this classloader, independent of class instances from other classloaders. - - Library references - library - - - - - - List of library references. Library class instances are shared with other classloaders. - - Shared library references - library - - - - - - List of class provider references. When searching for classes or resources, this class loader will delegate to the specified class providers after searching its own class path. - - Class provider references - resourceAdapter - - - - - - The types of API packages that this class loader supports. This value is a comma-separated list of any combination of the following API packages: spec, ibm-api, api, stable, third-party. If a prefix of pass:[+] or - is added to API types, those API types are added or removed, respectively, from the default set of API types. Common usage for the prefix, pass:[+]third-party, results in "spec, ibm-api, api, stable, third-party". The prefix, -api, results in "spec, ibm-api, stable". - - Allowed API types - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Folder containing resources such as .properties and .class files - - Folder - - - - - - - - Directory or folder to be included in the library classpath for locating resource files - - Folder - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Add a file to be included in this library - - File - - - - - - - - Fully qualified filename - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Shared Library - - Shared Library - - - - - - Id of referenced Fileset - - Fileset - - - - - - Id of referenced folder - - Folder - - - - - - Id of referenced File - - File - - - - - - - Name of shared library for administrators - - Name - - - - - - Description of shared library for administrators - - Description - - - - - - Id of referenced Fileset - - Fileset reference - fileset - - - - - - The types of API packages that this class loader supports. This value is a comma-separated list of any combination of the following API packages: spec, ibm-api, api, stable, third-party. - - Allowed API types - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for a Cloudant Database. - - Cloudant Database - - - - - - Specifies the builder for the Cloudant Client that will be used when connecting to this database. - - Cloudant Builder - - - - - - - Specifies the builder for the Cloudant Client that will be used when connecting to this database. - - Cloudant builder reference - cloudant - - - - - - Indicates that the Cloudant Client should create the database if it does not already exist. - - Create database - - - - - - Name of the database. - - Database name - - - - - - JNDI name. - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for a Cloudant Builder. A Cloudant Builder creates Cloudant Client instances, which can connect to a Cloudant Database. - - Cloudant Builder - Additional properties for more advanced usage. - - - - - - Specifies a library that contains the Cloudant Client library and its dependencies. - - Cloudant Java Driver Library - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Default Container Managed Authentication Data - - - - - - Specifies the SSL configuration that is needed to establish a secure connection. - - Secure Socket Layer - - - - - - - - - Specifies a library that contains the Cloudant Client library and its dependencies. - - Cloudant client java driver library reference - library - - - - - - Disables host name verification and certificate chain validation. - - Disable SSL authentication - - - - - - - JNDI name. - - JNDI name - jndiName - - - - - - URL for the Cloudant server, which includes the host and port. - - URL - - - - - - Account name used to connect to a Cloudant database. - - Account name - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Default container managed authentication data - authData - - - - - - The Cloudant user ID used to log in and access your databases. - - Cloudant user ID - - - - - - Password corresponding to your Cloudant user ID. - - Password - - - - - - The timeout to establish a connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Connection timeout - - - - - - - The maximum number of concurrent connections that a Cloudant Client can make to the host. - - Maximum connections - - - - - - - - - - - - - - - - - The URL of a proxy server to use when connecting to a Cloudant server. - - Proxy URL - - - - - - - User name for a proxy server to use when connecting to a Cloudant server. - - Proxy user - - - - - - - Password corresponding to the user name for a proxy server to use when connecting to a Cloudant server. - - Proxy password - - - - - - - Timeout value to wait for a response from an established client connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Read timeout - - - - - - - Specifies the SSL configuration that is needed to establish a secure connection. - - Secure socket layer reference - - - ssl - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Authentication alias for a connection to an Enterprise Information System (EIS) or database. - - Authentication Data - - - - - - - - Name of the user to use when connecting to the EIS. - - User name - - - - - - Password of the user to use when connecting to the EIS. The value can be stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option. - - Password - - - - - - The name of the Kerberos principal name or Kerberos service name to be used. - - Kerberos principal name - - - - - - The file location where Kerberos credentials for the Kerberos principal name or service name will be stored. Also known as the Kerberos credential cache (ccache) - - Kerberos ticket cache - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A set of behaviors and constraints that are applied to tasks that are capable of asynchronous execution, such as maximum concurrency and maximum queue size. - - Concurrency Policy - - - - - - - - Indicates whether to loosely or strictly enforce maximum concurrency for tasks that run on the task submitter's thread. Tasks can run on the task submitter's thread when using the untimed invokeAll method, or, if only invoking a single task, the untimed invokeAny method. If the run-if-queue-full attribute is configured, it is also possible for tasks to run the task submitter's thread when using the execute and submit methods. In all of these cases, this attribute determines whether or not running on the submitter's thread counts against the maximum concurrency. - - Maximum policy - - - - - - - - - Maximum concurrency is loosely enforced. Tasks are allowed to run on the task submitter's thread without counting against maximum concurrency. - - - - - Maximum concurrency is strictly enforced. Tasks that run on the task submitter's thread count towards maximum concurrency. This policy does not allow tasks to run on the task submitter's thread when already at maximum concurrency. - - - - - - - - - - Specifies the maximum duration of time to wait for enqueuing a task. If unable to enqueue the task within this interval, the task submission is subject to the run-if-queue-full policy. When the maximum wait for enqueue is updated, the update applies only to tasks submitted after that point. Tasks submissions that were already waiting for a queue position continue to wait per the previously configured value. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Maximum wait for enqueue - - - - - - Applies when using the <execute> or <submit> methods. Indicates whether or not to run the task on the submitter's thread when the queue is full and the maximum wait for enqueue was exceeded. If the maximum policy is configured to strict, the ability to run on the submitter's thread is additionally contingent on the maximum concurrency constraint. If the task cannot run on the submitter's thread, the task submission is rejected after the maximum wait for enqueue elapses. - - Run if queue full - - - - - - Specifies the maximum number of tasks that can run simultaneously. The default is Integer.MAX_VALUE. Maximum concurrency can be updated while tasks are in progress. If the maximum concurrency is reduced below the number of concurrently running tasks, the update goes into effect gradually as in-progress tasks complete, rather than canceling them. - - Maximum concurrency - - - - - - - - - - - - - - - - Specifies the maximum number of tasks that can be in the queue waiting for execution. As tasks are started, canceled, or aborted, they are removed from the queue. When the queue is at capacity and another task is submitted, the behavior is determined by the maximum wait for enqueue and run-if-queue-full attributes. To ensure that a specific number of tasks can be queued within a short interval of time, use a maximum queue size that is at least as large as that amount. The default maximum queue size is Integer.MAX_VALUE. Maximum queue size can be updated while tasks are both in progress or queued for execution. If the maximum queue size is reduced below the current number of queued tasks, the update goes into effect gradually rather than automatically canceling the excess queued tasks. - - Maximum queue size - - - - - - - - - - - - - - - - Specifies the maximum amount of time that may elapse between the task submission and the task start. By default, tasks do not time out. If both a maximum wait for enqueue and a start timeout are enabled, configure the start timeout to be larger than the maximum wait for enqueue. When the start timeout is updated while in use, the new start timeout value applies to tasks submitted after the update occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Start timeout - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Managed executor service - - Managed Executor - - - - - - Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. - - Concurrency Policy - - - - - - Configures how context is propagated to threads - - Thread Context Propagation - - - - - - Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. - - Long Running Policy - - - - - - - Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. - - Concurrency policy - concurrencyPolicy - - - - - - Configures how context is propagated to threads - - Context propagation reference - contextService - - - - - - JNDI name - - JNDI name - jndiName - - - - - - Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. - - Long running policy - concurrencyPolicy - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Managed thread factory - - Managed Thread Factory - - - - - - Configures how context is propagated to threads - - Thread Context Propagation - - - - - - - Configures how context is propagated to threads - - Context propagation reference - contextService - - - - - - Configures whether or not threads created by the managed thread factory should be daemon threads. - - Create daemon threads - - - - - - Default priority for threads created by the managed thread factory. If unspecified, the priority of the creating thread is used. Priority cannot exceed the maximum priority for the managed thread factory, in which case the maximum priority is used instead. - - Default thread priority - - - - - - - - - - - - - - - - - - JNDI name - - JNDI name - jndiName - - - - - - Maximum priority for threads created by the managed thread factory. - - Maximum thread priority - - - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configures how context is propagated to threads - - Thread Context Propagation - Additional properties for more advanced usage. - - - - - - Specifies a base context service from which to inherit context that is not already defined on this context service. - - Base Context - - - - - - - - - - - - - - Determines the action to take in response to configuration errors. For example, if securityContext is configured for this contextService, but the security feature is not enabled, then onError determines whether to fail, raise a warning, or ignore the parts of the configuration which are incorrect. - - Action to take on error - onError - - - - - - - - - Server will issue warning and error messages when it incurs a configuration error. - - - - - Server will issue a warning or error message on the first error occurrence and then stop the server. - - - - - Server will not issue any warning and error messages when it incurs a configuration error. - - - - - - - - - - Specifies a base context service from which to inherit context that is not already defined on this context service. - - Base instance from which to inherit context - - contextService - - - - - - JNDI name - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Managed scheduled executor service - - Managed Scheduled Executor - - - - - - Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. - - Concurrency Policy - - - - - - Configures how context is propagated to threads - - Thread Context Propagation - - - - - - Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. - - Long Running Policy - - - - - - - Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. - - Concurrency policy - concurrencyPolicy - - - - - - Configures how context is propagated to threads - - Context propagation reference - contextService - - - - - - JNDI name - - JNDI name - jndiName - - - - - - Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. - - Long running policy - concurrencyPolicy - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Controls the operation of constrained delegation. - - Constrained Delegation - - - - - - - - Indicate by true or false whether s4U2self is enabled. - - Enable s4U2self - - - - - - - - - Makes the namespace of the application component that submits a contextual task available to the task. - - Java EE Application Component Context - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for a CouchDB Connector. - - CouchDB - - - - - - Specifies a library that contains the CouchDB Client library and its dependencies. - - CouchDB Client Java Driver Library - - - - - - - Specifies a library that contains the CouchDB Client library and its dependencies. - - CouchDB client java driver library reference - library - - - - - - The CouchDB User ID used to log-in and access your DBs. - - CouchDB user id - - - - - - Password corresponding to your Couchdb User ID. - - Password - - - - - - JNDI name for a CouchDB instance. - - Jndi name - jndiName - - - - - - URL for the CouchDB server, which includes the host and port. - - URL - - - - - - Host name for the CouchDB server. - - Host - - - - - - Port number for the CouchDB server. - - Port - - - - - - The maximum number of concurrent connections to the host. - - Maximum connections - - - - - - The timeout to establish a connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Connection timeout - - - - - - The duration to wait for a response. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Socket timeout - - - - - - Enables SSL when connecting to CouchDB. - - Enable SSL - - - - - - Enables relaxed SSL settings which allows the trust manager to accept any host and certificate. - - Relaxed ssl setting - - - - - - Allows loading documents from http client's cache if it exists and the revision has not changed since last access. - - Caching - - - - - - The maximum number of cache entries for the http client. - - Maximum cache entries - - - - - - - - - - - - - - - - Sets the maximum size for a stored document. - - Maximum object size in bytes - - - - - - - - - - - - - - - - Use Expect Continue header in request when making requests to CouchDB. - - Use expect continue - - - - - - Closes connections automatically when they are considered idle. - - Cleanup idle connections - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configure how to trust the client. - - Transport Layer - - - - - - - - Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP. - - SSL enabled - - - - - - Specify the SSL configuration needed to establish a secure connection. - - SSL reference - ssl - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify the port and SSL options for an IIOPS socket using the host of the enclosing iiopEndpoint element. - - Secure IIOP Port Options - - - - - - - - Specify the port to be configured with the SSL options. - - Port to be secured - - - - - - Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Session timeout - - - - - - Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly. If disabled, the message and console logs do not record handshake errors, and the trace log records handshake errors when SSL Channel tracing is on. - - Suppress SSL handshake errors - - - - - - The default SSL configuration repertoire. The default value is defaultSSLConfig. - - Default SSL repertoire - ssl - - - - - - The timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - SSL session timeout - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify the CSIv2 layers like transport, authentication, and attribute. - - Layers - - - - - - Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests. - - Attribute Layer - - - - - - Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests. - - Authentication Layer - - - - - - Configure how to trust the client. - - Transport Layer - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests. - - Attribute Layer - - - - - - Specify the supported identity token types for identity assertion. - - Identity assertion token types - - - - - - - - - Assert an ITTAnonymous identity token - - - - - Assert an ITTPrincipalName identity token - - - - - Assert an ITTX509CertChain identity token - - - - - Assert an ITTDistinguishedName identity token - - - - - - - - - - - Indicate by true or false whether identity assertion is enabled. Default is false. - - Identity assertion enabled - - - - - - Specify a pipe (|)-separated list of server identities, which are trusted to perform identity assertion to this server. A value of “*” is also accepted to indicate implicit trust (trust anyone). - - Trusted identities - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Common Secure Interoperability Version 2 (CSIv2) for outgoing Internet Inter-ORB Protocol (IIOP) requests. - - Client CSIv2 - - - - - - Specify the CSIv2 layers like transport, authentication, and attribute. - - Layers - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Determine the attribute layer options to be performed by the client for outgoing CSIv2 requests. - - Attribute Layer - - - - - - Specify the supported identity token types for identity assertion. - - Identity assertion token types - - - - - - - - - Assert an ITTAnonymous identity token - - - - - Assert an ITTPrincipalName identity token - - - - - Assert an ITTX509CertChain identity token - - - - - Assert an ITTDistinguishedName identity token - - - - - - - - - - - Indicate by true or false whether identity assertion is enabled. Default is false. - - Identity assertion enabled - - - - - - The trusted identity used to assert an entity to the remote server. - - Trusted identity - - - - - - Specify the password that is used with the trusted identity. - - Password - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify the CSIv2 layers like transport, authentication, and attribute. - - Layers - - - - - - Determine the attribute layer options to be performed by the client for outgoing CSIv2 requests. - - Attribute Layer - - - - - - Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. - - Authentication Layer - - - - - - Configure how to trust the client. - - Transport Layer - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Common Secure Interoperability Version 2 (CSIv2) for incoming Internet Inter-ORB Protocol (IIOP) requests. - - Server CSIv2 - - - - - - Specify the CSIv2 layers like transport, authentication, and attribute. - - Layers - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests. - - Authentication Layer - - - - - - Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA - - Authentication mechanisms - - - - - - - Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer. - - Establish trust in client - - - - - - - - - The association option is required - - - - - The association option is supported - - - - - The association option must not be used - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. - - Authentication Layer - - - - - - Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA - - Authentication mechanisms - - - - - - - Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer. - - Establish trust in client - - - - - - - - - The association option is required - - - - - The association option is supported - - - - - The association option must not be used - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Common Secure Interoperability Version 2 (CSIv2) for outgoing Internet Inter-ORB Protocol (IIOP) requests. - - Client Container CSIv2 - - - - - - Specify the CSIv2 layers like transport, authentication, and attribute. - - Layers - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configure how to trust the client. - - Transport Layer - - - - - - - - Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP. - - SSL enabled - - - - - - Specify the SSL configuration needed to establish a secure connection. - - SSL reference - ssl - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify the CSIv2 layers like transport, authentication, and attribute. - - Layers - - - - - - Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. - - Authentication Layer - - - - - - Configure how to trust the client. - - Transport Layer - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. - - Authentication Layer - - - - - - Specifies authentication mechanisms as a comma separated list. For example: GSSUP - - Authentication mechanisms - - - - - - - Specify if this association option is Supported, Required, or Never used for this layer. It indicates the authentication requirements at the authentication layer. - - Establish trust in client - - - - - - - - - The association option is required - - - - - The association option is supported - - - - - The association option must not be used - - - - - - - - - - The user name that is used to login to the remote server. - - User name - - - - - - The user password that is used with the user name. - - User password - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines the properties of an EJB application. - - EJB Application - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start After - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - - - - - - - - - - - - - - Location of an application expressed as an absolute path or a path relative to the server-level apps directory. - - Location - - - - - - Name of an application. - - Name - - - - - - Context root of an application. - - Application context root - - - - - - Indicates whether or not the server automatically starts the application. - - Automatically start - - - - - - Enables use of Jandex index files if they are supplied in the application - - Use Jandex - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start after - application - webApplication - enterpriseApplication - ejbApplication - resourceAdapter - springBootApplication - - - - - - Defines the settings for an application classloader. - - Classloader - classloader - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines the behavior of the EJB timer service. - - EJB Timer Service - - - - - - - Schedules and runs EJB persistent timer tasks. - - EJB Persistent Timers Scheduled Executor - - - - - - The context service is used to manage context propagation to non-persistent timer method threads. - - Non-persistent Timer Thread Context Propagation - - - - - - - - Number of minutes after the scheduled expiration of a timer that the start of the timer will be considered late. When a timer does start late, a warning message will be logged indicating that the timer has started later than scheduled. The default threshold is 5 minutes and a value of 0 minutes turns off the warning message feature. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - Late timer warning threshold - - - - - - When a non-persistent timer expires, the timeout callback method is called. If the transaction for this callback method fails or is rolled back, the container must retry the timer. The first retry attempt occurs immediately, and subsequent retry attempts are delayed by the number of seconds specified. If the value is set to 0, then all retries occur immediately. If you do not specify a value, the default interval is 300 seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Time interval between retries - - - - - - When a non-persistent timer expires, the timeout callback method is called. This setting controls how many times the EJB container attempts to retry the timer. If the transaction for this callback method fails or is rolled back, the EJB container must retry the timer at least once. The default value is -1, which means the EJB container retries infinitely until the timer is successful. If the value is set to 0, the EJB container does not retry the timer, however, this results in behavior that is not compliant with the EJB specification. - - Maximum number of retries - - - - - - - - - - - - - - - - Schedules and runs EJB persistent timer tasks. - - EJB persistent timers executor reference - persistentExecutor - - - - - - The context service is used to manage context propagation to non-persistent timer method threads. - - Thread context propagation reference - - contextService - - - - - - Specifies the action to perform when the expiration of an interval or schedule-based persistent timer is missed. One or more expirations of a persistent timer are classified as missed if the current expiration is scheduled before application server start or the next expiration is scheduled before the current time. The default action when failover of persistent timers is enabled is ONCE, otherwise the default action is ALL. - - Missed persistent timer action - - - - - - - - - The timeout method is invoked immediately for all missed expirations. When multiple expirations are missed for the same timer, each invocation occurs synchronously until all missed expirations are processed, then the timer resumes with the next future expiration. - - - - - The timeout method is invoked once immediately. All other missed expirations are skipped and the timer resumes with the next future expiration. - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines the behavior of EJB asynchronous methods. - - EJB Asynchronous Methods - - - - - - The context service used to manage context propagation to asynchronous EJB method threads. - - Asynchronous Method Context Propagation - - - - - - - The maximum number of unclaimed results that the server retains from all remote asynchronous method calls that return a Future object. If the maximum is exceeded, the server purges the result of the method call that completed the longest ago to prevent memory leakage. - - Maximum remote method results - - - - - - - - - - - - - - - - The amount of time that the server retains the result for each remote asynchronous method call that returns a Future object. If an application does not claim the result within the specified period of time, the server purges the result of that method call to prevent memory leakage. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Remote method result timeout - - - - - - The context service used to manage context propagation to asynchronous EJB method threads. - - Asynchronous method context propagation reference - contextService - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Logs a record of events, such as the JDBC requests and servlet requests, and their durations. - - Event Logging - - - - - - - - Controls whether the event logging occurs at the entry to events, at the exit from events, or both. - - Logging mode for events - logMode - - - - - - - - - log at entry - - - - - log at exit - - - - - log at entry and exit - - - - - - - - - - To sample one out of every n requests, set sampleRate to n. To sample all requests, set sampleRate to 1. - - Sampling rate for event logging - - - - - - - - - - - - - - - - Exit entries will be logged for events longer than minDuration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Minimum duration of a request to log - - - - - - A list of comma-separated event types that needs to be logged. Use all, to log all event types. - - Event types to log - - - - - - Indicates if the context information details are included in the log output. - - Include context information - - - - - - - - - Definition of mime types shared by all http virtual hosts - - Default Mime Types - - - - - - Definition of mime type as id=value. Use the extension as the id, and the associated type as the value. - - Mime extension and type - - - - - - - - - - HTTP Dispatcher configuration. - - HTTP Dispatcher - - - - - - The web server plug-in uses private headers to provide information about the original request. These headers take precedence over the HTTP host header and are used to select a virtual host to service a request. The default value is '*', which trusts incoming private headers from any source. To disable private headers and rely only on the http Host header, specify 'none'. To restrict private header processing to specific trusted sources, specify a comma-separated list of IP addresses and hostnames. This list supports '*' wildcards, with the following restrictions: IP addresses cannot be shortened and must contain a value for each field, for example "127.0.0.*" or "0:0:0:0:0:ffff:*:*", and hostnames must start with "*.", for example "*.ibm.com". The following example shows a valid list that includes wildcards: "localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com". - - Trusted private header origin - - - - - - The web server plug-in uses private headers to provide information about the original request. A subset of these headers is considered sensitive. By default, the value for this property is 'none'. Incoming sensitive private headers are not trusted from any source. To allow sensitive private header processing for specific trusted sources, specify a comma-separated list of IP addresses and hostnames. To trust incoming sensitive private headers from any source, specify '*'. This list supports '*' wildcards, with the following restrictions: IP addresses cannot be shortened and must contain a value for each field, for example "127.0.0.*" or "0:0:0:0:0:ffff:*:*", and hostnames must start with "*.", for example "*.ibm.com". The following example shows a valid list that includes wildcards: "localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com". - - Trusted sensitive private header origin - - - - - - - Enables the default Liberty profile welcome page when no application is bound to a context root of "/". The default value is true. - - Enable welcome page - - - - - - Message to return to the client when the application in the requested URI can not be found. - - Message when application can not be found - - - - - - - - - HTTP transport encoding settings - - HTTP Transport Encoding - Character set converters - Language encodings - - - - - - - - Shift_JIS Japanese converter - - Shift_JIS Japanese converter - - - - - - - EUC Japanese converter (EUC-JP) - - EUC Japanese converter - - - - - - - EUC Korean converter (EUC-KR) - - EUC Korean converter (EUC-KR) - - - - - - - EUC Korean converter (EUC_KR) - - EUC Korean converter (EUC_KR) - - - - - - - EUC Chinese (Taiwan) converter (EUC-TW) - - EUC Chinese (Taiwan) converter - - - - - - - Big5 Chinese converter - - Big5 Chinese converter - - - - - - - GB2312 Chinese converter - - GB2312 Chinese converter - - - - - - - ISO-2022 Korean converter (ISO-2022-KR) - - ISO-2022 Korean converter - - - - - - - English language encoding (en) - - English language encoding - - - - - - - French language encoding (fr) - - French language encoding - - - - - - - German language encoding (de) - - German language encoding - - - - - - - Spanish language encoding (es) - - Spanish language encoding - - - - - - - Portuguese language encoding (pt) - - Portuguese language encoding - - - - - - - Danish language encoding (da) - - Danish language encoding - - - - - - - Catalan language encoding (ca) - - Catalan language encoding - - - - - - - Finnish language encoding (fi) - - Finnish language encoding - - - - - - - Italian language encoding (it) - - Italian language encoding - - - - - - - Dutch language encoding (nl) - - Dutch language encoding - - - - - - - Norwegian language encoding (no) - - Norwegian language encoding - - - - - - - Swedish language encoding (sv) - - Swedish language encoding - - - - - - - Icelandic language encoding (is) - - Icelandic language encoding - - - - - - - Basque language encoding (eu) - - Basque language encoding - - - - - - - Czech language encoding (cs) - - Czech language encoding - - - - - - - Croatian language encoding (hr) - - Croatian language encoding - - - - - - - Hungarian language encoding (hu) - - Hungarian language encoding - - - - - - - Lithuanian language encoding (lt) - - Lithuanian language encoding - - - - - - - Polish language encoding (pl) - - Polish language encoding - - - - - - - Serbo-Croatian language encoding (sh) - - Serbo-Croatian language encoding - - - - - - - Slovak language encoding (sk) - - Slovak language encoding - - - - - - - Slovenian language encoding (sl) - - Slovenian language encoding - - - - - - - Albanian language encoding (sq) - - Albanian language encoding - - - - - - - Faroese language encoding (fo) - - Faroese language encoding - - - - - - - Romanian language encoding (ro) - - Romanian language encoding - - - - - - - Maltese language encoding (mt) - - Maltese language encoding - - - - - - - Estonian language encoding (et) - - Estonian language encoding - - - - - - - Latvian language encoding (lv) - - Latvian language encoding - - - - - - - Belarusian language encoding (be) - - Belarusian language encoding - - - - - - - Bulgarian language encoding (bg) - - Bulgarian language encoding - - - - - - - Macedonian language encoding (mk) - - Macedonian language encoding - - - - - - - Russian language encoding (ru) - - Russian language encoding - - - - - - - Serbian language encoding (sr) - - Serbian language encoding - - - - - - - Ukrainian language encoding (uk) - - Ukrainian language encoding - - - - - - - Arabic language encoding (ar) - - Arabic language encoding - - - - - - - Persian language encoding (fa) - - Persian language encoding - - - - - - - Malay language encoding (ms) - - Malay language encoding - - - - - - - Greek language encoding (el) - - Greek language encoding - - - - - - - Hebrew language encoding (iw) - - Hebrew language encoding - - - - - - - Hebrew language encoding (he) - - Hebrew language encoding - - - - - - - Yiddish language encoding (ji) - - Yiddish language encoding - - - - - - - Yiddish language encoding (yi) - - Yiddish language encoding - - - - - - - Turkish language encoding (tr) - - Turkish language encoding - - - - - - - Thai language encoding (th) - - Thai language encoding - - - - - - - Vietnamese language encoding (vi) - - Vietnamese language encoding - - - - - - - Japanese language encoding (ja) - - Japanese language encoding - - - - - - - Korean language encoding (ko) - - Korean language encoding - - - - - - - Chinese language encoding (zh) - - Chinese language encoding (simplified) - - - - - - - Chinese language encoding (zh_TW) - - Chinese language encoding (traditional) - - - - - - - Armenian language encoding (hy) - - Armenian language encoding - - - - - - - Georgian language encoding (ka) - - Georgian language encoding - - - - - - - Hindi language encoding (hi) - - Hindi language encoding - - - - - - - Marathi language encoding (mr) - - Marathi language encoding - - - - - - - Sanskrit language encoding (sa) - - Sanskrit language encoding - - - - - - - Tamil language encoding (ta) - - Tamil language encoding - - - - - - - Bengali language encoding (bn) - - Bengali language encoding - - - - - - - - - - HTTP access logs contain a record of all inbound HTTP client requests. - - HTTP Access Logging - - - - - - - - Enables access logging when the accessLogging configuration element is defined. Note: Access logging must be configured for this attribute to take effect. - - Enabled - - - - - - Directory path and name of the access log file. Standard variable substitutions, such as ${server.output.dir}, can be used when specifying the directory path. - - Log file path - accessLogFilePath - - - - - - Specifies the log format that is used when logging client access information. - - Format - - - - - - Maximum size of a log file, in megabytes, before being rolled over; a value of 0 means no limit. - - Maximum log file size - - - - - - - - - - - - - - - - Maximum number of log files that will be kept, before the oldest file is removed; a value of 0 means no limit. - - Maximum log files - - - - - - - - - - - - - - - - The scheduled time of day for logs to first roll over. The rollover interval duration begins at rollover start time. Valid values follow a 24-hour ISO-8601 datetime format of HH:MM, where 00:00 represents midnight. Padding zeros are required. If rolloverInterval is specified, the default value of rolloverStartTime is 00:00, midnight. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. - - Rollover start time for time based log rollover - - - - - - The time interval in between log rollovers, in minutes if a unit of time is not specified. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 5 hours as 5h. You can include multiple values in a single entry. For example, 1d5h is equivalent to 1 day and 5 hours. If rolloverStartTime is specified, the default value of rolloverInterval is 1 day. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - Rollover interval for time based log rollover - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - An element that is configured within the httpEndpoint element so that the associated HTTP channel evaluates response header configurations. - - Header Options - - - - - - Specifies the header names and values that are added to each HTTP response. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this attribute must not be empty or present in the 'remove', 'set', or 'setIfMissing' header configurations. - - Headers to be added on each response - - - - - - Specifies the header names and values that are set to each HTTP response. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this attribute must not be empty, defined more than once, or present in the 'remove', 'add', or 'setIfEmpty' header configurations. If the header is already present on the response, existing values are overwritten in favor of this configuration. - - Headers to be set on each response - - - - - - Specifies the header names and values that are set to each HTTP response if not already present. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this attribute must not be empty, defined more than once, or present in the 'remove', 'add', or 'set' header configurations. - - Headers to be set if not present on each response - - - - - - Specifies the header names that are removed from each HTTP response. Any header name that is defined by using this attribute must not be empty. No header values are expected. Any header name that is defined by using this attribute must not be present in the 'add', 'set', or 'setIfMissing' header configurations. - - Headers to be removed from each response - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configures port redirection. HTTP Proxy Redirect is used when redirecting HTTP requests from a non-secure port (for example, 80) to an SSL-enabled secured port (for example, 443). - - HTTP Proxy Redirect - - - - - - - - The (non-secure) port to redirect from. Incoming HTTP requests on this port are redirected to the specified HTTPS port. - - HTTP port - - - - - - - - - - - - - - - - - - The (secure) port to redirect to. Incoming HTTP requests that use the HTTP port are redirected to this port. - - HTTPS port - - - - - - - - - - - - - - - - - - This attribute determines whether or not the server should redirect ports that are specified in this configuration element. The default is true. - - Enabled - - - - - - The host name used for this proxy redirect. The server redirects HTTP requests only if the incoming request specifies a host name that matches this value. The default is * (all hosts). - - Host - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - An element that is configured within the httpEndpoint element so that the associated HTTP channel can consider SameSite configurations. - - SameSite Options - - - - - - List of cookie names or patterns for which the SameSite attribute is set to a value of Lax, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'none' nor 'strict' configurations. - - List of samesite lax cookies - - - - - - List of cookie names or patterns for which the SameSite attribute is set to a value of None, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'strict' configurations. Each cookie that is modified to contain a SameSite value of None as a result of this configuration is also set to Secure. - - List of samesite none cookies - - - - - - List of cookie names or patterns for which the SameSite attribute is set to a value of Strict, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'none' configurations. - - List of samesite strict cookies - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - An element that is configured within the httpEndpoint element so that the associated HTTP channel can consider compressing response bodies based on the client's Accept-Encoding header. - - Compression Options - - - - - - To include a content type in addition to the default values, affix the add (+) character as a prefix to that content type. To exclude a content type from compression, affix the remove (-) character as a prefix to that content type. Note: The wildcard (*) character is supported only as a content subtype, such as text/*. - - List of content types for response compression - - - - - - - The configured compression algorithm is used to compress the body of responses when it is specified with a non-zero quality value in the request's Accept-Encoding header. The valid compression algorithms include: deflate, gzip, x-gzip, zlib, and identity. - - Server-preferred algorithm for compression - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for an HTTP endpoint. - - HTTP Endpoint - - - - - - HTTP protocol options for the endpoint. - - HTTP Options - - - - - - Remote IP options for the endpoint. - - Remote IP Options - - - - - - Compression options for the endpoint. - - Compression Options - - - - - - SameSite options for the endpoint. - - SameSite Options - - - - - - Header options for the endpoint. - - Header Options - - - - - - SSL protocol options for the endpoint. - - SSL Options - - - - - - TCP protocol options for the endpoint. - - TCP Options - - - - - - HTTP access logging configuration for the endpoint. - - HTTP Access Logging - - - - - - - Action to take after a failure to start an endpoint. - - On error - onError - - - - - - - - - Server will issue warning and error messages when it incurs a configuration error. - - - - - Server will issue a warning or error message on the first error occurrence and then stop the server. - - - - - Server will not issue any warning and error messages when it incurs a configuration error. - - - - - - - - - - Toggle the availability of an endpoint. When true, this endpoint will be activated by the dispatcher to handle HTTP requests. - - Enabled - - - - - - IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for all available network interfaces. - - Host - defaultHostName - - - - - - The port used for client HTTP requests. Use -1 to disable this port. - - Port - - - - - - - - - - - - - - - - - - The port used for client HTTP requests secured with SSL (https). Use -1 to disable this port. - - Secure port - - - - - - - - - - - - - - - - - - When Servlet 4.0 API is enabled as a feature, set this attribute to http/1.1 to disable HTTP/2 processing for the ports that were defined for the httpEndpoint element. When Servlet 3.1 API is enabled as a feature, set this attribute to http/2 to enable HTTP/2 processing for the ports that are defined for the httpEndpoint element. - - Protocol version - - - - - - HTTP protocol options for the endpoint. - - HTTP options reference - httpOptions - - - - - - Remote IP options for the endpoint. - - Remote IP options reference - remoteIp - - - - - - Compression options for the endpoint. - - Compression options reference - compression - - - - - - SameSite options for the endpoint. - - SameSite options reference - samesite - - - - - - Header options for the endpoint. - - Header options reference - headers - - - - - - SSL protocol options for the endpoint. - - SSL options reference - sslOptions - - - - - - TCP protocol options for the endpoint. - - TCP options reference - tcpOptions - - - - - - HTTP access logging configuration for the endpoint. - - HTTP access logging reference - httpAccessLogging - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - HTTP protocol configuration. - - HTTP Options - - - - - - - - Enables persistent connections (HTTP keepalive). If true, connections are kept alive for reuse by multiple sequential requests and responses. If false, connections are closed after the response is sent. - - Enable persistent connections - - - - - - Maximum number of persistent requests that are allowed on a single HTTP connection if persistent connections are enabled. A value of -1 means unlimited. This option supports low latency or high throughput applications, and SSL connections for use in situations where building up a new connection can be costly. - - Maximum persistent requests per connection - - - - - - - - - - - - - - - - Amount of time that a socket will be allowed to remain idle between requests. This setting only applies if persistent connections are enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Persistent connection timeout - - - - - - Amount of time to wait for a read request to complete on a socket after the first read occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Read timeout - - - - - - Amount of time to wait on a socket for each portion of the response data to be transmitted. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Write timeout - - - - - - Removes server implementation information from HTTP headers. - - Remove server header - - - - - - Allows the user to control whether or not the presence of a Set-Cookie header should update the Cache-Control header with a matching no-cache value. This also adds the Expires header. - - No cache cookies control - - - - - - Specifies whether the HTTP Channel automatically decompresses incoming request body data. - - Auto decompression - - - - - - Limits the number of HTTP headers that can exist in an incoming message. When this limit is exceeded, an error is returned to the remote client. - - Limit number of headers - - - - - - - - - - - - - - - - - - Enforces the size limits on various HTTP fields, such as request URLs, or individual header names or values. Enforcing the size limits of these fields guards against possible Denial of Service attacks. An error is returned to the remote client, if a field exceeds the allowed size. - - Limit header field size - - - - - - - - - - - - - - - - - - Prevents the HTTP Channel from sending multiple Set-Cookie headers with the same name. - - Do not allow duplicate set cookies - - - - - - Limits the acceptable size of an incoming message. If a message arrives with a size larger than this value, then an error is returned to the remote client. - - Message size limit - - - - - - Specifies the size of each buffer used when reading the body of an incoming HTTP message. - - Incoming body buffer size - - - - - - - - - - - - - - - - - - Specifies whether the HTTP channel creates an I/O exception when an inbound connection is closed while still in use by the servlet. The default value is set according to the configured servlet feature. Prior to Servlet 4.0, the default value is false; starting with Servlet 4.0, the default value is true. - - Throw I/O exception for inbound connections - - - - - - Specifies the maximum ratio of decompressed to compressed request body payload. The HTTP channel reads the request body and verifies the ratio as the body decompresses. The channel stops decompression of the request body if the decompression ratio remains above the configured value and the decompressionTolerance is reached. - - Decompression ratio limit - - - - - - - - - - - - - - - - Specifies the maximum number of times the HTTP channel tolerates a decompression ratio above the configured ratio, depicted by the decompressionRatioLimit httpOption attribute. If this number reaches, and the next decompression cycle still contains a decompression ratio above the ratio limit, then the HTTP channel stops decompressing the request body. - - Decompression tolerance - - - - - - - - - - - - - - - - Specifies the amount of time, in seconds, that an HTTP/2 connection will be allowed to remain idle between socket IO operations. If not specified, or set to a value of 0, there is no connection timeout set. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - HTTP/2 connection idle timeout - - - - - - Specifies the maximum number of streams that an HTTP/2 connection can have active at any given point. Opening streams over the limit, will result on a REFUSED_STREAM (0x7). If not specified, the default value of concurrent streams will be set to 200. - - Max concurrent streams - - - - - - Specifies the maximum allowed size of a frame payload the server will advertise in the SETTINGS_MAX_FRAME_SIZE HTTP/2 settings frame. This can be configured to any size within the range of 16,384 to 16,777,215 bytes, inclusive. If not specified, the default is set to 57,344 bytes. - - Max frame size - - - - - - - - - - - - - - - - - - Specifies the initial window size in octets for HTTP/2 stream-level flow control. This value can be configured to any size within the range of 1 to 2,147,483,647 octets, inclusive. If no value is specified, the default value is 65,535 octets. - - Stream-level initial window size - - - - - - - - - - - - - - - - - - Specifies the window size in octets for HTTP/2 connection-level flow control. This value can be configured to any size within the range of 65,535 to 2,147,483,647 octets, inclusive. If no value is specified, the default value is 65,535 octets. - - Connection-level window size - - - - - - - - - - - - - - - - - - Specifies whether the server waits until half of the HTTP/2 connection-level and stream-level windows are exhausted before it sends WINDOW_UPDATE frames. Valid values are true or false. If no value is specified, the default value is false. - - Limit window_update frames - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - An element configured within the httpEndpoint element so that the associated HTTP channel is enabled to consider X-Forwarded-* or Forwarded request headers. - - Remote IP Options - - - - - - - - A regular expression that defines trusted proxies. - - Proxies regex - - - - - - If this property is set to true and the remote client information was verified by the HTTP Channel, the NCSA access log reflects the Forwarded or X-Forwarded-* headers. These headers are reflected when one or more of the following items are recorded: the remote client IP, the host, or the request protocol. - - Use remote IP in access log - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A virtual host provides a logical grouping for configuring web applications to a particular host name. The default virtual host (default_host) is suitable for most simple configurations. - - Virtual Host - - - - - - Associate a host and port with this virtual host, using the host:port syntax. The specified host can be an IP address, domain name server (DNS) hostname with a domain name suffix, the DNS hostname, or * for a wildcard match on all hostnames. Note that IPv6 addresses must be enclosed in []. - - Virtual host alias - - - - - - Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints. - - Allow From Endpoints - - - - - - - Enable this virtual host. - - Enabled - - - - - - Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints. - - Allow from endpoints - httpEndpoint - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for a server or client ORB. Specify either the nameService attribute for a client ORB or one or more iiopEndpoint references for a server ORB. - - Object Request Broker (ORB) - - - - - - Optional IIOP Endpoint describing the ports open for this ORB - - IIOP Endpoint - - - - - - - - - - - - - Optional URL for the remote name service, for example corbaname::localhost:2809 - - Naming context location for a client ORB - - - - - - ORB SSL initialization timeout specified in seconds - - Timeout that governs ORB SSL initialization - - - - - - Optional IIOP Endpoint describing the ports open for this ORB - - IIOP endpoint reference for a server ORB - iiopEndpoint - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for IIOP server policies - - IIOP Server Policies - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - IIOP Endpoint configuration - - IIOP Endpoint - - - - - - TCP protocol options for the IIOP endpoint - - TCP Options - - - - - - Specification of a secured server socket opened by this IIOP endpoint - - IIOPS Port And Options - - - - - - - IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name - - Host - defaultHostName - - - - - - Port for the unsecured server socket opened by this IIOP endpoint - - IIOP port - - - - - - TCP protocol options for the IIOP endpoint - - TCP options reference - tcpOptions - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties to be applied to JAX-RS WebTargets that match the specified URI when they are constructed. A property specified programmatically after object construction takes precedence over a property declared in xml. - - JAX-RS Client Properties - - - - - - - - The URI specified in application code. If the URI matches the URI in code, the properties are applied to that WebTarget. If the URI ends with *, then its properties are applied to any WebTarget having a URI that begins with the specified URI. If more than one URI ending with * matches a WebTarget URI, all are applied in sorted order of URI. - - URI - - - - - - The amount of time to wait in milliseconds for a connection to be made. This is equivalent to the com.ibm.ws.jaxrs.client.timeout programmatic property. - - Connection timeout - - - - - - The amount of time to wait in milliseconds for a response after a connection is established. This is equivalent to the com.ibm.ws.jaxrs.client.receive.timeout programmatic property. - - Receive timeout - - - - - - The host name of the proxy server. This is equivalent to the com.ibm.ws.jaxrs.client.proxy.host programmatic property. - - Proxy host - - - - - - The port of the proxy server. This is equivalent to the com.ibm.ws.jaxrs.client.proxy.port programmatic property . - - Proxy port - - - - - - The port of the proxy server. This is equivalent to the com.ibm.ws.jaxrs.client.proxy.port programmatic property . - - Proxy type - - - - - - Disables the Common Name Check. Valid values are true or false. This is equivalent to the com.ibm.ws.jaxrs.client.disableCNCheck programmatic property . - - Disable common name check - - - - - - The type of authorization token to use. This must be ltpa, saml, or oauth. This is equivalent to specifying one of the com.ibm.ws.jaxrs.client.ltpa.handler, com.ibm.ws.jaxrs.client.saml.sendToken, or com.ibm.ws.jaxrs.client.oauth.sendToken programmatic properties. - - Type of authorization token to use - - - - - - An id of an ssl reference found in server.xml. That ssl configuration specified by that reference is used. - - The id of an ssl reference in server.xml - - - - - - Any other variables can also be specified and will be passed to the WebTarget intact. - - Any other variables - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies configuration for a resource adapter that is embedded in an application. - - - Resource Adapter - - - - - - Configures how context is captured and propagated to threads. - - Thread Context Propagation - - - - - - - - - - Overrides the default identifier for the resource adapter. The identifier is used in the name of the resource adapter's configuration properties element, which in turn is used in determining the name of configuration properties elements for any resources provided by the resource adapter. The resource adapter's configuration properties element name has the format, properties.<APP_NAME>.<ALIAS>, where <APP_NAME> is the name of the application and <ALIAS> is the configured alias. If unspecified, the alias defaults to the module name of the resource adapter. - - Alias - - - - - - Identifies the name of the embedded resource adapter module to which this configuration applies. - - Module name - - - - - - Configures whether a resource adapter starts automatically upon deployment of the resource adapter or lazily upon injection or lookup of a resource. - - Automatically start - - - - - - Configures how context is captured and propagated to threads. - - Thread context propagation reference - contextService - - - - - - - - - - - - - - - Defines a resource adapter installation. - - - Resource Adapter - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - - - - - - - - - - - Defines the path of the RAR file to install. - - RAR file path - - - - - - Configures whether a resource adapter starts automatically upon deployment of the resource adapter or lazily upon injection or lookup of a resource. - - Automatically start - - - - - - Enables use of Jandex index files if they are supplied in the application - - Use Jandex - - - - - - Defines the settings for an application classloader. - - Classloader - classloader - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines an administered object configuration. - - - Administered Object - - - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines an activation specification configuration. - - - Activation Specification - - - - - - Default authentication data for an activation specification. - - Authentication Data - - - - - - - - Default authentication data for an activation specification. - - Authentication data reference - authData - - - - - - The maximum number of endpoints to dispatch to. - - Maximum endpoints - - - - - - - - - - - - - - - - Configures whether the message endpoints associated with this activation specification start automatically or need to be manually started using the resume command. - - Automatically start - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Customizes the configuration properties element for the activation specification, administered object, or connection factory with the specified interface and/or implementation class. - - Properties Customization - - - - - - - - Fully qualified implementation class name for which the configuration properties element should be customized. - - Implementation class name - - - - - - Fully qualified interface class name for which the configuration properties element should be customized. - - Interface class name - - - - - - Overrides the default suffix for the configuration properties element. For example, "CustomConnectionFactory" in properties.rarModule1.CustomConnectionFactory. The suffix is useful to disambiguate when multiple types of connection factories, administered objects, or endpoint activations are provided by a resource adapter. If a configuration properties element customization omits the suffix or leaves it blank, no suffix is used. - - Suffix - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a connection factory configuration. - - - Connection Factory - - - - - - Connection manager for a connection factory. - - Connection Manager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container Managed Authentication Data - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS Login Context Entry - - - - - - Authentication data for transaction recovery. - - Recovery Authentication Data - - - - - - - - Connection manager for a connection factory. - - Connection manager reference - connectionManager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container managed authentication data reference - authData - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS login context entry reference - jaasLoginContextEntry - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - Authentication data for transaction recovery. - - Recovery authentication data reference - authData - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Customizes the configuration properties element for the activation specification, administered object, or connection factory with the specified interface and/or implementation class. - - Properties Customization - - - - - - - - Fully qualified implementation class name for which the configuration properties element should be customized. - - Implementation class name - - - - - - Fully qualified interface class name for which the configuration properties element should be customized. - - Interface class name - - - - - - Overrides the default suffix for the configuration properties element. For example, "CustomConnectionFactory" in properties.rarModule1.CustomConnectionFactory. The suffix is useful to disambiguate when multiple types of connection factories, administered objects, or endpoint activations are provided by a resource adapter. If a configuration properties element customization omits the suffix or leaves it blank, no suffix is used. - - Suffix - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS activation specification configuration. - - JMS Activation Specification - - - - - - Default authentication data for an activation specification. - - Authentication Data - - - - - - - - - - Default authentication data for an activation specification. - - Authentication data reference - authData - - - - - - The maximum number of endpoints to dispatch to. - - Maximum endpoints - - - - - - - - - - - - - - - - Configures whether the message endpoints associated with this activation specification start automatically or need to be manually started using the resume command. - - Automatically start - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS topic connection factory configuration. - - JMS Topic Connection Factory - - - - - - Connection manager for a connection factory. - - Connection Manager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container Managed Authentication Data - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS Login Context Entry - - - - - - Authentication data for transaction recovery. - - Recovery Authentication Data - - - - - - - - - - Connection manager for a connection factory. - - Connection manager reference - connectionManager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container managed authentication data reference - authData - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS login context entry reference - jaasLoginContextEntry - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - Authentication data for transaction recovery. - - Recovery authentication data reference - authData - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS queue configuration. - - JMS Queue - - - - - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS queue connection factory configuration. - - JMS Queue Connection Factory - - - - - - Connection manager for a connection factory. - - Connection Manager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container Managed Authentication Data - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS Login Context Entry - - - - - - Authentication data for transaction recovery. - - Recovery Authentication Data - - - - - - - - - - Connection manager for a connection factory. - - Connection manager reference - connectionManager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container managed authentication data reference - authData - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS login context entry reference - jaasLoginContextEntry - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - Authentication data for transaction recovery. - - Recovery authentication data reference - authData - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS topic configuration. - - JMS Topic - - - - - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS destination configuration. - - JMS Destination - - - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a JMS connection factory configuration. - - JMS Connection Factory - - - - - - Connection manager for a connection factory. - - Connection Manager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container Managed Authentication Data - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS Login Context Entry - - - - - - Authentication data for transaction recovery. - - Recovery Authentication Data - - - - - - - - - - Connection manager for a connection factory. - - Connection manager reference - connectionManager - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. - - Container managed authentication data reference - authData - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS login context entry reference - jaasLoginContextEntry - - - - - - JNDI name for a resource. - - JNDI name - jndiName - - - - - - Authentication data for transaction recovery. - - Recovery authentication data reference - authData - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for a Mail Session Instance. - - Mail Session Object - - - - - - - - - The ID of the specific Mail Session Instance - - Mail session ID - - - - - - Name of the Mail Session reference that is used for JNDI look-up - - The JNDI look up name - jndiName - - - - - - Description of the Mail Session - - Description of the mailSession - - - - - - The Store Protocol used by the Mail Session instance. The default store protocol is IMAP - - The store protocol for javax.mail.Session - - - - - - The Transport Protocol used by the Mail Session instance. The default transport protocol is SMTP - - The transport protocol for javax.mail.Session - - - - - - The host of the Mail Session - - The mail server's host address - - - - - - The User's e-mail address used on the Host. - - The user account - - - - - - The User's password, usually needed in order to connect to the host. - - The user's password - - - - - - The E-Mail address used to send mail with the Mail Session instance. - - The from address - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Any additional properties that need to be added to the config - - Nested Property - - - - - - - - The name of the extra property - - The name of the additional property - - - - - - The value of the property that matches the name - - The value of the addtional property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration of permissions for Java 2 Security. - - Java 2 Security - - - - - - - - The name of the class implementing the permission being granted. For example, java.io.FilePermission. - - Permission class - - - - - - The codebase that is being granted the permission. - - Codebase - - - - - - The class name that would be matched for the given Principal Name. - - Principal class - - - - - - The principal to whom the permission is being granted. - - Principal name - - - - - - The target for which the permission applies to. For example, ALL FILES in the case of a java.io.FilePermission. - - Target name - - - - - - The actions that the permission grant allows on the target name. For example, read in the case of a java.io.FilePermission. - - Actions - - - - - - Declares whether the permission is being restricted versus granted. If restriction is set to "true" then this permission is denied as opposed to being granted. - - Restriction - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies binding properties for a web application. - - Web Application Bindings - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - Specifies the virtual host that is used for the web application. - - Virtual Host - - - - - - - The module name specifies the individual module that the binding or extension configuration applies to. - - Module name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A logical name used to locate a message destination. - - Message Destination - - - - - - - - The name of the message destination. - - Name - - - - - - The binding name of the message destination. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines an environment entry. - - Environment Entry - - - - - - - - The name of the environment entry. - - Name - - - - - - The value of the environment entry. - - Value - - - - - - The binding name for the environment entry. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Cache settings for an EJB. - - Bean Cache - - - - - - - - Specifies the point at which an EJB is placed in the cache. - - Activation policy - - - - - - - - - TRANSACTION - - - - - ONCE - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies properties for the JCA adapter. A message driven bean must have a JCA adapter defined. - - JCA Adapter - - - - - - - - Specifies the binding name for an activation specification. - - Activation specification binding name - - - - - - Specifies the authentication alias for an activation specification. - - Activation specification authentication alias - - - - - - Specifies the destination binding name for a JCA adapter. - - Destination binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines properties that apply to application bindings. - - Application Bindings - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - A role that is mapped to users and groups in a domain user registry. - - Security Role - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - An authentication alias for a resource reference. - - Authentication Alias - - - - - - The authentication alias name. - - Name - - - - - - - The authentication alias name. - - Name - authData - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Used to declare additional settings on a Java EE resource reference. - - Resource Reference - - - - - - The authentication alias for the resource reference. - - Authentication Alias - - - - - - Specifies custom login configuration properties. - - Custom Login - - - - - - - The name for the resource reference. - - Name - - - - - - The binding name for the resource reference. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a mime filter for a web application. - - Mime Filter - - - - - - - - The target for the mime filter. - - Target - - - - - - The type for the mime filter. - - Mime type - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A role that is mapped to users and groups in a domain user registry. - - Security Role - - - - - - The user for a security role. - - User - - - - - - The group for a security role. - - Group - - - - - - Name of a special subject possessing a security role. - - Special Subject - - - - - - ID and password of a user that is required to access a bean from another bean. - - Run As - - - - - - - The name for a security role. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The user for the security role. - - User - - - - - - - - The name for the subject. - - Name - - - - - - The access ID for a subject. - - Access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Reference bindings in an application client. - - Client Reference Bindings - - - - - - EJB References in an application client. - - Client EJB References - - - - - - Resource references in an application client. - - Client Resource References - - - - - - Specifies the binding for a resource environment reference. - - Client Resource Environment References - - - - - - Message destination reference in an application client. - - Client Message Destination References - - - - - - Defines a data source for an application client. - - Client Data Sources - - - - - - Defines an environment entry for an application client. - - Client Environment Entries - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a custom login configuration for a resource reference. - - Custom Login - - - - - - Defines a property for a custom login configuration. - - Properties - - - - - - - A name for the custom login configuration. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies properties for message driven beans. - - Message Driven Bean - - - - - - Cache settings for an EJB. - - Bean Cache - - - - - - Specifies local transactions for this enterprise bean. - - Local Transactions - - - - - - Specifies global transactions for this enterprise bean. - - Global Transactions - - - - - - Specifies resource references for this enterprise bean. - - Resource References - - - - - - Controls whether the bean starts at application start. - - Start At Application Start - - - - - - - The name for the enterprise bean. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines properties for a managed bean. - - Managed Bean - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - - Specifies the class name for a managed bean. - - Class - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Attributes consisting of a name value pair. - - Attributes - - - - - - - - The attribute name. - - Name - - - - - - The attribute value. - - Value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines properties for reference bindings. - - Reference Bindings - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the bindings for a managed bean. - - Managed Bean Bindings - - - - - - Defines interceptors for the managed bean binding. - - Interceptors - - - - - - Specifies the managed bean for this binding. - - Managed Beans - - - - - - - The module name specifies the individual module that the binding or extension configuration applies to. - - Module name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a local transaction for a servlet or an EJB application. - - Location Transaction - - - - - - - - Defines a resolver for the local transaction. The value can be either APPLICATION or CONTAINER_AT_BOUNDARY. - - Resolver - - - - - - - - - CONTAINER_AT_BOUNDARY - - - - - APPLICATION - - - - - - - - - - Defines the behavor for unresolved actions. The value can be either ROLLBACK or COMMIT. - - Unresolved action - - - - - - - - - COMMIT - - - - - ROLLBACK - - - - - - - - - - Defines whether the local transaction is shareable. - - Shareable - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Properties for a session bean in an EJB application. - - Session - - - - - - Cache settings for an EJB. - - Bean Cache - - - - - - Specifies local transactions for this enterprise bean. - - Local Transactions - - - - - - Specifies global transactions for this enterprise bean. - - Global Transactions - - - - - - Specifies resource references for this enterprise bean. - - Resource References - - - - - - Controls whether the bean starts at application start. - - Start At Application Start - - - - - - Specifies a time out value for the session bean. - - Time Out - - - - - - - The name for the enterprise bean. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Extension properties for EJB applications. - - EJB Jar Extensions - - - - - - Extension properties for session beans. - - Session Bean Extensions - - - - - - Extension properties for message driven beans. - - Message Driven Bean Extensions - - - - - - - The module name specifies the individual module that the binding or extension configuration applies to. - - Module name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Used to declare additional settings on a Java EE resource reference. - - Resource Reference - - - - - - - - The name for the resource reference. - - Name - - - - - - Defines the transaction isolation level. - - Isolation level - - - - - - - - - TRANSACTION_READ_COMMITTED - - - - - TRANSACTION_SERIALIZABLE - - - - - TRANSACTION_REPEATABLE_READ - - - - - TRANSACTION_READ_UNCOMMITTED - - - - - TRANSACTION_NONE - - - - - - - - - - Defines the commit priority for the resource reference. - - Commit priority - - - - - - Specifies whether loose or tight coupling is used. - - Branch coupling - - - - - - - - - LOOSE - - - - - TIGHT - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a custom login configuration property. - - Property - - - - - - - - The name of the property. - - Name - - - - - - The value of the property. - - Value - - - - - - A description of the property. - - Description - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines properties for a resource environment reference. - - Resource Environment Reference - - - - - - - - The name for the resource environment reference. - - Name - - - - - - The binding name for the resource environment reference. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies properties for message driven beans. - - Message Driven Bean - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - Defines a JCA adapter for a message driven bean. - - JCA Adapter - - - - - - - The name for the enterprise bean. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Group that has the security role. - - Group - - - - - - - - The name for the subject. - - Name - - - - - - The access ID for a subject. - - Access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Special subject that has the security role. - - Special Subject - - - - - - - - One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. - - Type - - - - - - - - - ALL_AUTHENTICATED_USERS - - - - - EVERYONE - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies a session bean time out value. - - Time Out - - - - - - - - The value for the time out. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the virtual host used by this web application. The virtual host must be defined in the configuration. - - Virtual Host - - - - - - - - The name for the virtual host - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A logical name used to locate the home interface of an enterprise bean. - - EJB References - - - - - - - - The name for the EJB reference. - - Name - - - - - - The binding name for the EJB reference. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The EJB binding descriptor defines binding information for an EJB module. - - EJB Jar Bindings - - - - - - Binding properties for session beans. - - Session Bean Bindings - - - - - - Binding properties for message driven beans. - - Message Driven Bean Bindings - - - - - - Binding properties for interceptors. - - Interceptor Bindings - - - - - - Binding properties for message destinations. - - Message Destination Bindings - - - - - - - The module name specifies the individual module that the binding or extension configuration applies to. - - Module name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A description of an enterprise bean in an EJB application. - - Enterprise Bean - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - - The name for the enterprise bean. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies properties for a global transaction. - - Global Transaction - - - - - - - - Determines whether to send the web services atomic transaction on outgoing requests. - - Send WSAT context - - - - - - Specifies the timeout for the global transaction. - - Transaction timeout - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A logical name used to locate a message destination. - - Message Destination Reference - - - - - - - - The name for the message destination reference. - - Name - - - - - - The binding name for the message destination reference. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Used to specify the method name, method signature, or method types to which a given setting might apply. - - Method - - - - - - - - Specifies the name for the method. - - Name - - - - - - Specifies parameters for the method. - - Parameters - - - - - - Specifies the type of the method. - - Type - - - - - - - - - LOCAL_HOME - - - - - REMOTE - - - - - UNSPECIFIED - - - - - SERVICE_ENDPOINT - - - - - LOCAL - - - - - HOME - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines properties to extend applications. - - Application Extensions - - - - - - - - Indicates whether the session context is shared between modules. - - Shared session context - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A description of an enterprise bean in an EJB application. - - Enterprise Bean - - - - - - Cache settings for an EJB. - - Bean Cache - - - - - - Specifies local transactions for this enterprise bean. - - Local Transactions - - - - - - Specifies global transactions for this enterprise bean. - - Global Transactions - - - - - - Specifies resource references for this enterprise bean. - - Resource References - - - - - - Controls whether the bean starts at application start. - - Start At Application Start - - - - - - - The name for the enterprise bean. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies a session interface. - - Interface - - - - - - - - Specifies a binding name for an interface. - - Interface binding name - - - - - - The class name for the interface. - - Class name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Properties for a user or group. - - Subject - - - - - - - - The name for the subject. - - Name - - - - - - The access ID for a subject. - - Access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines properties that apply to application clients. - - Application Clients - - - - - - EJB References in an application client. - - Client EJB References - - - - - - Resource references in an application client. - - Client Resource References - - - - - - Specifies the binding for a resource environment reference. - - Client Resource Environment References - - - - - - Message destination reference in an application client. - - Client Message Destination References - - - - - - Defines a data source for an application client. - - Client Data Sources - - - - - - Defines an environment entry for an application client. - - Client Environment Entries - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The definition of a data source. - - Data Sources - - - - - - - - The data source name. - - Name - - - - - - The data source binding name. - - Binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Used to inform the EJB container that the specified EJB type can be initialized at the time the application is first started, rather than the time the EJB type is first used by the application. - - Start At Application Start - - - - - - - - The value of the start at application start property. - - Value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The name for the interceptor. - - Name - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - - The class name for the interceptor. - - Class name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Extension properties for web applications. - - Web Application Extensions - - - - - - Specifies whether the web application allows files to be served. - - File Serving Properties - - - - - - Specifies attributes for an invoker. - - Invoker Properties - - - - - - Specifies attributes that affect JSP behavior. - - JSP Properties - - - - - - Properties for a MIME filter. - - Mime Filters - - - - - - Properties for a resource reference. - - Resource References - - - - - - - The module name specifies the individual module that the binding or extension configuration applies to. - - Module name - - - - - - Specifies a page to be used as the default error page for a web application. - - Default error page URI - - - - - - Defines the context root for a web application. - - Context root - - - - - - Determines whether filters are loaded automatially. - - Auto load filters - - - - - - Determines whether requests are automatically encoded. - - Auto encode requests - - - - - - Determines whether responses are automatically encoded. - - Auto encode responses - - - - - - Specifies whether directory browsing is enabled for this web application. - - Enable directory browsing - - - - - - Specifies whether file serving is enabled for this web application. - - Enable file serving - - - - - - Specifies whether JSP pages are compiled when the web application starts. - - Pre-compile JSPs - - - - - - Enables serving servlets by classname. - - Enable serving servlets by class names - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - ID and password of a user required to access a bean from another bean. - - Run As - - - - - - - - ID of a user required to access a bean from another bean. - - User ID - - - - - - Password of a user required to access a bean from another bean. The value can be stored in clear text or encoded form. To encode the password, use the securityUtility tool with the encode option. - - Password - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Properties for a session bean in an EJB application. - - Session - - - - - - Specifies the binding for an EJB Reference. - - EJB References - - - - - - Specifies the binding for a resource reference. - - Resource References - - - - - - Specifies the binding for a resource environment reference. - - Resource Environment References - - - - - - Specifies the binding for a message destination reference. - - Message Destinations - - - - - - Specifies the binding for a data source. - - Data Sources - - - - - - Specifies the binding for an environment entry. - - Environment Entries - - - - - - Specifies a session interface. - - Interface - - - - - - - The name for the enterprise bean. - - Name - - - - - - Specifies the simple binding name for a session bean. - - Simple binding name - - - - - - The component ID for a session bean. - - Component ID - - - - - - The remote home binding name for a session bean. - - Remote home binding name - - - - - - The local home binding name for a session bean. - - Local home binding name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A port element defines port configurations associated with a web services reference. - - Port - - - - - - The properties element is used to define the properties for a web services endpoint or client. The attributes can have any name and any value. - - Properties - - - - - - - The port name is used to specify the name of the web services port. - - Name - - - - - - The namespace attribute is used to specify the namespace of the web services port. The binding is applied to the port that has the same name and namespace. Otherwise, the binding is applied to the port that has the same name. - - Namespace - - - - - - The address attribute is used to specify the address for the web services port and override the value of port-address attribute that is defined in the service-ref element. - - Address - - - - - - The user name attribute is used to specify the user name for basic authentication. - - User name - - - - - - The password attribute is used to specify the password for basic authentication. The password can be encoded. - - Password - - - - - - The SSL reference attribute refers to an ssl element defined in the server.xml file. If the attribute is not specified but the server supports transport level security the service client uses the default SSL configuration. - - SSL reference - - - - - - The key alias attribute is used to specify the alias of a client certificate. If the attribute is not specified and the web service provider supports the client certificate then the first certificate in the keystore is used as the value of this attribute. The attribute can also override the clientKeyAlias attribute that is defined in the ssl element of the server.xml file. - - Key alias - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Security constraint attributes are used to associate security constraints with one or more web resource collections. Security constraints only work as complementary configuration to the deployment descriptors or annotations in web applications. - - Security Constraint - - - - - - The web resource collection element is used to identify resources for a security constraint. - - Web Resource Collection - - - - - - The authorization constraint element is used to specify the user roles that should be permitted access a resource collection. - - Authorization Constraint - - - - - - The user data constraint element is used to define how data communicated between the client and a container should be protected. - - User Data Constraint - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The web service security element is used to configure role-based authorization for POJO web services and EJB-based web services. - - Web Service Security - - - - - - Security constraint attributes are used to associate security constraints with one or more web resource collections. Security constraints only work as complementary configuration to the deployment descriptors or annotations in web applications. - - Security Constraint - - - - - - A login configuration attribute is used to configure the authentication method and realm name, and takes effect only for the EJB-based web services in a JAR file. If the same attribute is specified in the deployment descriptor file, the value from the deployment descriptor is used. - - Login - - - - - - A security role attribute contains the definition of a security role. It only works as complementary configuration to the deployment descriptors or annotations in web applications. - - Security Role - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A security role attribute contains the definition of a security role. It only works as complementary configuration to the deployment descriptors or annotations in web applications. - - Security Role - - - - - - - - The role name for an authorization constraint should correspond with the role name of a security role defined in the deployment descriptor. - - Role name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Web service endpoint properties are used to define the default properties for all the web services endpoints in the same module. - - Web Service Endpoint Properties - - - - - - - - - [extraProperties.com.ibm.ws.javaee.ddmodel.wsbnd.WebserviceEndpointProperties.description, extraProperties.description] - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The properties element is used to define the properties for a web services endpoint or client. The attributes can have any name and any value. - - Properties - - - - - - - - - Additional properties for a web services endpoint or client - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The user data constraint element is used to define how data communicated between the client and a container should be protected. - - User Data Constraint - - - - - - - - The transport guarantee specifies how communication between the client and should take place. If the value is INTEGRAL, the application requires that the data should not change in transit. If the value is CONFIDENTIAL, data should be confidential in transit. The value of NONE indicates that there is not transport guarantee. - - Transport guarantee - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A login configuration attribute is used to configure the authentication method and realm name, and takes effect only for the EJB-based web services in a JAR file. If the same attribute is specified in the deployment descriptor file, the value from the deployment descriptor is used. - - Login - - - - - - The form login configuration element specifies the login and error pages that should be used in form based login. If form based authentication is not used, these elements are ignored. - - Form Login - - - - - - - The authorization method is used to configure the authentication mechanism for a web application. - - Authorization method - - - - - - The realm name element specifies the realm name to use in HTTP Basic authorization - - Realm name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - HTTP publishing is used to specify the publishing configurations when using HTTP protocol for all the web services endpoints. - - HTTP Publishing - - - - - - The web service security element is used to configure role-based authorization for POJO web services and EJB-based web services. - - Web Service Security - - - - - - - The context root attribute is used to specify the context root of the EJB module in an EJB-based JAX-WS application. - - Context root - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The authorization constraint element is used to specify the user roles that should be permitted access a resource collection. - - Authorization Constraint - - - - - - The role name for an authorization constraint should correspond with the role name of a security role defined in the deployment descriptor. - - Role name - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The form login configuration element specifies the login and error pages that should be used in form based login. If form based authentication is not used, these elements are ignored. - - Form Login - - - - - - - - The form login page element defines the location in the web app where the page that can be used for login can be found. The path begins with a leading / and is interpreted relative to the root of the WAR. - - Form login page - - - - - - The form-error-page element defines the location in the web app where the error page that is displayed when login is not successful can be found. The path begins with a leading / and is interpreted relative to the root of the WAR. - - Form error page - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The web resource collection element is used to identify resources for a security constraint. - - Web Resource Collection - - - - - - A URL pattern is used to identify a set of resources in a web resource collection. - - URL pattern - - - - - - Specifies the HTTP method to which a security constraint applies - - HTTP method - - - - - - Specifies an HTTP method to which a security constraint should not apply - - HTTP method omission - - - - - - - The name of a web resource collection - - Web resource name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Web service bindings are used to customize web services endpoints and configure security settings for both web services providers and web service clients. - - Web Service Bindings - - - - - - A web service endpoint is used to specify the binding for a specified service instance. - - Web Service Endpoint - - - - - - Web service endpoint properties are used to define the default properties for all the web services endpoints in the same module. - - Web Service Endpoint Properties - - - - - - HTTP publishing is used to specify the publishing configurations when using HTTP protocol for all the web services endpoints. - - HTTP Publishing - - - - - - The service reference element is used to define the web services reference configurations for a web services client. - - Service Reference - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A web service endpoint is used to specify the binding for a specified service instance. - - Web Service Endpoint - - - - - - - - The port component name is used to specify the name of a port component. - - Port component - - - - - - Address is used to specify the overridden address of a service endpoint. - - Address - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The service reference element is used to define the web services reference configurations for a web services client. - - Service Reference - - - - - - The port element is used to define port configurations that are associated with the web services reference. - - Port - - - - - - The properties element is used to define the properties for a web services endpoint or client. The attributes can have any name and any value. - - Properties - - - - - - - The port address attribute is used to specify the address of the web services port if the referenced web services has only one port. - - Port address - - - - - - The name attribute is used to specify the name of a web services reference. - - Name - - - - - - The component name attribute is used to specify the EJB bean name if the service reference is used in an EJB module. - - Component name - - - - - - The WSDL location attribute is used to specify the URL of a WSDL location to be overridden. - - WSDL location - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for the Informix JDBC driver. - - Informix JDBC Driver Properties - - Additional properties for more advanced usage. - Properties for the Informix JDBC driver's connection pool. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - JDBC driver property: ifxIFXHOST. - - Host name or IP - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: ifxCLIENT_LOCALE. - - Client locale - - - - - - - JDBC driver property: ifxCPMAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Age limit - - - - - - - JDBC driver property: ifxCPMInitPoolSize. - - Initial pool size - - - - - - - JDBC driver property: ifxCPMMaxConnections. - - Maximum connections - - - - - - - JDBC driver property: ifxCPMMaxPoolSize. - - Maximum pool size - - - - - - - JDBC driver property: ifxCPMMinAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Minimum age limit - - - - - - - JDBC driver property: ifxCPMMinPoolSize. - - Minimum pool size - - - - - - - JDBC driver property: ifxCPMServiceInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Service interval - - - - - - - JDBC driver property: ifxDBANSIWARN. - - Database ANSI warning - - - - - - - JDBC driver property: ifxDBCENTURY. - - Year expansion - - - - - - - JDBC driver property: ifxDBDATE. - - Date format - - - - - - - JDBC driver property: ifxDBSPACETEMP. - - Temporary table dbspace - - - - - - - JDBC driver property: ifxDBTEMP. - - Database temporary directory - - - - - - - JDBC driver property: ifxDBTIME. - - Database time - - - - - - - JDBC driver property: ifxDBUPSPACE. - - Update statistics sort space - - - - - - - JDBC driver property: ifxDB_LOCALE. - - Database locale - - - - - - - JDBC driver property: ifxDELIMIDENT. - - Delimited identifier - - - - - - - JDBC driver property: ifxENABLE_TYPE_CACHE. - - Enable type cache - - - - - - - JDBC driver property: ifxFET_BUF_SIZE. - - Fetch buffer size - - - - - - - JDBC driver property: ifxGL_DATE. - - DATE end-user formats - - - - - - - JDBC driver property: ifxGL_DATETIME. - - DATETIME end-user formats - - - - - - - JDBC driver property: ifxIFX_AUTOFREE. - - Enable automatic free feature - - - - - - - JDBC driver property: ifxIFX_DIRECTIVES. - - Allow directives - - - - - - - JDBC driver property: ifxIFX_LOCK_MODE_WAIT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Lock mode wait - - - - - - - JDBC driver property: ifxIFX_SOC_TIMEOUT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Socket timeout - - - - - - - JDBC driver property: ifxIFX_USEPUT. - - Enable bulk insert - - - - - - - JDBC driver property: ifxIFX_USE_STRENC. - - Use string encoding - - - - - - - JDBC driver property: ifxIFX_XASPEC. - - Tightly couple XA transactions - - - - - - - JDBC driver property: ifxINFORMIXCONRETRY. - - Maximum connection retries - - - - - - - JDBC driver property: ifxINFORMIXCONTIME. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connection retry timeout - - - - - - - JDBC driver property: ifxINFORMIXOPCACHE. - - Blobspace cache size - - - - - - - JDBC driver property: ifxINFORMIXSTACKSIZE. - - Client session stack size - - - - - - - JDBC driver property: ifxJDBCTEMP. - - LOB temporary file path - - - - - - - JDBC driver property: ifxLDAP_IFXBASE. - - Base domain name - - - - - - - JDBC driver property: ifxLDAP_PASSWD. - - LDAP password - - - - - - - JDBC driver property: ifxLDAP_URL. - - LDAP URL - - - - - - - JDBC driver property: ifxLDAP_USER. - - LDAP user - - - - - - - JDBC driver property: ifxLOBCACHE. - - Large object cache size - - - - - - - JDBC driver property: ifxNEWCODESET. - - New code set mapping - - - - - - - JDBC driver property: ifxNEWLOCALE. - - New locale mapping - - - - - - - JDBC driver property: ifxNODEFDAC. - - No default privileges - - - - - - - JDBC driver property: ifxOPTCOMPIND. - - Query optimizer method - - - - - - - JDBC driver property: ifxOPTOFC. - - Optimize ResultSet close - - - - - - - JDBC driver property: ifxOPT_GOAL. - - Optimization goal - - - - - - - JDBC driver property: ifxPATH. - - Executable program path - - - - - - - JDBC driver property: ifxPDQPRIORITY. - - Degree of parallelism - - - - - - - JDBC driver property: ifxPLCONFIG. - - Performance loader configuration file - - - - - - - JDBC driver property: ifxPLOAD_LO_PATH. - - Large object handle path - - - - - - - JDBC driver property: ifxPROTOCOLTRACE. - - Trace SQLI protocol - - - - - - - JDBC driver property: ifxPROTOCOLTRACEFILE. - - Protocol trace file path - - - - - - - JDBC driver property: ifxPROXY. - - HTTP proxy - - - - - - - JDBC driver property: ifxPSORT_DBTEMP. - - Temporary sort location - - - - - - - JDBC driver property: ifxPSORT_NPROCS. - - Sort threads - - - - - - - JDBC driver property: ifxSECURITY. - - Use 56 bit encryption - - - - - - - JDBC driver property: ifxSQLH_FILE. - - SQL host file path - - - - - - - JDBC driver property: ifxSQLH_LOC. - - SQL host location - - - - - - - JDBC driver property: ifxSQLH_TYPE. - - SQL host type - - - - - - - JDBC driver property: ifxSSLCONNECTION. - - Enable SSL - - - - - - - JDBC driver property: ifxSTMT_CACHE. - - Enable shared statement cache - - - - - - - JDBC driver property: ifxTRACE. - - JDBC trace level - - - - - - - JDBC driver property: ifxTRACEFILE. - - JDBC trace file path - - - - - - - JDBC driver property: ifxTRUSTED_CONTEXT. - - Enable trusted context - - - - - - - JDBC driver property: ifxUSEV5SERVER. - - Version five compatibility - - - - - - - JDBC driver property: ifxUSE_DTENV. - - Non-ANSI date-time support - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: roleName. - - Role name - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for the IBM DB2 for i Native JDBC driver. - - DB2 for i Native JDBC Driver Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - JDBC driver property: access. - - Access - - - - - - - - - - all - - - - - read call - - - - - read only - - - - - - - - - - JDBC driver property: autoCommit. - - Automatically commit - - - - - - - JDBC driver property: batchStyle. - - Batch style - - - - - - - - - - 2.0 - - - - - 2.1 - - - - - - - - - - JDBC driver property: behaviorOverride. - - Behavior override - - - - - - - JDBC driver property: blockSize. - - Block size - - - - - - - - - - 0 - - - - - 8 - - - - - 16 - - - - - 32 - - - - - 64 - - - - - 128 - - - - - 256 - - - - - 512 - - - - - - - - - - JDBC driver property: cursorHold. - - Cursor hold - - - - - - - JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). - - Cursor sensitivity - - - - - - - - - - asensitive - - - - - sensitive - - - - - - - - - - JDBC driver property: dataTruncation. - - Data truncation - - - - - - - JDBC driver property: dateFormat. - - Date format - - - - - - - - - - dmy - - - - - eur - - - - - mdy - - - - - iso - - - - - jis - - - - - julian - - - - - usa - - - - - ymd - - - - - - - - - - JDBC driver property: dateSeparator. - - Date separator - - - - - - - - - - The forward slash character (/). - - - - - The dash character (-). - - - - - The period character (.). - - - - - The comma character (,). - - - - - The character b - - - - - - - - - - JDBC driver property: decimalSeparator. - - Decimal separator - - - - - - - - - - The period character (.). - - - - - The comma character (,). - - - - - - - - - - JDBC driver property: directMap. - - Direct map - - - - - - - JDBC driver property: doEscapeProcessing. - - Do escape processing - - - - - - - JDBC driver property: fullErrors. - - Full errors - - - - - - - JDBC driver property: libraries. - - Libraries - - - - - - - JDBC driver property: lobThreshold. - - LOB threshold - - - - - - - - - - - - - - - - - JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Lock timeout - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: maximumPrecision. - - Maximum precision - - - - - - - - - - 31 - - - - - 63 - - - - - - - - - - JDBC driver property: maximumScale. - - Maximum scale - - - - - - - - - - - - - - - - - - - JDBC driver property: minimumDivideScale. - - Minimum divide scale - - - - - - - - - - - - - - - - - - - JDBC driver property: networkProtocol. - - Network protocol - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - Port on which to obtain database connections. - - Port number - - - - - - - JDBC driver property: prefetch. - - Prefetch - - - - - - - JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO). - - Query optimize goal - - - - - - - - - - *FIRSTIO - - - - - *ALLIO - - - - - - - - - - JDBC driver property: reuseObjects. - - Reuse objects - - - - - - - Server where the database is running. - - Server name - - - - - - - JDBC driver property: serverTraceCategories. - - Server trace categories - - - - - - - JDBC driver property: systemNaming. - - System naming - - - - - - - JDBC driver property: timeFormat. - - Time format - - - - - - - - - - eur - - - - - hms - - - - - iso - - - - - jis - - - - - usa - - - - - - - - - - JDBC driver property: timeSeparator. - - Time separator - - - - - - - - - - The colon character (:). - - - - - The period character (.). - - - - - The comma character (,). - - - - - The character b - - - - - - - - - - JDBC driver property: trace. - - Trace - - - - - - - JDBC driver property: transactionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Transaction timeout - - - - - - - JDBC driver property: translateBinary. - - Translate binary - - - - - - - JDBC driver property: translateHex. - - Translate hexadecimal - - - - - - - - - - binary - - - - - character - - - - - - - - - - JDBC driver property: useBlockInsert. - - Use block insert - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for Oracle Universal Connection Pooling. - - Oracle UCP Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: connectionFactoryClassName. - - Connection factory class name - - - - - - - - - oracle.jdbc.pool.OracleDataSource - - - - - oracle.jdbc.pool.OracleConnectionPoolDataSource - - - - - oracle.jdbc.xa.client.OracleXADataSource - - - - - - - - - - JDBC driver property: connectionPoolName. - - Connection pool name - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: URL. URL for connecting to the database. If a URL is configured, the Oracle JDBC driver ignores individual connection properties such as serverName and driverType. Oracle JDBC driver updates might impact this behavior. Examples: jdbc:oracle:thin:@//localhost:1521/sample or jdbc:oracle:oci:@//localhost:1521/sample. - - URL - - - - - - JDBC driver property: abandonedConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Abandoned connection timeout - - - - - - - JDBC driver property: connectionFactoryProperties. - - Connection factory properties - - - - - - - JDBC driver property: connectionHarvestMaxCount. - - Connection harvest maximum count - - - - - - - JDBC driver property: connectionHarvestTriggerCount. - - Connection harvest trigger count - - - - - - - JDBC driver property: connectionProperties. Encrypted values can be configured for the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword SSL properties by using the same process that is used for other data source passwords. - - Connection properties - - - - - - - JDBC driver property: connectionWaitTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connection wait timeout - - - - - - - JDBC driver property: fastConnectionFailoverEnabled. - - Fast connection failover enabled - - - - - - - JDBC driver property: initialPoolSize. - - Initial pool size - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: maxConnectionReuseCount. - - Maximum connection reuse count - - - - - - - JDBC driver property: maxConnectionReuseTime. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Maximum connection reuse time - - - - - - - JDBC driver property: maxConnectionsPerShard. - - Maximum connections per shard - - - - - - - JDBC driver property: maxIdleTime. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Maximum idle time - - - - - - - JDBC driver property: maxPoolSize. - - Maximum pool size - - - - - - - JDBC driver property: maxStatements. - - Maximum statements - - - - - - - JDBC driver property: minPoolSize. - - Minimum pool size - - - - - - - JDBC driver property: networkProtocol. - - Network protocol - - - - - - - JDBC driver property: ONSConfiguration. - - ONS configuration - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: roleName. - - Role name - - - - - - - JDBC driver property: SQLForValidateConnection. - - SQL for validate connection - - - - - - - JDBC driver property: secondsToTrustIdleConnection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Seconds to trust idle connection - - - - - - - JDBC driver property: timeoutCheckInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Timeout check interval - - - - - - - JDBC driver property: timeToLiveConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Time to live connection timeout - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - JDBC driver property: validateConnectionOnBorrow. - - Validate connection on borrow - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for Derby Embedded JDBC driver. - - Derby Embedded Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: createDatabase. - - Create database - - - - - - - - - When the first connection is established, automatically create the database if it doesn't exist. - - - - - Do not automatically create the database. - - - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - JDBC driver property: connectionAttributes. - - Connection attributes - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: shutdownDatabase. - - Shutdown database - - - - - - - - - - Shut down the database when a connection is attempted. - - - - - Do not shut down the database. - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Identify a specific SQL error code or SQL state on a SQLException. This enables the server to take appropriate action based on the error condition. For example, closing a stale connection instead of returning it to the connection pool. - - Identify Exception - - - - - - - - Identifies the error condition that the SQL error code or SQL state represents. Allowed values are: None, StaleConnection, StaleStatement, Unsupported. None removes the identification of the exception. StaleConnection causes connections to be evicted from the connection pool per the purge policy. StaleStatement causes statements to be evicted from the statement cache. Unsupported indicates an operation that is not supported by the JDBC driver. - - Identify exception as - - - - - - A string that follows either the XOPEN SQL state conventions or the SQL:2003 conventions. - - SQL state - - - - - - An error code specific to the backend database. Normally, this is the actual error code that is returned by the underlying database. - - SQL error code - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - List of JDBC vendor properties for the data source. For example, databaseName="dbname" serverName="localhost" portNumber="50000". Use this generic properties list when no vendor-specific properties list type is available for your JDBC driver. Do not specify multiple properties elements under a data source. Instead, place all property name-value pairs on a single properties or properties.{JDBC_VENDOR_TYPE} element. - - Generic JDBC Driver Properties - - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - URL for connecting to the database. - - URL - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for Microsoft SQL Server JDBC Driver. - - Microsoft SQL Server JDBC Driver Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - JDBC driver property: instanceName. - - Instance name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: accessToken. - - Access token - - - - - - - JDBC driver property: applicationIntent. - - Application intent - - - - - - - - - - ReadOnly - - - - - ReadWrite - - - - - - - - - - JDBC driver property: applicationName. - - Application name - - - - - - - JDBC driver property: authentication. - - Authentication - - - - - - - - - - ActiveDirectoryMSI - - - - - ActiveDirectoryIntegrated - - - - - ActiveDirectoryPassword - - - - - SqlPassword - - - - - NotSpecified - - - - - - - - - - JDBC driver property: authenticationScheme. - - Authentication scheme - - - - - - - - - - JavaKerberos - - - - - NativeAuthentication - - - - - NTLM - - - - - - - - - - JDBC driver property: columnEncryptionSetting. - - Column encryption - - - - - - - - - - Disabled - - - - - Enabled - - - - - - - - - - JDBC driver property: encrypt. - - Encrypt - - - - - - - JDBC driver property: failoverPartner. - - Failover partner - - - - - - - JDBC driver property: hostNameInCertificate. - - Host name in certificate - - - - - - - JDBC driver property: integratedSecurity. - - Integrated security - - - - - - - JDBC driver property: keyStoreAuthentication. - - Key store authentication - - - - - - - - - - JavaKeyStorePassword - - - - - - - - - - JDBC driver property: keyStoreLocation. - - Key store location - - - - - - - JDBC driver property: keyStoreSecret. - - Key store secret - - - - - - - JDBC driver property: lastUpdateCount. - - Last update count - - - - - - - JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Lock timeout - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: multiSubnetFailover. - - Multiple subnet failover - - - - - - - JDBC driver property: packetSize. - - Packet size - - - - - - - - - - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: responseBuffering. - - Response buffering - - - - - - - - - - adaptive - - - - - full - - - - - - - - - - JDBC driver property: selectMethod. - - Select method - - - - - - - - - - cursor - - - - - direct - - - - - - - - - - JDBC driver property: sendStringParametersAsUnicode. - - Send string parameters as unicode - - - - - - - JDBC driver property: sendTimeAsDatetime. - - Send time as datetime - - - - - - - JDBC driver property: serverNameAsACE. - - Server name as ASCII compatible encoding - - - - - - - JDBC driver property: serverSpn. - - Server SPN - - - - - - - JDBC driver property: transparentNetworkIPResolution. - - Transparent network IP resolution - - - - - - - JDBC driver property: trustServerCertificate. - - Trust server certificate - - - - - - - JDBC driver property: trustStore. - - Trust store - - - - - - - JDBC driver property: trustStorePassword. - - Trust store password - - - - - - - URL for connecting to the database. Example: jdbc:sqlserver://localhost:1433;databaseName=myDB. - - URL - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - JDBC driver property: workstationID. - - Workstation ID - - - - - - - JDBC driver property: xopenStates. - - X/Open compliant SQL states - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for Oracle JDBC driver. - - Oracle Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: driverType. - - Driver type - - - - - - - - - thin - - - - - oci - - - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: URL. URL for connecting to the database. If a URL is configured, the Oracle JDBC driver ignores individual connection properties such as serverName and driverType. Oracle JDBC driver updates might impact this behavior. Examples: jdbc:oracle:thin:@//localhost:1521/sample or jdbc:oracle:oci:@//localhost:1521/sample. - - URL - - - - - - JDBC driver property: connectionProperties. Encrypted values can be configured for the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword SSL properties by using the same process that is used for other data source passwords. - - Connection properties - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: networkProtocol. - - Network protocol - - - - - - - JDBC driver property: ONSConfiguration. - - ONS configuration - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: roleName. - - Role name - - - - - - - JDBC driver property: serviceName. - - Service name - - - - - - - JDBC driver property: TNSEntryName. - - TNS entry name - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for Derby Network Client JDBC driver. - - Derby Network Client Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: createDatabase. - - Create database - - - - - - - - - When the first connection is established, automatically create the database if it doesn't exist. - - - - - Do not automatically create the database. - - - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: connectionAttributes. - - Connection attributes - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: retrieveMessageText. - - Retrieve message text - - - - - - - JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 8 (STRONG_PASSWORD_SUBSTITUTE_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). - - Security mechanism - - - - - - - - - - CLEAR_TEXT_PASSWORD_SECURITY - - - - - USER_ONLY_SECURITY - - - - - ENCRYPTED_PASSWORD_SECURITY - - - - - STRONG_PASSWORD_SUBSTITUTE_SECURITY - - - - - ENCRYPTED_USER_AND_PASSWORD_SECURITY - - - - - - - - - - JDBC driver property: shutdownDatabase. - - Shutdown database - - - - - - - - - - Shut down the database when a connection is attempted. - - - - - Do not shut down the database. - - - - - - - - - - JDBC driver property: ssl. - - SSL - - - - - - - - - - basic - - - - - peerAuthentication - - - - - off - - - - - - - - - - JDBC driver property: traceDirectory. - - Trace directory - - - - - - - JDBC driver property: traceFile. - - Trace file - - - - - - - JDBC driver property: traceFileAppend. - - Trace file append - - - - - - - Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_XA_CALLS=2048, TRACE_ALL=-1. - - Trace level - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for the DataDirect Connect for JDBC driver for Microsoft SQL Server. - - DataDirect Connect for JDBC (sqlserver) Properties - - Additional properties for more advanced usage. - Failover properties for the DataDirect Connect for JDBC driver. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: accountingInfo. - - Accounting information - - - - - - - JDBC driver property: alternateServers. - - Alternate servers - - - - - - - JDBC driver property: alwaysReportTriggerResults. - - Always report trigger results - - - - - - - JDBC driver property: applicationName. - - Application name - - - - - - - JDBC driver property: authenticationMethod. - - Authentication method - - - - - - - - - - auto - - - - - kerberos - - - - - ntlm - - - - - userIdPassword - - - - - - - - - - JDBC driver property: bulkLoadBatchSize. - - Bulk load batch size - - - - - - - JDBC driver property: bulkLoadOptions. - - Bulk load options - - - - - - - JDBC driver property: clientHostName. - - Client host name - - - - - - - JDBC driver property: clientUser. - - Client user - - - - - - - JDBC driver property: codePageOverride. - - Code page override - - - - - - - JDBC driver property: connectionRetryCount. - - Connection retry count - - - - - - - JDBC driver property: connectionRetryDelay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connection retry delay - - - - - - - JDBC driver property: convertNull. - - Convert null values - - - - - - - JDBC driver property: dateTimeInputParameterType. - - Date time input parameter type - - - - - - - - - - auto - - - - - dateTime - - - - - dateTimeOffset - - - - - - - - - - JDBC driver property: dateTimeOutputParameterType. - - Date time output parameter type - - - - - - - - - - auto - - - - - dateTime - - - - - dateTimeOffset - - - - - - - - - - JDBC driver property: describeInputParameters. - - Describe input parameters - - - - - - - - - - describeAll - - - - - describeIfDateTime - - - - - describeIfString - - - - - noDescribe - - - - - - - - - - JDBC driver property: describeOutputParameters. - - Describe output parameters - - - - - - - - - - describeAll - - - - - describeIfDateTime - - - - - describeIfString - - - - - noDescribe - - - - - - - - - - JDBC driver property: enableBulkLoad. - - Enable bulk load - - - - - - - JDBC driver property: enableCancelTimeout. - - Enable cancel timeout - - - - - - - JDBC driver property: encryptionMethod. - - Encryption method - - - - - - - - - - noEncryption - - - - - loginSSL - - - - - requestSSL - - - - - SSL - - - - - - - - - - JDBC driver property: failoverGranularity. - - Failover granularity - - - - - - - - - - atomic - - - - - atomicWithRepositioning - - - - - disableIntegrityCheck - - - - - nonAtomic - - - - - - - - - - JDBC driver property: failoverMode. - - Failover mode - - - - - - - - - - connect - - - - - extended - - - - - select - - - - - - - - - - JDBC driver property: failoverPreconnect. - - Failover preconnect - - - - - - - JDBC driver property: hostNameInCertificate. - - Host name in certificate - - - - - - - JDBC driver property: initializationString. - - Initialization string - - - - - - - JDBC driver property: insensitiveResultSetBufferSize. - - Insensitive result set buffer size - - - - - - - JDBC driver property: javaDoubleToString. - - Java double to string conversion algorithm - - - - - - - JDBC driver property: JDBCBehavior. Values are: 0 (JDBC 4.0) or 1 (JDBC 3.0). - - JDBC behavior - - - - - - - - - - JDBC 4.0 - - - - - JDBC 3.0 - - - - - - - - - - JDBC driver property: loadBalancing. - - Load balancing - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: longDataCacheSize. - - Long data cache size - - - - - - - - - - - - - - - - - JDBC driver property: netAddress. - - Net address - - - - - - - JDBC driver property: packetSize. - - Packet size - - - - - - - - - - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: queryTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Query timeout - - - - - - - JDBC driver property: resultsetMetaDataOptions. - - Resultset meta data options - - - - - - - JDBC driver property: selectMethod. - - Select method - - - - - - - - - - cursor - - - - - direct - - - - - - - - - - JDBC driver property: snapshotSerializable. - - Snapshot serializable - - - - - - - JDBC driver property: spyAttributes. - - Spy attributes - - - - - - - JDBC driver property: stringInputParameterType. - - String input parameter type - - - - - - - - - - nvarchar - - - - - varchar - - - - - - - - - - JDBC driver property: stringOutputParameterType. - - String output parameter type - - - - - - - - - - nvarchar - - - - - varchar - - - - - - - - - - JDBC driver property: suppressConnectionWarnings. - - Suppress connection warnings - - - - - - - JDBC driver property: transactionMode. - - Transaction mode - - - - - - - - - - explicit - - - - - implicit - - - - - - - - - - JDBC driver property: truncateFractionalSeconds. - - Truncate fractional seconds - - - - - - - JDBC driver property: trustStore. - - Trust store - - - - - - - JDBC driver property: trustStorePassword. - - Trust store password - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - JDBC driver property: useServerSideUpdatableCursors. - - Use server side updatable cursors - - - - - - - JDBC driver property: validateServerCertificate. - - Validate server certificate - - - - - - - JDBC driver property: XATransactionGroup. - - XA transaction group - - - - - - - JDBC driver property: XMLDescribeType. - - XML describe type - - - - - - - - - - longvarbinary - - - - - longvarchar - - - - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Identifies a JDBC driver. - - JDBC Driver - Additional properties for more advanced usage. - - - - - - Identifies JDBC driver JARs and native files. - - Shared Library - - - - - - - Identifies JDBC driver JARs and native files. - - Shared library reference - library - - - - - - JDBC driver implementation of javax.sql.XADataSource. - - XADataSource class - - - - - - - JDBC driver implementation of javax.sql.ConnectionPoolDataSource. - - ConnectionPoolDataSource implementation class - - - - - - - JDBC driver implementation of javax.sql.DataSource. - - DataSource implementation class - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for the IBM Data Server Driver for JDBC and SQLJ for Informix. - - Informix JCC Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Current lock timeout - - - - - - - JDBC driver property: DBANSIWARN. - - Database ANSI warning - - - - - - - JDBC driver property: DBDATE. - - Database date - - - - - - - JDBC driver property: DBPATH. - - Database path - - - - - - - JDBC driver property: DBSPACETEMP. - - Database temporary space - - - - - - - JDBC driver property: DBTEMP. - - Database temporary directory - - - - - - - JDBC driver property: DBUPSPACE. - - Database update statistics space - - - - - - - JDBC driver property: DELIMIDENT. - - Delimited identifier - - - - - - - JDBC driver property: deferPrepares. - - Defer prepares - - - - - - - JDBC driver property: driverType. - - Driver type - - - - - - - JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO). - - Enable named parameter markers - - - - - - - JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO). - - Enable seamless failover - - - - - - - JDBC driver property: enableSysplexWLB. - - Enable sysplex WLB - - - - - - - JDBC driver property: fetchSize. - - Fetch size - - - - - - - JDBC driver property: fullyMaterializeLobData. - - Fully materialize LOB data - - - - - - - JDBC driver property: IFX_DIRECTIVES. - - Allow directives - - - - - - - - - - ON - - - - - OFF - - - - - - - - - - JDBC driver property: IFX_EXTDIRECTIVES. - - Allow external directives - - - - - - - - - - ON - - - - - OFF - - - - - - - - - - JDBC driver property: IFX_UPDDESC. - - Update describe - - - - - - - JDBC driver property: IFX_XASTDCOMPLIANCE_XAEND. - - Override XA compliance - - - - - - - - - - 0 - - - - - 1 - - - - - - - - - - JDBC driver property: INFORMIXOPCACHE. - - Blobspace cache size - - - - - - - JDBC driver property: INFORMIXSTACKSIZE. - - Client session stack size - - - - - - - JDBC driver property: keepDynamic. - - Keep dynamic - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: NODEFDAC. - - NODEFDAC - - - - - - - - - - yes - - - - - no - - - - - - - - - - JDBC driver property: OPTCOMPIND. - - OPTCOMPIND - - - - - - - - - - 0 - - - - - 1 - - - - - 2 - - - - - - - - - - JDBC driver property: OPTOFC. - - Optimize open-fetch-close - - - - - - - - - - 0 - - - - - 1 - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: PDQPRIORITY. - - PDQ priority - - - - - - - - - - HIGH - - - - - LOW - - - - - OFF - - - - - - - - - - JDBC driver property: progressiveStreaming. Values are: 1 (YES) or 2 (NO). - - Progressive streaming - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: PSORT_DBTEMP. - - Temporary sort location - - - - - - - JDBC driver property: PSORT_NPROCS. - - Number of sort threads - - - - - - - - - - - - - - - - - JDBC driver property: queryDataSize. - - Query data size - - - - - - - - - - - - - - - - - - - JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). - - Result set holdability - - - - - - - - - - HOLD_CURSORS_OVER_COMMIT - - - - - CLOSE_CURSORS_AT_COMMIT - - - - - - - - - - JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). - - Result set holdability for catalog queries - - - - - - - - - - HOLD_CURSORS_OVER_COMMIT - - - - - CLOSE_CURSORS_AT_COMMIT - - - - - - - - - - JDBC driver property: retrieveMessagesFromServerOnGetMessage. - - Retrieve messages from server on get message - - - - - - - JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). - - Security mechanism - - - - - - - - - - CLEAR_TEXT_PASSWORD_SECURITY - - - - - USER_ONLY_SECURITY - - - - - ENCRYPTED_PASSWORD_SECURITY - - - - - ENCRYPTED_USER_AND_PASSWORD_SECURITY - - - - - - - - - - JDBC driver property: STMT_CACHE. - - Statement cache - - - - - - - - - - 0 - - - - - 1 - - - - - - - - - - JDBC driver property: traceDirectory. - - Trace directory - - - - - - - JDBC driver property: traceFile. - - Trace file - - - - - - - JDBC driver property: traceFileAppend. - - Trace file append - - - - - - - Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1. - - Trace level - - - - - - - JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO). - - Use JDBC 4 column name and label semantics - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for the IBM Data Server Driver for JDBC and SQLJ for DB2. - - DB2 JCC Properties - - Additional properties for more advanced usage. - Properties to enable and configure the Automatic Client Reroute feature for the DB2 JDBC driver's connection. - - - - - - - - JDBC driver property: driverType. - - Driver type - - - - - - - - - Type 2 JDBC driver. - - - - - Type 4 JDBC driver. - - - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: accessToken. - - Access token - - - - - - - JDBC driver property: accountingInterval. - - Accounting interval - - - - - - - JDBC driver property: activateDatabase. - - Activate database - - - - - - - JDBC driver property: affinityFailbackInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Affinity failback interval - - - - - - - JDBC driver property: allowNextOnExhaustedResultSet. - - Allow next on exhausted result - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: allowNullResultSetForExecuteQuery. - - Allow null result for executeQuery - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: alternateGroupDatabaseName. - - Alternate group database name - - - - - - - JDBC driver property: alternateGroupPortNumber. - - Alternate group port number - - - - - - - JDBC driver property: alternateGroupServerName. - - Alternate group server name - - - - - - - JDBC driver property: apiKey. - - API key - - - - - - - JDBC driver property: atomicMultiRowInsert. - - Atomic multi-row insert - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: blockingReadConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Blocking read connection timeout - - - - - - - JDBC driver property: charOutputSize. - - Character output size - - - - - - - JDBC driver property: clientApplcompat. - - Client application compatibility - - - - - - - JDBC driver property: clientAccountingInformation. - - Client accounting information - - - - - - - JDBC driver property: clientApplicationInformation. - - Client application information - - - - - - - JDBC driver property: clientBidiStringType. - - Client bidirectional string type - - - - - - - - - - BIDI_ST4 - - - - - BIDI_ST5 - - - - - BIDI_ST6 - - - - - BIDI_ST7 - - - - - BIDI_ST8 - - - - - BIDI_ST9 - - - - - BIDI_ST10 - - - - - BIDI_ST11 - - - - - - - - - - JDBC driver property: clientDebugInfo. - - Client debug information - - - - - - - - - - - - - - - - - JDBC driver property: clientProgramId. - - Client program ID - - - - - - - - - - - - - - - - - JDBC driver property: clientProgramName. - - Client program name - - - - - - - - - - - - - - - - - JDBC driver property: clientRerouteAlternatePortNumber. - - Client reroute alternate port number - - - - - - - JDBC driver property: clientRerouteAlternateServerName. - - Client reroute alternate server name - - - - - - - JDBC driver property: clientUser. - - Client user - - - - - - - JDBC driver property: clientWorkstation. - - Client workstation - - - - - - - JDBC driver property: commandTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Command timeout - - - - - - - JDBC driver property: concurrentAccessResolution. - - Concurrent access resolution - - - - - - - - - - CONCURRENTACCESS_USE_CURRENTLY_COMMITTED - - - - - CONCURRENTACCESS_WAIT_FOR_OUTCOME - - - - - - - - - - JDBC driver property: connectionCloseWithInFlightTransaction. - - Connection close with in-flight transaction - - - - - - - - - - CONNECTION_CLOSE_WITH_EXCEPTION - - - - - CONNECTION_CLOSE_WITH_ROLLBACK - - - - - - - - - - JDBC driver property: connectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connection timeout - - - - - - - JDBC driver property: connectNode. - - Connect node - - - - - - - - - - - - - - - - - - - JDBC driver property: currentAlternateGroupEntry. - - Current alternate group entry - - - - - - - JDBC driver property: currentDegree. - - Current degree - - - - - - - JDBC driver property: currentExplainMode. - - Current explain mode - - - - - - - - - - - - - - - - - JDBC driver property: currentExplainSnapshot. - - Current explain snapshot - - - - - - - - - - - - - - - - - JDBC driver property: currentFunctionPath. - - Current function path - - - - - - - JDBC driver property: currentLocaleLcCtype. - - Current locale (LC_CTYPE) - - - - - - - JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Current lock timeout - - - - - - - JDBC driver property: currentMaintainedTableTypesForOptimization. - - Current maintained table types for optimization - - - - - - - - - - ALL - - - - - NONE - - - - - SYSTEM - - - - - USER - - - - - - - - - - JDBC driver property: currentPackagePath. - - Current package path - - - - - - - JDBC driver property: currentPackageSet. - - Current package set - - - - - - - JDBC driver property: currentQueryOptimization. - - Current query optimization - - - - - - - - - - 0 - - - - - 1 - - - - - 2 - - - - - 3 - - - - - 5 - - - - - 7 - - - - - 9 - - - - - - - - - - JDBC driver property: currentSQLID. - - Current SQLID - - - - - - - JDBC driver property: currentSchema. - - Current schema - - - - - - - JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). - - Cursor sensitivity - - - - - - - - - - TYPE_SCROLL_SENSITIVE_STATIC - - - - - TYPE_SCROLL_SENSITIVE_DYNAMIC - - - - - TYPE_SCROLL_ASENSITIVE - - - - - - - - - - JDBC driver property: dateFormat. - - Date format - - - - - - - - - - ISO - - - - - USA - - - - - EUR - - - - - JIS - - - - - - - - - - JDBC driver property: decimalRoundingMode. - - Decimal rounding mode - - - - - - - - - - ROUND_DOWN - - - - - ROUND_CEILING - - - - - ROUND_HALF_EVEN - - - - - ROUND_HALF_UP - - - - - ROUND_FLOOR - - - - - - - - - - JDBC driver property: decimalSeparator. - - Decimal separator - - - - - - - - - - DECIMAL_SEPARATOR_PERIOD - - - - - DECIMAL_SEPARATOR_COMMA - - - - - - - - - - JDBC driver property: decimalStringFormat. - - Decimal string format - - - - - - - - - - DECIMAL_STRING_FORMAT_TO_STRING - - - - - DECIMAL_STRING_FORMAT_TO_PLAIN_STRING - - - - - - - - - - JDBC driver property: deferPrepares. - - Defer prepares - - - - - - - JDBC driver property: downgradeHoldCursorsUnderXa. - - Downgrade cursor holdability under XA - - - - - - - JDBC driver property: enableAlternateGroupSeamlessACR. - - Enable alternate group seamless ACR - - - - - - - JDBC driver property: enableBidiLayoutTransformation. - - Enable bidirectional layout transformation - - - - - - - JDBC driver property: enableClientAffinitiesList. Values are: 1 (YES) or 2 (NO). - - Enable client affinities list - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableConnectionConcentrator. - - Enable connection concentrator - - - - - - - JDBC driver property: enableExtendedDescribe. - - Enable extended describe - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableExtendedIndicators. - - Enable extended indicators - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableMultiRowInsertSupport. - - Enable multi-row insert support - - - - - - - JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO). - - Enable named parameter markers - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableRowsetSupport. - - Enable rowset support - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO). - - Enable seamless failover - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableSysplexWLB. - - Enable sysplex WLB - - - - - - - JDBC driver property: enableT2zosLBF. - - Enable type 2 z/OS limited block fetch - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableT2zosLBFSPResultSets. - - Enable z/OS limited block fetch proc results - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: enableXACleanTransaction. - - Enable XA clean transaction - - - - - - - JDBC driver property: encryptionAlgorithm. - - Encryption algorithm - - - - - - - - - - 1 - - - - - 2 - - - - - - - - - - JDBC driver property: extendedTableInfo. - - Extended table information - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: fetchSize. - - Fetch size - - - - - - - JDBC driver property: fullyMaterializeInputStreams. - - Fully materialize input streams - - - - - - - JDBC driver property: fullyMaterializeInputStreamsOnBatchExecution. - - Fully read input streams on batch execution - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: fullyMaterializeLobData. - - Fully materialize LOB data - - - - - - - JDBC driver property: implicitRollbackOption. - - Implicit rollback option - - - - - - - - - - IMPLICIT_ROLLBACK_OPTION_NOT_SET - - - - - IMPLICIT_ROLLBACK_OPTION_NOT_CLOSE_CONNECTION - - - - - IMPLICIT_ROLLBACK_OPTION_CLOSE_CONNECTION - - - - - - - - - - JDBC driver property: interruptProcessingMode. - - Interrupt processing mode - - - - - - - - - - INTERRUPT_PROCESSING_MODE_DISABLED - - - - - INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL - - - - - INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET - - - - - - - - - - JDBC driver property: jdbcCollection. - - JDBC collection - - - - - - - JDBC driver property: keepAliveTimeOut. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Keep alive timeout - - - - - - - JDBC driver property: keepDynamic. - - Keep dynamic - - - - - - - JDBC driver property: kerberosServerPrincipal. - - Kerberos server principal - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: maxConnCachedParamBufferSize. - - Maximum connection cached parameters buffer size - - - - - - - JDBC driver property: maxRetriesForClientReroute. - - Maximum retries for client reroute - - - - - - - JDBC driver property: maxRowsetSize. - - Maximum rowset size - - - - - - - JDBC driver property: maxTransportObjects. - - Maximum transport objects - - - - - - - JDBC driver property: memberConnectTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Member connect timeout - - - - - - - JDBC driver property: optimizationProfile. - - Optimization profile - - - - - - - JDBC driver property: optimizationProfileToFlush. - - Optimization profile to flush - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: pkList. - - Package list - - - - - - - JDBC driver property: profileName. - - Profile name - - - - - - - JDBC driver property: progressiveStreaming. Values are: 1 (YES) or 2 (NO). - - Progressive streaming - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: queryCloseImplicit. Values are: 1 (QUERY_CLOSE_IMPLICIT_YES) or 2 (QUERY_CLOSE_IMPLICIT_NO). - - Query close implicit - - - - - - - - - - QUERY_CLOSE_IMPLICIT_YES - - - - - QUERY_CLOSE_IMPLICIT_NO - - - - - - - - - - JDBC driver property: queryDataSize. - - Query data size - - - - - - - - - - - - - - - - - - - JDBC driver property: queryTimeoutInterruptProcessingMode. - - Query timeout interrupt processing mode - - - - - - - - - - INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL - - - - - INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET - - - - - - - - - - JDBC driver property: readOnly. - - Read only - - - - - - - JDBC driver property: recordTemporalHistory. - - Record temporal history - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: reportLongTypes. - - Report long types - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). - - Result set holdability - - - - - - - - - - HOLD_CURSORS_OVER_COMMIT - - - - - CLOSE_CURSORS_AT_COMMIT - - - - - - - - - - JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). - - Result set holdability for catalog queries - - - - - - - - - - HOLD_CURSORS_OVER_COMMIT - - - - - CLOSE_CURSORS_AT_COMMIT - - - - - - - - - - JDBC driver property: retrieveMessagesFromServerOnGetMessage. - - Retrieve messages from server on get message - - - - - - - JDBC driver property: retryIntervalForClientReroute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Retry interval for client reroute - - - - - - - JDBC driver property: retryWithAlternativeSecurityMechanism. - - Retry with alternative security mechanism - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: returnAlias. - - Return alias - - - - - - - - - - 1 - - - - - 2 - - - - - - - - - - JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), 11 (KERBEROS_SECURITY), 12 (ENCRYPTED_USER_AND_DATA_SECURITY), 13 (ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY), 15 (PLUGIN_SECURITY), 16 (ENCRYPTED_USER_ONLY_SECURITY), 18 (TLS_CLIENT_CERTIFICATE_SECURITY). - - Security mechanism - - - - - - - - - - CLEAR_TEXT_PASSWORD_SECURITY - - - - - USER_ONLY_SECURITY - - - - - ENCRYPTED_PASSWORD_SECURITY - - - - - ENCRYPTED_USER_AND_PASSWORD_SECURITY - - - - - KERBEROS_SECURITY - - - - - ENCRYPTED_USER_AND_DATA_SECURITY - - - - - ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY - - - - - PLUGIN_SECURITY - - - - - ENCRYPTED_USER_ONLY_SECURITY - - - - - TLS_CLIENT_CERTIFICATE_SECURITY - - - - - - - - - - JDBC driver property: sendCharInputsUTF8. - - Send character input UTF-8 - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: sendDataAsIs. - - Send data as is - - - - - - - JDBC driver property: serverBidiStringType. - - Server bidirectional string type - - - - - - - - - - BIDI_ST4 - - - - - BIDI_ST5 - - - - - BIDI_ST6 - - - - - BIDI_ST7 - - - - - BIDI_ST8 - - - - - BIDI_ST9 - - - - - BIDI_ST10 - - - - - BIDI_ST11 - - - - - - - - - - JDBC driver property: sessionTimeZone. - - Session time zone - - - - - - - JDBC driver property: sqljCloseStmtsWithOpenResultSet. - - SQLJ close statements with open result set - - - - - - - JDBC driver property: sqljEnableClassLoaderSpecificProfiles. - - SQLJ enable class loader specific profiles - - - - - - - JDBC driver property: ssid. - - Subsystem ID - - - - - - - JDBC driver property: sslCertLocation. - - SSL certificate location - - - - - - - JDBC driver property: SSLCipherSuites. - - SSL cipher suites - - - - - - - JDBC driver property: sslConnection. - - SSL connection - - - - - - - JDBC driver property: sslTrustStoreLocation. - - SSL trust store location - - - - - - - JDBC driver property: sslTrustStorePassword. - - SSL trust store password - - - - - - - JDBC driver property: sslTrustStoreType. - - SSL trust store type - - - - - - - JDBC driver property: sslKeyStoreLocation. - - SSL key store location - - - - - - - JDBC driver property: sslKeyStorePassword. - - SSL key store password - - - - - - - JDBC driver property: sslKeyStoreType. - - SSL key store type - - - - - - - JDBC driver property: statementConcentrator. - - Statement concentrator - - - - - - - - - - STATEMENT_CONCENTRATOR_OFF - - - - - STATEMENT_CONCENTRATOR_WITH_LITERALS - - - - - - - - - - JDBC driver property: streamBufferSize. - - Stream buffer size - - - - - - - JDBC driver property: stripTrailingZerosForDecimalNumbers. - - Strip trailing zeros for decimal numbers - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: sysSchema. - - Sys schema - - - - - - - JDBC driver property: timeFormat. - - Time format - - - - - - - - - - ISO - - - - - USA - - - - - EUR - - - - - JIS - - - - - - - - - - JDBC driver property: timerLevelForQueryTimeOut. - - Timer level for query timeout - - - - - - - - - - QUERYTIMEOUT_DISABLED - - - - - QUERYTIMEOUT_STATEMENT_LEVEL - - - - - QUERYTIMEOUT_CONNECTION_LEVEL - - - - - - - - - - JDBC driver property: timestampFormat. - - Timestamp format - - - - - - - - - - ISO - - - - - JDBC - - - - - - - - - - JDBC driver property: timestampOutputType. - - Timestamp output type - - - - - - - - - - JDBC_TIMESTAMP - - - - - JCC_DBTIMESTAMP - - - - - - - - - - JDBC driver property: timestampPrecisionReporting. - - Timestamp precision reporting - - - - - - - - - - TIMESTAMP_JDBC_STANDARD - - - - - TIMESTAMP_ZERO_PADDING - - - - - - - - - - JDBC driver property: traceDirectory. - - Trace directory - - - - - - - JDBC driver property: traceFile. - - Trace file - - - - - - - JDBC driver property: traceFileAppend. - - Trace file append - - - - - - - JDBC driver property: traceFileCount. - - Trace file count - - - - - - - JDBC driver property: traceFileSize. - - Trace file size - - - - - - - Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1. - - Trace level - - - - - - - JDBC driver property: traceOption - - Trace option - - - - - - - - - - 0 - - - - - 1 - - - - - - - - - - JDBC driver property: translateForBitData. - - Translate for bit data - - - - - - - - - - HEX_REPRESENTATION - - - - - SERVER_ENCODING_REPRESENTATION - - - - - - - - - - JDBC driver property: updateCountForBatch. - - Update count for batch - - - - - - - - - - NO_UPDATE_COUNT - - - - - TOTAL_UPDATE_COUNT - - - - - - - - - - JDBC driver property: useCachedCursor. - - Use cached cursor - - - - - - - JDBC driver property: useIdentityValLocalForAutoGeneratedKeys. - - Use IDENTITY_VAL_LOCAL for auto generated keys - - - - - - - JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO). - - Use JDBC 4 column name and label semantics - - - - - - - - - - YES - - - - - NO - - - - - - - - - - JDBC driver property: useJDBC41DefinitionForGetColumns. - - Use JDBC 4.1 definition for get columns - - - - - - - - - - YES - - - - - NO - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - JDBC driver property: useRowsetCursor. - - Use rowset cursor - - - - - - - JDBC driver property: useTransactionRedirect. - - Use transaction redirect - - - - - - - JDBC driver property: xaNetworkOptimization. - - XA network optimization - - - - - - - JDBC driver property: xmlFormat. - - XML format - - - - - - - - - - XML_FORMAT_TEXTUAL - - - - - XML_FORMAT_BINARY - - - - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for the IBM DB2 for i Toolbox JDBC driver. - - DB2 for i Toolbox JDBC Driver Properties - - Additional properties for more advanced usage. - - - - - - - - Server where the database is running. - - Server name - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - JDBC driver property: access. - - Access - - - - - - - - - - all - - - - - read call - - - - - read only - - - - - - - - - - JDBC driver property: behaviorOverride. - - Behavior override - - - - - - - JDBC driver property: bidiImplicitReordering. - - Bidirectional implicit reordering - - - - - - - JDBC driver property: bidiNumericOrdering. - - Bidirectional numeric ordering - - - - - - - JDBC driver property: bidiStringType. - - Bidirectional string type - - - - - - - JDBC driver property: bigDecimal. - - Big decimal - - - - - - - JDBC driver property: blockCriteria. Values are: 0 (no record blocking), 1 (block if FOR FETCH ONLY is specified), 2 (block if FOR UPDATE is specified). - - Block criteria - - - - - - - - - - 0 - - - - - 1 - - - - - 2 - - - - - - - - - - JDBC driver property: blockSize. - - Block size - - - - - - - - - - 0 - - - - - 8 - - - - - 16 - - - - - 32 - - - - - 64 - - - - - 128 - - - - - 256 - - - - - 512 - - - - - - - - - - JDBC driver property: CharacterTruncation. - - Character truncation - - - - - - - - - - default - - - - - warning - - - - - none - - - - - - - - - - JDBC driver property: concurrentAccessResolution. - - Concurrent access resolution - - - - - - - - - - - - - - - - - - - JDBC driver property: cursorHold. - - Cursor hold - - - - - - - JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). - - Cursor sensitivity - - - - - - - - - - asensitive - - - - - insensitive - - - - - sensitive - - - - - - - - - - JDBC driver property: dataCompression. - - Data compression - - - - - - - JDBC driver property: dataTruncation. - - Data truncation - - - - - - - JDBC driver property: dateFormat. - - Date format - - - - - - - - - - dmy - - - - - eur - - - - - mdy - - - - - iso - - - - - jis - - - - - julian - - - - - usa - - - - - ymd - - - - - - - - - - JDBC driver property: dateSeparator. - - Date separator - - - - - - - - - - The forward slash character (/). - - - - - The dash character (-). - - - - - The period character (.). - - - - - The comma character (,). - - - - - The space character ( ). - - - - - - - - - - JDBC driver property: decfloatRoundingMode. - - Decfloat rounding mode - - - - - - - - - - half even - - - - - half up - - - - - down - - - - - ceiling - - - - - floor - - - - - half down - - - - - up - - - - - - - - - - JDBC driver property: decimalDataErrors. - - Decimal data errors - - - - - - - JDBC driver property: decimalSeparator. - - Decimal separator - - - - - - - - - - The period character (.). - - - - - The comma character (,). - - - - - - - - - - JDBC driver property: describeOption. - - Describe option - - - - - - - JDBC driver property: driver. - - Driver - - - - - - - - - - native - - - - - toolbox - - - - - - - - - - JDBC driver property: errors. - - Errors - - - - - - - - - - basic - - - - - full - - - - - - - - - - JDBC driver property: extendedDynamic. - - Extended dynamic - - - - - - - JDBC driver property: extendedMetaData. - - Extended meta data - - - - - - - JDBC driver property: fullOpen. - - Full open - - - - - - - JDBC driver property: holdInputLocators. - - Hold input locators - - - - - - - JDBC driver property: holdStatements. - - Hold statements - - - - - - - JDBC driver property: ignoreWarnings. - - Ignore warnings - - - - - - - JDBC driver property: isolationLevelSwitchingSupport. - - Isolation level switching support - - - - - - - JDBC driver property: keepAlive. - - Keep alive - - - - - - - JDBC driver property: lazyClose. - - Lazy close - - - - - - - JDBC driver property: libraries. - - Libraries - - - - - - - JDBC driver property: lobThreshold. - - LOB threshold - - - - - - - - - - - - - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: maximumPrecision. - - Maximum precision - - - - - - - - - - 31 - - - - - 64 - - - - - - - - - - JDBC driver property: maximumBlockedInputRows. - - Maximum blocked input rows - - - - - - - - - - - - - - - - - - - JDBC driver property: maximumScale. - - Maximum scale - - - - - - - - - - - - - - - - - - - JDBC driver property: metaDataSource. - - Meta data source - - - - - - - - - - - - - - - - - - - JDBC driver property: minimumDivideScale. - - Minimum divide scale - - - - - - - - - - - - - - - - - - - JDBC driver property: naming. - - Naming - - - - - - - - - - sql - - - - - system - - - - - - - - - - JDBC driver property: numericRangeError. - - Numeric range error - - - - - - - - - - default - - - - - warning - - - - - none - - - - - - - - - - JDBC driver property: package. - - Package - - - - - - - JDBC driver property: packageAdd. - - Package add - - - - - - - JDBC driver property: packageCCSID. Values are: 1200 (UCS-2) or 13488 (UTF-16). - - Package CCSID - - - - - - - - - - 1200 (UCS-2) - - - - - 13488 (UTF-16) - - - - - - - - - - JDBC driver property: packageCache. - - Package cache - - - - - - - JDBC driver property: packageCriteria. - - Package criteria - - - - - - - - - - default - - - - - select - - - - - - - - - - JDBC driver property: packageError. - - Package error - - - - - - - - - - exception - - - - - warning - - - - - none - - - - - - - - - - JDBC driver property: packageLibrary. - - Package library - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: prefetch. - - Prefetch - - - - - - - JDBC driver property: prompt. - - Prompt - - - - - - - JDBC driver property: proxyServer. - - Proxy server - - - - - - - JDBC driver property: qaqqiniLibrary. - - QAQQINI library - - - - - - - JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO). - - Query optimize goal - - - - - - - - - - - - - - - - - - - JDBC driver property: queryReplaceTruncatedParameter. - - Query replace truncated parameter - - - - - - - JDBC driver property: queryTimeoutMechanism. - - Query timeout mechanism - - - - - - - - - - qqrytimlmt - - - - - cancel - - - - - - - - - - Query storage limit - - Query storage limit - - - - - - - - - - - - - - - - - JDBC driver property: receiveBufferSize. - - Receive buffer size - - - - - - - - - - - - - - - - - JDBC driver property: remarks. - - Remarks - - - - - - - - - - sql - - - - - system - - - - - - - - - - JDBC driver property: rollbackCursorHold. - - Rollback cursor hold - - - - - - - JDBC driver property: savePasswordWhenSerialized. - - Save password when serialized - - - - - - - JDBC driver property: secondaryUrl. - - Secondary URL - - - - - - - JDBC driver property: secure. - - Secure - - - - - - - JDBC driver property: secureCurrentUser. - - Secure current user - - - - - - - JDBC driver property: sendBufferSize. - - Send buffer size - - - - - - - - - - - - - - - - - JDBC driver property: serverTraceCategories. - - Server trace categories - - - - - - - JDBC driver property: serverTrace. - - Server trace - - - - - - - JDBC driver property: soLinger. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Socket linger - - - - - - - JDBC driver property: soTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Socket timeout - - - - - - - JDBC driver property: sort. - - Sort - - - - - - - - - - hex - - - - - language - - - - - table - - - - - - - - - - JDBC driver property: sortLanguage. - - Sort language - - - - - - - JDBC driver property: sortTable. - - Sort table - - - - - - - JDBC driver property: sortWeight. - - Sort weight - - - - - - - - - - shared - - - - - unique - - - - - - - - - - JDBC driver property: tcpNoDelay. - - TCP no delay - - - - - - - JDBC driver property: threadUsed. - - Thread used - - - - - - - JDBC driver property: timeFormat. - - Time format - - - - - - - - - - eur - - - - - hms - - - - - iso - - - - - jis - - - - - usa - - - - - - - - - - JDBC driver property: timeSeparator. - - Time separator - - - - - - - - - - The colon character (:). - - - - - The period character (.). - - - - - The comma character (,). - - - - - The space character ( ). - - - - - - - - - - JDBC driver property: timestampFormat. - - Timestamp format - - - - - - - - - - iso - - - - - ibmsql - - - - - - - - - - JDBC driver property: toolboxTrace. - - Toolbox trace - - - - - - - - - - none - - - - - datastream - - - - - diagnostic - - - - - error - - - - - information - - - - - warning - - - - - conversion - - - - - proxy - - - - - pcml - - - - - jdbc - - - - - all - - - - - thread - - - - - - - - - - JDBC driver property: trace. - - Trace - - - - - - - JDBC driver property: translateBinary. - - Translate binary - - - - - - - JDBC driver property: translateBoolean. - - Translate boolean - - - - - - - JDBC driver property: translateHex. - - Translate hexadecimal - - - - - - - - - - binary - - - - - character - - - - - - - - - - JDBC driver property: trueAutoCommit. - - True auto commit - - - - - - - JDBC driver property: useBlockUpdate. - - Use block update - - - - - - - JDBC driver property: useDrdaMetadataVersion. - - Use DRDA metadata version - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - JDBC driver property: variableFieldCompression. - - Variable field compression - - - - - - - - - - true - - - - - false - - - - - insert - - - - - all - - - - - - - - - - JDBC driver property: xaLooselyCoupledSupport. - - XA loosely coupled support - - - - - - - - - - - - - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines a data source configuration. - - Data Source - Additional properties for more advanced usage. - - - - - - JDBC driver for a data source. If updated while the server is running, existing connections are destroyed. - - JDBC Driver - - - - - - Connection manager for a data source. If updated while the server is running, existing connections are destroyed. - - Connection Manager - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. If updated while the server is running, the change is applied with new connection requests; in-use connections are not impacted. - - Default Container Managed Authentication Data - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS Login Context Entry - - - - - - Identify a specific SQL error code or SQL state on a SQLException. This enables the server to take appropriate action based on the error condition. For example, closing a stale connection instead of returning it to the connection pool. - - Identify Exception - - - - - - - SQL command to execute once on each new connection that is established to the database. The SQL statement applies only to newly created connections, not to existing connections that are reused from the connection pool. If updated while the server is running, existing connections are destroyed. - - On connect - - - - - - - Authentication data for transaction recovery. - - Recovery Authentication Data - - - - - - - - Indicates that connections obtained from the data source should be castable to interface classes that the JDBC vendor connection implementation implements. Enabling this option incurs additional overhead on each getConnection operation. If vendor JDBC interfaces are needed less frequently, it might be more efficient to leave this option disabled and use Connection.unwrap(interface) only where it is needed. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - Enable connection casting - - - - - - - JNDI name for a data source. If updated while the server is running, existing connections are destroyed. - - JNDI name - - - - - - JDBC driver for a data source. If updated while the server is running, existing connections are destroyed. - - JDBC driver reference - jdbcDriver - - - - - - Connection manager for a data source. If updated while the server is running, existing connections are destroyed. - - Connection manager reference - connectionManager - - - - - - Type of data source. If updated while the server is running, existing connections are destroyed. - - Type - - - - - - - - - javax.sql.XADataSource - - - - - javax.sql.ConnectionPoolDataSource - - - - - javax.sql.DataSource - - - - - java.sql.Driver - - - - - - - - - - Specifies how connections are matched for sharing. - - Connection matching - - - - - - - - - When sharing connections, match based on the original connection request. - - - - - When sharing connections, match based on the current state of the connection. If updated while the server is running, the update is applied with each first connection handle in a transaction. - - - - - - - - - - Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. If updated while the server is running, the change is applied with new connection requests; in-use connections are not impacted. - - Default container managed authentication data - authData - - - - - - JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - JAAS login context entry reference - jaasLoginContextEntry - - - - - - Default transaction isolation level. If unspecified and the database is identified as DB2, Derby, Informix, Microsoft SQL Server or Sybase, TRANSACTION_REPEATABLE_READ is used. If unspecified for other databases, TRANSACTION_READ_COMMITTED is used. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. - - Transaction isolation level - - - - - - - - - Dirty reads, non-repeatable reads and phantom reads can occur. - - - - - Dirty reads are prevented; non-repeatable reads and phantom reads can occur. - - - - - Dirty reads and non-repeatable reads are prevented; phantom reads can occur. - - - - - Dirty reads, non-repeatable reads and phantom reads are prevented. - - - - - Snapshot isolation for Microsoft SQL Server JDBC Driver and DataDirect Connect for JDBC driver. - - - - - Indicates that the JDBC driver does not support transactions. - - - - - - - - - - Maximum number of cached statements per connection. If updated while the server is running, the statement cache is resized upon next use. To set this option, complete the following prerequisites: Review either the application code or an SQL trace that you gather from the database or database driver for all unique prepared statements. Ensure that the cache size is larger than the number of statements. - - Cached statements per connection - - - - - - - - - - - - - - - - Enable participation in transactions that are managed by the application server. If updated while the server is running, existing connections are destroyed. - - Participate in transactions - - - - - - Attempt transaction enlistment when result set scrolling interfaces are used. - - Enlist scrolling APIs - - - - - - - Attempt transaction enlistment when vendor interfaces are used. - - Enlist vendor APIs - - - - - - - Determines how to clean up connections that might be in a database unit of work (AutoCommit=false) when the connection is closed or returned to the pool. - - Commit or roll back on cleanup - - - - - - - - - - Clean up the connection by committing. - - - - - Clean up the connection by rolling back. - - - - - - - - - - Default query timeout for SQL statements. In a JTA transaction, syncQueryTimeoutWithTransactionTimeout can override this default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Query timeout - - - - - - - Authentication data for transaction recovery. - - Recovery authentication data reference - - authData - - - - - - Use the time remaining (if any) in a JTA transaction as the default query timeout for SQL statements. - - Synchronize query and transaction timeouts - - - - - - - Supplements the JDBC driver trace that is logged when JDBC driver trace is enabled in bootstrap.properties. JDBC driver trace specifications include: com.ibm.ws.database.logwriter, com.ibm.ws.db2.logwriter, com.ibm.ws.derby.logwriter, com.ibm.ws.informix.logwriter, com.ibm.ws.oracle.logwriter, com.ibm.ws.sqlserver.logwriter, com.ibm.ws.sybase.logwriter. If updated while the server is running, existing connections are destroyed. - - Supplemental JDBC trace - - - - - - - When specified, pooled connections are validated before being reused from the connection pool. The validation timeout is also used when the connection manager validates connections in response to a stale connection for PurgePolicy=ValidateAllConnections. The full amount of the validation timeout applies to each connection that is validated, which is done via the Connection.isValid(timeout) JDBC API operation. A value of 0 means that connections are validated without applying any timeout. Validation timeout requires a JDBC driver that complies with the JDBC 4.0 specification or higher. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Validation timeout - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for Sybase JDBC driver. - - Sybase Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: connectionProperties. Encrypted values can be configured for the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword SSL properties by using the same process that is used for other data source passwords. - - Connection properties - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - JDBC driver property: networkProtocol. - - Network protocol - - - - - - - - - - socket - - - - - SSL - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: resourceManagerName. - - Resource manager name - - - - - - - JDBC driver property: SERVER_INITIATED_TRANSACTIONS. - - Server initiated transactions - - - - - - - - - - true - - - - - false - - - - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - JDBC driver property: version. - - Version - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Data source properties for PostgreSQL JDBC driver. - - PostgreSQL Properties - - Additional properties for more advanced usage. - - - - - - - - JDBC driver property: databaseName. - - Database name - - - - - - Server where the database is running. - - Server name - - - - - - Port on which to obtain database connections. - - Port number - - - - - - JDBC driver property: applicationName. - - Application name - - - - - - - JDBC driver property: cancelSignalTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Cancel signal timeout - - - - - - - JDBC driver property: connectTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connect timeout - - - - - - - JDBC driver property: currentSchema. - - Current schema - - - - - - - JDBC driver property: defaultRowFetchSize. - - Default row fetch size - - - - - - - - - - - - - - - - - JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Login timeout - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - - JDBC driver property: preparedStatementCacheQueries. - - Prepared statement cache queries - - - - - - - - - - - - - - - - - JDBC driver property: readOnly. - - Read only - - - - - - - JDBC driver property: ssl. - - SSL - - - - - - - JDBC driver property: sslCert. - - SSL certificate location - - - - - - - JDBC driver property: sslfactory. - - SSL factory class name - - - - - - - JDBC driver property: sslKey. - - SSL key location - - - - - - - JDBC driver property: sslMode. - - SSL mode - - - - - - - - - - disable - - - - - allow - - - - - prefer - - - - - require - - - - - verify-ca - - - - - verify-full - - - - - - - - - - JDBC driver property: sslPassword. - - SSL password - - - - - - - JDBC driver property: sslRootCert. - - SSL root certificate location - - - - - - - JDBC driver property: socketTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Socket timeout - - - - - - - JDBC driver property: targetServerType. - - Target server type - - - - - - - JDBC driver property: tcpKeepAlive. - - TCP keep alive - - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User - - - - - - - URL for connecting to the database. - - URL - - - - - - - Additional JDBC vendor properties for the data source. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A single entry in the JNDI default namespace. - - JNDI Entry - - - - - - - - The JNDI name to use for this entry. - - JNDI entry name - jndiName - - - - - - The JNDI value to associate with the name. - - JNDI entry value - - - - - - True if value needs to be decoded on lookup. - - JNDI decode value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A single entry in the JNDI default namespace that is used for binding java.net.URL entries. - - JNDI URL Entry - - - - - - - - The JNDI name to use for this entry. - - JNDI URL entry name - jndiName - - - - - - The JNDI URL value to associate with the name. - - JNDI URL entry value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The properties for the reference entry. - - Properties - - - - - - - - - Additional properties for the reference entry. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - ObjectFactory to be used by a JNDI Reference entry. - - JNDI Object Factory - - - - - - Library containing the factory implementation class. - - Shared Library - - - - - - - ObjectFactory implementation class name. - - Factory class name - - - - - - Type of object returned from the factory. - - Object class name - - - - - - Library containing the factory implementation class. - - Shared library reference - library - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Reference entry in the JNDI default namespace. - - JNDI Reference Entry - - - - - - Object factory for the reference entry. - - Object Factory - - - - - - The properties for the reference entry. - - Properties - - - - - - - JNDI name for the reference entry. - - JNDI name - jndiName - - - - - - Object factory for the reference entry. - - Object factory reference - jndiObjectFactory - - - - - - True if value needs to be decoded on lookup. - - JNDI decode value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for the Java Persistence API container. - - JPA Container - - - - - - - An application to be excluded from JPA processing. - - Excluded application - - - - - - Default integration-level persistence properties for use by the persistence provider when a container-managed entity manager factory is created. Specified default persistence properties are included when the PersistenceProvider.createContainerEntityManagerFactory method is called. If the same default persistence property name is specified within a persistence.xml file, this configuration overrides that property value in the persistence.xml file. - - Default Persistence Properties - - - - - - - - Default Java™ Transaction API (JTA) data source JNDI name to be used by applications running in this server. By default, data sources are JTA. Only data sources that are transactional are allowed in this field. - - Default JTA data source JNDI name - - - - - - Default non-transactional data source JNDI name to be used by applications running in this server. Only data sources that have been marked as non-transactional are allowed in this field. - - Default non-JTA data source JNDI name - - - - - - Default persistence provider class name. If this property is not specified, the default provider is dependent on which JPA feature is enabled. - - Default persistence provider - - - - - - EntityManager pool capacity per PersistenceContext reference. The minimum is 0 and the maximum is 500. - - EntityManager pool capacity - - - - - - If true, errors that occur while attempting to lookup a data source that is specified by the jta-data-source or non-jta-data-source elements in the persistence.xml file are reported and ignored, which allows the persistence provider to determine a default data source. If false, the errors are propagated to the persistence provider so that the errors can be diagnosed more easily, but misconfigured applications might not work. By default, this property is true if JPA 2.0 is enabled and false otherwise. - - Ignore data source errors - - - - - - - - - Default integration-level persistence properties for use by the persistence provider when a container-managed entity manager factory is created. Specified default persistence properties are included when the PersistenceProvider.createContainerEntityManagerFactory method is called. If the same default persistence property name is specified within a persistence.xml file, this configuration overrides that property value in the persistence.xml file. - - Default Persistence Properties - - - - - - Provides a specific persistence property to all container-managed entity manager factories. - - Name/value Pair Describing A Persistence Property - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Provides a specific persistence property to all container-managed entity manager factories. - - Name/value Pair Describing A Persistence Property - - - - - - - - Provides the name of the integration-level persistence property. - - Persistence property name - - - - - - Provides the value of the integration-level persistence property. - - Persistence property value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - JSP configuration - - JSP Engine - - - - - - - - Disable compilation of JSPs at runtime. - - Disable JSP runtime compilation - - - - - - Directory that the JSP engine will search for additional JSP files to serve. - - Extended document root - - - - - - Default Java source level for JSPs compiled by the JSP engine. - - JDK source level - - - - - - - - - 13 - - - - - 14 - - - - - 15 - - - - - 16 - - - - - 17 - - - - - 18 - - - - - - - - - - Keep Java source files generated for JSPs. - - Keep generated Java source - - - - - - Generate Java source and classes in memory (without writing to disk). - - Store compiled JSPs in memory only - - - - - - Recompile JSPs after an application is restarted. JSPs are recompiled on first access. - - Recompile JSPs on restart - - - - - - Allow JSPs to use jsx and tsx tag libs. - - Use implicit tag libs - - - - - - Disable injection of resources into JSPs. - - Disable resource injection - - - - - - When this attribute is present, all JSPs larger than the value (in kilobytes) are compiled at application server startup. Set this to 0 to compile all JSPs. - - Translate and compile JSPs on startup - - - - - - When this attribute is set, the JSPs are compiled to the specified directory instead of the server workarea directory. - - Directory where generated class files are created - - - - - - When this attribute is set, the JSPs are compiled by using the Java SDK compiler. - - Compile JSPs with the Java SDK compiler - - - - - - When prepareJSPs is enabled, this configuration specifies the number of threads used. - - Number of threads used if prepareJSPs is enabled - - - - - - - - - Defines how the server processes configuration information. - - Configuration Management - - - - - - - - Action to take after a incurring a configuration error. - - On error - onError - - - - - - - - - Server will issue warning and error messages when it incurs a configuration error. - - - - - Server will issue a warning or error message on the first error occurrence and then stop the server. - - - - - Server will not issue any warning and error messages when it incurs a configuration error. - - - - - - - - - - Rate at which the server checks for configuration updates. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Update polling rate - - - - - - Configuration update method or trigger. - - Update trigger - - - - - - - - - Server will scan for changes at the polling interval on all the configuration files and update the runtime configuration with the changes detected. - - - - - Server will only update the configuration when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application. - - - - - Disables all update monitoring. Configuration changes will not be applied while the server is running. - - - - - - - - - - - - - Specifies a set of files starting from a base directory and matching a set of patterns. - - Fileset - - - - - - - - The base directory to search for files. - - Base directory - - - - - - Boolean to indicate whether or not the search should be case sensitive (default: true). - - Case sensitive - - - - - - The comma or space separated list of file name patterns to include in the search results (default: *). - - Includes pattern - - - - - - The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded. - - Excludes pattern - - - - - - The scanning interval to determine whether files are added or removed from the fileset. The individual files are not scanned. The suffix for the interval of time is h-hour, m-minute, s-second, and ms-millisecond, for example, 2ms or 5s. The scanning interval is disabled by default and is disabled manually by setting the scan interval, scanInterval, to 0. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Scan interval - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines settings for the Liberty kernel default executor. Note that there is always one and exactly one default executor, for use by the Liberty runtime only and not directly accessible by applications. Applications that need to configure and utilize executors should instead use Managed Executors. - - Executor Management - - - - - - - - The name of the Liberty kernel default executor. - - Name - - - - - - Maximum number of threads that can be associated with the executor. If greater than 0, maxThreads can be a minimum of 4, and should be at least as large as coreThreads; if maxThreads is set less than coreThreads, Liberty will reduce coreThreads to the maxThreads value. If the value of maxThreads is less than or equal to 0, the maximum number of threads is unbounded, which lets the Liberty kernel decide how many threads to associate with the executor without having a defined upper boundary. - - Maximum threads - - - - - - Baseline or minimum number of threads to associate with the executor. The number of threads associated with the executor will quickly grow to this number. If this value is less than 0, a default value is used, calculated based on the number of hardware threads on the system. If the value is a positive number less than 4, then a default value of 4 is used. - - Core threads - - - - - - - - - Defines how the server loads features. - - Feature Manager - - - - - - Specifies a feature to be used when the server runs. - - Feature - - - - - - - Action to take after a failure to load a feature. - - On error - onError - - - - - - - - - Server will issue warning and error messages when it incurs a configuration error. - - - - - Server will issue a warning or error message on the first error occurrence and then stop the server. - - - - - Server will not issue any warning and error messages when it incurs a configuration error. - - - - - - - - - - - - - Specifies the list of IBM SecureWay Directory Server LDAP filters. - - IBM SecureWay Directory Server LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for the LDAP user registry. - - LDAP User Registry - - - - - - List of LDAP failover servers. - - LDAP Failover Servers - - - - - - Specifies the list of Microsoft Active Directory LDAP filters. - - Microsoft Active Directory LDAP Filters - - - - - - Specifies the list of Custom LDAP filters. - - Custom LDAP Filters - - - - - - Specifies the list of IBM Lotus Domino LDAP filters. - - IBM Lotus Domino LDAP Filters - - - - - - Specifies the list of Novell eDirectory LDAP filters. - - Novell eDirectory LDAP Filters - - - - - - Specifies the list of IBM Tivoli Directory Server LDAP filters. - - IBM Tivoli Directory Server LDAP Filters - - - - - - Specifies the list of Sun Java System Directory Server LDAP filters. - - Sun Java System Directory Server LDAP Filters - - - - - - Specifies the list of Netscape Directory Server LDAP filters. - - Netscape Directory Server LDAP Filters - - - - - - Specifies the list of IBM SecureWay Directory Server LDAP filters. - - IBM SecureWay Directory Server LDAP Filters - - - - - - A WIM PersonAccount property that is used to generate the LDAP filter for user searches. The first instance of this attribute is returned as the principal name for the user. The mapping of WIM properties to LDAP attributes can be modified by using the attributeConfiguration attribute. Setting this attribute will override userFilter if it is defined. This attribute is case-sensitive. - - Login Property - - - - - - Configure the LDAP object class, search filters, search bases and LDAP relative distinguished name (RDN) for Person, Group and Organizational Unit. For example, the Group entity type can have a search filter such as (&(ObjectCategory=Groupofnames)(ObjectClass=Groupofnames)) and the object class as Groupofnames with search base ou=iGroups,o=ibm,c=us. - - LDAP Entity Types - - - - - - The configuration for group membership properties (for example; memberAttribute or membershipAttribute). - - Configure the LDAP Group Properties - - - - - - The configuration that maps the LDAP attributes with the user registry schema (for example; Person, PersonAccount or Group) field names. - - LDAP Attributes Mapping - - - - - - Properties of the context pool. - - Context Pool Properties - - - - - - Configure the attributes of the cache. - - Cache Properties - - - - - - - Address of the LDAP server in the form of an IP address or a domain name service (DNS) name. - - Host - - - - - - Port number of the LDAP server. - - Port - - - - - - Base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches in the directory service. - - Base distinguished name (DN) - - - - - - Type of LDAP server to which a connection is established. - - LDAP server type - - - - - - - - - Configure the LDAP registry to use Microsoft Active Directory. - - - - - Configure the LDAP registry to use a custom LDAP server. - - - - - Configure the LDAP registry to use IBM Lotus Domino. - - - - - Configure the LDAP registry to use Novell eDirectory. - - - - - Configure the LDAP registry to use IBM Tivoli Directory Server. - - - - - Configure the LDAP registry to use Sun Java System Directory Server. - - - - - Configure the LDAP registry to use Netscape Directory Server. - - - - - Configure the LDAP registry to use IBM SecureWay Directory Server. - - - - - - - - - - The realm name that represents the user registry. - - Realm name - - - - - - Distinguished name (DN) for the application server, which is used to bind to the directory service. - - Bind distinguished name (DN) - - - - - - Password for the bind DN. The value can be stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option. - - Bind password - - - - - - Perform a case-insensitive authentication check. - - Ignore case for authorization - - - - - - Performs a nested group search. Select this option only if the LDAP server does not support recursive server-side searches. - - Perform a nested group search - - - - - - Requests the application server to reuse the LDAP server connection. - - Reuse connection - - - - - - Indicates whether an SSL connection should be made to the LDAP server. - - Ldap ssl enabled - - - - - - ID of the SSL configuration to be used to connect to the SSL-enabled LDAP server. - - SSL reference - ssl - - - - - - Maximum time for an LDAP server to respond before a request is canceled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Search timeout - - - - - - Maximum time for establishing a connection to the LDAP server. A value of 0 indicates that the TCP protocol's timeout value should be used. The program logs an error message if the specified time expires. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Timeout for establishing an LDAP connection - - - - - - Maximum time to wait for read operations for LDAP operations. A value of 0 indicates that no timeout exists and the read waits indefinitely. The program logs an error message if the specified time expires. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Timeout for reading from an LDAP connection - - - - - - Specifies the X.509 certificate authentication mapping mode for the LDAP registry: CUSTOM, EXACT_DN, CERTIFICATE_FILTER, or NOT_SUPPORTED. - - Certificate map mode - - - - - - - - - The LDAP registry attempts X.509 certificate authentication by mapping the PrincipalName value in the X.509 certificate to the exact distinguished name (DN) in the repository. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. - - - - - The LDAP registry attempts X.509 certificate authentication by using the certificate filter mapping property for the LDAP filter. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. - - - - - The LDAP registry attempts X.509 certificate authentication by using the custom CertificateMapper implementation specified by the certificateMapperId attribute. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. - - - - - The LDAP registry does not support X.509 certificate authentication. Attempts to authenticate with an X.509 certificate fail, and a CertificateMapNotSupportedException is thrown. - - - - - - - - - - Specifies the filter certificate mapping property for the LDAP filter when the X.509 certificate authentication mapping mode is CERTIFICATE_FILTER. The filter is used to map attributes in the client certificate to entries in the LDAP registry. For example, the filter can be specified as: uid=${SubjectCN}. - - Certificate map filter - - - - - - Specifies the X509CertificateMapper to use when the X.509 certificate authentication mapping mode is CUSTOM. The value must match the value of the 'x509.certificate.mapper.id' property that is specified for the X509CertificateMapper implementation. - - Certificate mapper ID - - - - - - Specifies the list of Microsoft Active Directory LDAP filters. - - Microsoft active directory ldap filters reference - activedLdapFilterProperties - - - - - - Specifies the list of Custom LDAP filters. - - Custom ldap filters reference - customLdapFilterProperties - - - - - - Specifies the list of IBM Lotus Domino LDAP filters. - - IBM lotus domino ldap filters reference - domino50LdapFilterProperties - - - - - - Specifies the list of Novell eDirectory LDAP filters. - - Novell eDirectory ldap filters reference - edirectoryLdapFilterProperties - - - - - - Specifies the list of IBM Tivoli Directory Server LDAP filters. - - IBM tivoli directory ldap filters reference - idsLdapFilterProperties - - - - - - Specifies the list of Sun Java System Directory Server LDAP filters. - - Sun java system directory ldap filters reference - iplanetLdapFilterProperties - - - - - - Specifies the list of Netscape Directory Server LDAP filters. - - Netscape directory server ldap filters reference - netscapeLdapFilterProperties - - - - - - Specifies the list of IBM SecureWay Directory Server LDAP filters. - - IBM secureWay directory ldap filters reference - securewayLdapFilterProperties - - - - - - Specify the behavior for LDAP referrals. The default behavior is to ignore referrals. - - LDAP referral handling - - - - - - - - - Ignore LDAP referrals. - - - - - Follow LDAP referrals. - - - - - - - - - - When an alias entry is encountered, specifies whether the alias is dereferenced so that the object that is returned is the object that is pointed to by the alias DN. - - Alias dereferencing handling - - - - - - - - - Always dereference aliases. - - - - - Never dereference aliases. - - - - - - - - - - The interval, in minutes, at which the virtual member manager tests the primary server for availability. - - Primary server query time interval - - - - - - A boolean value that indicates if the search should be done against the Primary Server. - - Return to primary server - - - - - - A string value that provides a SimpleDateFormat pattern that is used to parse timestamp attribute values. For example, you can use 'yyyyMMddHHmmss.SSSZ' to parse '20181120214852.869-0000Z'. If this attribute is not defined, a default will be provided based on ldapType. - - Timestamp format - - - - - - Allow create, update, and delete operations on failover servers. - - Allow write to secondary servers - - - - - - The authentication mechanism for binding to the LDAP server when searching or modifying an LDAP entry. - - Bind authentication mechanism - - - - - - - - - Anonymous bind to the directory service. No additional login attributes are required. - - - - - Use the bindDN and bindPassword to bind to the directory service. The bindDN and bindPassword attributes are required. - - - - - GSS-API Kerberos v5 (krb5) support to bind to the directory service. The krb5Principal attribute is required - - - - - - - - - - The name of the Kerberos principal name or Kerberos service name to be used. - - Kerberos principal name - - - - - - The file location where Kerberos credentials for the Kerberos principal name or service name will be stored. Also known as the Kerberos credential cache (ccache) - - Kerberos ticket cache - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration of the registry base entry. The sub-tree under this node will also be part of the repository. - - Registry Base Entry - - - - - - - - Base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches in the directory service. - - Base distinguished name (DN) - - - - - - The base name of the registry base entry. - - Base name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The attribute cache properties. - - LDAP Attribute Cache - - - - - - - - A Boolean value to indicate that the property is enabled. - - Enabled - - - - - - Defines the number of entities that can be stored in the cache. You can increase the size of the cache based on the number of entities that are required to be stored in the cache. - - Size - - - - - - Defines the maximum time that the contents of the LDAP attribute cache are available. When the specified time has elapsed, the LDAP attribute cache is cleared. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Timeout - - - - - - The maximum number of attributes per LDAP entity that will be cached. - - Maximum entity attributes cached - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of Novell eDirectory LDAP filters. - - Novell eDirectory LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of Microsoft Active Directory LDAP filters. - - Microsoft Active Directory LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration that defines the mapping of LDAP attributes with the user registry schema field names. - - LDAP Attributes Mapping Definition - - - - - - Define the user registry schema field names to be mapped to the LDAP attribute. - - LDAP Attribute Properties - - - - - - Define the name of the LDAP attribute and its properties that needs to be mapped to the user registry externalId attribute. - - ExternalId Attribute Mapping Properties - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration for the LDAP attribute. - - LDAP Attribute - - - - - - - - The name of the LDAP attribute. - - LDAP attribute name - - - - - - The user registry schema field name that needs to be mapped with the LDAP attribute. - - User registry property name - - - - - - The default value of the attribute. - - Default value - - - - - - The attribute syntax. - - Syntax - - - - - - The entity type of the attribute. - - Entity type - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The attributes of the LDAP group configuration. - - LDAP Group Properties - - - - - - The LDAP member attribute. - - Member Attribute - - - - - - The configuration for the membership attribute. - - Membership Attribute - - - - - - The configuration for the dynamic member attribute. - - Dynamic Member Attribute - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A WIM PersonAccount property that is used to generate the LDAP filter for user searches. The first instance of this attribute is returned as the principal name for the user. The mapping of WIM properties to LDAP attributes can be modified by using the attributeConfiguration attribute. Setting this attribute will override userFilter if it is defined. This attribute is case-sensitive. - - Login Property - - - - - - - - A WIM PersonAccount property that is used to generate the LDAP filter for user searches. The first instance of this attribute is returned as the principal name for the user. The mapping of WIM properties to LDAP attributes can be modified by using the attributeConfiguration attribute. Setting this attribute will override userFilter if it is defined. This attribute is case-sensitive. - - Login property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration for the LDAP dynamic member attribute. - - LDAP Dynamic Member Attribute - - - - - - - - The name of the member. - - Member name - - - - - - The name of the object class. - - Object class - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of IBM Tivoli Directory Server LDAP filters. - - IBM Tivoli Directory Server LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration for the LDAP externalId attribute mapping. - - LDAP ExternalId Attribute - - - - - - - - The name of the LDAP attribute to be used for the user registry externalId attribute. - - Name in LDAP - - - - - - The attribute syntax. - - Syntax - - - - - - The entity type of the attribute. - - Entity type - - - - - - When enabled, the externalId attribute value is generated automatically by the user registry instead of using the value that is stored in LDAP. By default it is disabled. - - Auto generate - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration for the LDAP member attributes. - - LDAP Member Attributes - - - - - - - - The name of the member. - - Member name - - - - - - The object class of the member attribute. - - Object class - - - - - - The scope of the member attribute. - - Scope - - - - - - - - - The specified member attribute only includes direct members. - - - - - The specified member attribute includes direct and nested members. - - - - - The specified member attribute includes direct, nested, and dynamic members. - - - - - - - - - - The name of the dummy member. - - Dummy member - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for LDAP failover server. - - LDAP Failover Server Properties - - - - - - - - LDAP server host name, which can be either an IP address or a domain name service (DNS) name. - - LDAP failover host - - - - - - LDAP failover server port. - - LDAP failover port - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - List of LDAP failover servers. - - LDAP Failover Servers - - - - - - Configuration properties for LDAP failover server. - - LDAP Failover Server Properties - - - - - - - Configuration properties for LDAP failover servers. Specify it as a backup server for the primary LDAP servers. For example, <failoverServers name="failoverLdapServers"><server host="myfullyqualifiedhostname1" port="389"/><server host="myfullyqualifiedhostname2" port="389"/></failoverServers>. - - LDAP failover servers name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration for the supported LDAP entity type. - - Supported LDAP Entity Type - - - - - - The object class defined for the given LDAP entity type in the LDAP server. For example, the object class for the group LDAP entity type can be Groupofnames. - - Object class - - - - - - Specify the sub tree of the LDAP server for the search call for the given entity type which will override the base DN in search operations. For example, if the base DN is o=ibm,c=us and the search base for the PersonAccount entity type is defined to be ou=iUsers,o=ibm,c=us, then all search calls for PersonAccout will be made under subtree ou=iUsers,o=ibm,c=us. Multiple search bases can be configured for the same entity type. - - Search base - - - - - - - The name of the LDAP entity type. - - Name - - - - - - A custom LDAP search expression used while searching for entity types. For example, searchFilter="(|(ObjectCategory=User)(ObjectClass=User))". - - Search filter - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of Sun Java System Directory Server LDAP filters. - - Sun Java System Directory Server LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of IBM Lotus Domino LDAP filters. - - IBM Lotus Domino LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configure the attributes of the cache. - - Cache - - - - - - The attribute cache properties configuration. - - Attribute Cache Properties - - - - - - The configuration for the search results cache. - - Search Results Cache Properties - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configure the attributes of the context pool. - - Context Pool - - - - - - - - A boolean value that determines if the context pool is enabled. Disabling it can cause performance degradation. - - Context pool enabled - - - - - - An integer value that determines the initial size of the context pool. Set this based on the load on the repository. - - Initial size - - - - - - An integer value that defines the maximum context pool size. Set this based on the maximum load on the repository. - - Maximum size - - - - - - The duration after which the context pool times out. An integer that represents the time that an idle context instance can remain in the pool without being closed and removed from the pool. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s) or milliseconds (ms). For example, specify 1 second as 1s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 1.5 minutes. The minimum timeout allowed is 1 second. Millisecond entries are rounded to the nearest second. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Timeout - - - - - - The duration after which the context pool times out. The time interval that the request waits until the context pool checks again if an idle context instance is available in the pool when the number of context instances reaches the maximum pool size. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Wait time - - - - - - The preferred size of the context pool. Set this based on the load on the repository. - - Preferred size - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of Custom LDAP filters. - - Custom LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The cache for the search results. - - Search Results Cache - - - - - - - - A Boolean value to indicate that the property is enabled. - - Enabled - - - - - - The size of the cache. The number of search results that are stored in the cache. This needs to be configured based on the number of search queries executed on the system and the hardware system resources available. - - Size - - - - - - Defines the maximum time that the contents of the search results cache are available. When the specified time has elapsed, the search results cache is cleared. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Timeout - - - - - - The maximum number of results that can be cached for a single LDAP search. - - Maximum search results cached - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The RDN property to be used for each configured object class. - - Relative Distinguished Name Property - - - - - - The name of the object class. - - Object class - - - - - - - The name of the property. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of Netscape Directory Server LDAP filters. - - Netscape Directory Server LDAP Filters - - - - - - - - An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. - - User filter - - - - - - An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. - - Group filter - - - - - - An LDAP filter that maps the name of a user to an LDAP entry. - - User ID map - - - - - - An LDAP filter that maps the name of a group to an LDAP entry. - - Group ID map - - - - - - An LDAP filter that identifies user to group memberships. - - Group member ID map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration for the LDAP membership attribute. - - LDAP Membership Attribute - - - - - - - - The name of the membership attribute. - - Membership attribute name - - - - - - The scope of the membership attribute. - - Scope - - - - - - - - - The specified group membership attribute only includes direct groups. - - - - - The specified group membership attribute includes direct and nested groups. - - - - - The specified group membership attribute includes direct, nested, and dynamic groups. - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Controls the capture and output of log and trace messages. - - Logging - - - - - - - - - - - The maximum size (in MB) that a log file can reach before it is rolled. The Liberty runtime does only size-based log rolling. To disable this attribute, set the value to 0. The maximum file size is approximate. By default, the value is 20. Note: maxFileSize does not apply to the console.log file. - - Maximum log file size - com.ibm.ws.logging.max.file.size - - - - - - - - - - - - - - - - Maximum number of log files that are kept before the oldest file is removed; a value of 0 means no limit. If an enforced maximum file size exists, this setting is used to determine how many of each of the log files are kept. This setting also applies to the number of exception logs that summarize exceptions that occurred on a particular day. So if this number is 10, you might have 10 message logs, 10 trace logs, and 10 exception summaries in the ffdc/directory. By default, the value is 2. Note: maxFiles does not apply to the console.log file. - - Maximum log files - com.ibm.ws.logging.max.files - - - - - - - - - - - - - - - - You can use this attribute to set a directory for all log files, excluding the console.log file, but including FFDC. By default, logDirectory is set to the LOG_DIR environment variable. The default LOG_DIR environment variable path is WLP_OUTPUT_DIR/serverName/logs. Avoid trouble: Use the LOG_DIR environment variable or the com.ibm.ws.logging.log.directory property, except in cases where you are trying to change the configuration dynamically after startup. - - Log directory - com.ibm.ws.logging.log.directory - - - - - - Name of the file to which message output is written relative to the configured log directory. The default value is messages.log. This file always exists and contains INFO and other (AUDIT, WARNING, ERROR, FAILURE) messages, in addition to System.out and System.err. This log also contains time stamps and the issuing thread ID. If the log file is rolled over, the names of earlier log files have the format messages_timestamp.log. Avoid trouble: Use the com.ibm.ws.logging.message.file.name property, except in cases where you are trying to change the configuration dynamically after startup. - - Message file name - com.ibm.ws.logging.message.file.name - - - - - - Name of the file to which trace output is written relative to the configured log directory. The default value is trace.log. The trace.log file is only created if a traceSpecification is set including log levels below INFO. stdout is recognized as a special value and causes trace to be directed to the original standard out stream. Avoid trouble: Use the com.ibm.ws.logging.trace.file.name property, except in cases where you are trying to change the configuration dynamically after startup. - - Trace file name - com.ibm.ws.logging.trace.file.name - - - - - - A trace specification that conforms to the trace specification grammar and specifies the initial state for various trace components. The trace specification is used to selectively enable trace. An empty value is allowed and treated as 'disable all trace'. Any component that is not specified is initialized to a default state of *=info. - - Trace specification - com.ibm.ws.logging.trace.specification - - - - - - The list of messages, which are separated by a comma, that are configured to be hidden from the console.log and messages.log files. If the messages are configured to be hidden, then they are redirected to the trace.log file. Avoid trouble: Use the com.ibm.ws.logging.hideMessage property, except in cases where you are trying to change the configuration dynamically after startup. - - Messages to be hidden - com.ibm.ws.logging.hideMessage - - - - - - The list of comma-separated sources that route to the messages.log file. This property applies only when messageFormat=json. Valid values are message, trace, accessLog, ffdc, and audit. By default, messageSource is set to the environment variable WLP_LOGGING_MESSAGE_SOURCE (if set), or message. Note: To use the audit source, enable the Liberty audit feature. Enable access logs by setting an accessLogging element for your httpEndpoint. Avoid trouble: Use the WLP_LOGGING_MESSAGE_SOURCE environment variable or the com.ibm.ws.logging.message.source property, except in cases where you are trying to change the configuration dynamically after startup. - - Message source - com.ibm.ws.logging.message.source - - - - - - The required format for the messages.log file. Valid values are SIMPLE or JSON format. By default, messageFormat is set to the environment variable WLP_LOGGING_MESSAGE_FORMAT (if set), or SIMPLE. Avoid trouble: Use the WLP_LOGGING_MESSAGE_FORMAT environment variable or the com.ibm.ws.logging.message.format property, except in cases where you are trying to change the configuration dynamically after startup. - - Message format - com.ibm.ws.logging.message.format - - - - - - - - - Use the simple logging format. - - - - - Use the tbasic logging format. - - - - - Use the JSON logging format. - - - - - - - - - - The list of comma-separated sources that route to the console/console.log. This property applies only when consoleFormat=json. Valid values are message, trace, accessLog, ffdc, and audit. By default, consoleSource is set to the environment variable WLP_LOGGING_CONSOLE_SOURCE (if set), or message. Note: To use the audit source, enable the Liberty audit feature. Enable access logs by setting an accessLogging element for your httpEndpoint. Avoid trouble: Use the WLP_LOGGING_CONSOLE_SOURCE environment variable or the com.ibm.ws.logging.console.source property, except in cases where you are trying to change the configuration dynamically after startup. - - Console source - com.ibm.ws.logging.console.source - - - - - - The required format for the console. Valid values are DEV, SIMPLE, or JSON format. By default, consoleFormat is set to the environment variable WLP_LOGGING_CONSOLE_FORMAT (if set), or DEV. Avoid trouble: Use the WLP_LOGGING_CONSOLE_FORMAT environment variable or the com.ibm.ws.logging.console.format property, except in cases where you are trying to change the configuration dynamically after startup. - - Console format - com.ibm.ws.logging.console.format - - - - - - - - - Use the dev logging format. - - - - - Use the simple logging format. - - - - - Use the tbasic logging format. - - - - - Use the JSON logging format. - - - - - - - - - - This format is used for the trace log. Avoid trouble: Use the com.ibm.ws.logging.trace.format property, except in cases where you are trying to change the configuration dynamically after startup. - - Trace format - com.ibm.ws.logging.trace.format - - - - - - - - - Use the basic trace format. - - - - - Alias for the basic trace format. - - - - - Use the enhanced basic trace format. - - - - - Use the advanced trace format. - - - - - - - - - - The date and time use a locale-specific format or the ISO-8601 format. You can specify true or false for the value of the attribute or the value of the equivalent property. The default value is false. Avoid trouble: Use the com.ibm.ws.logging.isoDateFormat property, except in cases where you are trying to change the configuration dynamically after startup. If you specify a value of true, the ISO-8601 format is used in the messages.log file, the trace.log file, and the FFDC logs. The format is yyyy-MM-dd'T'HH:mm:ss.SSSZ. If you specify a value of false, the date and time are formatted according to the default locale set in the system. If the default locale is not found, the format is dd/MMM/yyyy HH:mm:ss:SSS z. - - Use the ISO 8601 date format - com.ibm.ws.logging.isoDateFormat - - - - - - Handle stack traces written to System.out/System.err as a single event in the logs. - - Format stack traces as a single event in logs - com.ibm.ws.logging.stackTraceSingleEntry - - - - - - The logging level used to filter messages written to system streams. The valid values are INFO, AUDIT, WARNING, ERROR, and OFF. By default, the consoleLogLevel is set to the WLP_LOGGING_CONSOLE_LOGLEVEL environment variable (if set), or AUDIT. Note: Before you change this value, consider the information in the section "Unable to interact with the Liberty server after modifying the console log level settings" in the topic Developer Tools known restrictions. Avoid trouble: Use the WLP_LOGGING_CONSOLE_LOGLEVEL environment variable or the com.ibm.ws.logging.console.level property, except in cases where you are trying to change the configuration dynamically after startup. - - Console log level - com.ibm.ws.logging.console.log.level - - - - - - - - - Info, audit, and warning messages will be written to the system output stream. Error messages will be written to the system error stream. - - - - - Audit and warning messages will be written to the system output stream. Error messages will be written to the system error stream. - - - - - Warning messages will be written to the system output stream. Error messages will be written to the system error stream. - - - - - Error messages will be written to the system error stream. - - - - - No server output is written to system streams. Only JVM output is written to system streams. - - - - - - - - - - If true, messages that are written to the System.out and System.err streams are copied to console.log. If false, those messages are written to configured logs such as messages.log or trace.log, but they are not copied to console.log. The default value is true. Avoid trouble: Use the com.ibm.ws.logging.copy.system.streams property, except in cases where you are trying to change the configuration dynamically after startup. - - Copy System.out and System.err to system streams - com.ibm.ws.logging.copy.system.streams - - - - - - When this attribute is set to true, it prevents potentially sensitive information from being exposed in log and trace files. The default value is false. Avoid trouble: Use the com.ibm.ws.logging.suppress.sensitive.trace property, except in cases where you are trying to change the configuration dynamically after startup. - - Suppress sensitive trace - com.ibm.ws.logging.suppress.sensitive.trace - - - - - - When logs are in JSON format, use this attribute to replace default field names with new field names or to omit fields from the logs. To replace a field name, configure the new field name by using the following format: defaultFieldName:newFieldName?. For field names that are associated with logs of a specified source, use the following format: [source:]?defaultFieldName:newFieldName?, where [source] is the source you want to specify, such as message, trace, or accessLog. To omit a field from the logs, specify the field name without a replacement, as shown in the following example: defaultFieldName:. To rename or omit multiple fields, specify a comma-separated list of field name mappings. - - JSON field names that are being replaced - com.ibm.ws.logging.json.field.mappings - - - - - - When logs are in JSON format, use this attribute to choose between using access log fields specified in the accessLogging logFormat property or the default access log fields. - - JSON fields to use from access logs - com.ibm.ws.logging.json.access.log.fields - - - - - - - - - Use the default set of access log fields. - - - - - Use the set of access log fields that match logFormat. - - - - - - - - - - When message log or console log is in JSON format, allow applications to write JSON-formatted messages to those destinations, without modification. - - Allow apps to write JSON - com.ibm.ws.logging.apps.write.json - - - - - - The scheduled time of day for logs to first roll over. The rollover interval duration begins at rollover start time. Valid values follow a 24-hour ISO-8601 datetime format of HH:MM, where 00:00 represents midnight. Padding zeros are required. If rolloverInterval is specified, the default value of rolloverStartTime is 00:00, midnight. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Note: rolloverStartTime does not apply to the console.log file. - - Rollover start time for time based log rollover - com.ibm.ws.logging.rollover.start.time - - - - - - The time interval in between log rollovers, in minutes if a unit of time is not specified. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 5 hours as 5h. You can include multiple values in a single entry. For example, 1d5h is equivalent to 1 day and 5 hours. If rolloverStartTime is specified, the default value of rolloverInterval is 1 day. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Note: rolloverInterval does not apply to the console.log file. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - Rollover interval for time based log rollover - com.ibm.ws.logging.rollover.interval - - - - - - The maximum wanted age before an FFDC file is deleted. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 2 days as 2d. You can include multiple values in a single entry. For example, 2d6h is equivalent to 2 days and 6 hours. Everyday at midnight, any FFDC file that reaches the maximum age is deleted. By default, FFDC files are not deleted based on file age. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - Maximum age before an FFDC file is deleted - com.ibm.ws.logging.max.ffdc.age - - - - - - - - - Logstash collector gathers data from various sources and forwards the data to a logstash server using Lumberjack protocol. - - Logstash Collector - - - - - - Specifies a list of comma-separated sources that are used by the logstash collector. Valid values are message, trace, accessLog, ffdc, garbageCollection, and audit. To use the audit source, enable the Liberty audit feature. Enable access logs by setting an accessLogging element for your httpEndpoint. - - Source - - - - - - Specifies the tags that are associated with the events from various sources. - - Tag - - - - - - - Host name of the logstash server. - - Host name - - - - - - Port number of the logstash server. - - Port - - - - - - - - - - - - - - - - - - Specifies maximum number of characters for the message field associated with the events for various sources. If you specify a value of 0 or -1, the maximum number of characters is unlimited. - - Maximum field length - - - - - - - - - - - - - - - - Specifies the maximum number of events to be sent per second. If you specify a value greater than zero, then it will be used for throttling the events. - - Maximum events per second - - - - - - - - - - - - - - - - - - Specifies an ID of the SSL repertoire that is used to connect to the logstash server. - - SSL reference - ssl - - - - - - Use this attribute to choose between using access log fields specified in the accessLogging logFormat property or the default access log fields. - - Fields to use from access logs - - - - - - - - - Use the default set of access log fields. - - - - - Use the set of access log fields that match logFormat. - - - - - - - - - - - - - Lightweight Third Party Authentication (LTPA) token configuration. - - LTPA Token - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - Path of the file containing the token keys. - - LTPA token keys file - - - - - - Password for the token keys. The value can be stored in clear text or encoded form. It is recommended to encode the password, use the securityUtility tool with the encode option. - - LTPA token keys password - - - - - - Amount of time after which a token expires in minutes. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - LTPA token expiration - - - - - - Rate at which the server checks for updates to the LTPA token keys file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - LTPA token keys file polling rate - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - - - - Defines the behavior of the EJB container. - - EJB Container - - - - - - - Defines the behavior of EJB asynchronous methods. - - EJB Asynchronous Methods - - - - - - Defines the behavior of the EJB timer service. - - EJB Timer Service - - - - - - - The interval between removing unused bean instances. This setting only applies to stateless session and message-driven beans. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Pool cleanup interval - - - - - - The number of stateful session bean instances that should be cached in memory. - - Cache size - - - - - - - - - - - - - - - - The interval between passivating unused stateful session bean instances when the size is exceeded. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Cache cleanup interval - - - - - - Specifies when EJB types will be initialized. If this property is set to true, EJB types will be initialized at the time applications are first started. If this property is set to false, EJB types will be initialized at the time the EJB type is first used by an application. If this property is not set, the behavior is determined on a bean-by-bean basis from the start-at-app-start attribute in the ibm-ejb-jar-ext.xml file. This setting does not apply to either message-driven or startup singleton beans. Message-driven and startup singleton beans will always be initialized at the time applications are started. - - Start EJBs at application start - - - - - - - This property configures whether enterprise beans are available for lookup in the server root, ejblocal:, and local: namespaces. Default JNDI names are used unless custom JNDI names are configured in an ibm-ejb-jar-bnd.xml, ibm-ejb-jar-bnd.xmi, or server.xml file. - - Bind enterprise beans to the server root - - - - - - - This property configures whether enterprise beans are available for lookup in the java:global, java:app, and java:module namespaces. The JNDI names that are defined in the enterprise bean specification are used. - - Bind enterprise beans to the java: namespaces - - - - - - - This property configures whether enterprise beans are available for lookup in the server root and ejblocal: namespaces by using the short form default JNDI names. The short form default JNDI name is the enterprise bean interface name. The value is either a ':' separated list of applications to disable short default bindings for enterprise beans in that application or a '*' to disable for all enterprise beans. - - Disable short default binding of enterprise beans - - - - - - - This property determines the action to take in response to configuration errors. For example, if multiple enterprise beans are configured with the same custom JNDI name, then the customBindingsOnError property determines whether to fail, raise a warning, or ignore the duplicate bindings. - - Action to take on custom bindings error - - onError - - - - - - - - - Server will issue warning and error messages when it incurs a configuration error. - - - - - Server will issue a warning or error message on the first error occurrence and then stop the server. - - - - - Server will not issue any warning and error messages when it incurs a configuration error. - - - - - - - - - - - - - Configuration for a Mongo instance. - - Mongo - Configuration for a MongoClientOptions instance. - - - - - - List of host names. The ordering of this list must be consistent with the list of ports, such that the first element in the list of host names corresponds to the first element in the list of ports, and so forth. - - Host names - - - - - - Specifies a library that contains the MongoDB Java Driver. - - MongoDB Java Driver Library - - - - - - List of port numbers. The ordering of this list must be consistent with the list of host names, such that the first element in the list of host names corresponds to the first element in the list of ports, and so forth. - - Port numbers - - - - - - - - - - - - - - - - ID of the SSL configuration to be used to connect to the SSL-enabled server. - - Secure Socket Layer Reference - - - - - - - - - Specifies a library that contains the MongoDB Java Driver. - - MongoDB Java driver library reference - library - - - - - - Determines the action to take in response to configuration errors. - - Action to take for configuration errors - onError - - - - - - - - - Server will issue warning and error messages when it incurs a configuration error. - - - - - Server will issue a warning or error message on the first error occurrence and then stop the server. - - - - - Server will not issue any warning and error messages when it incurs a configuration error. - - - - - - - - - - Password for database user. - - Password - - - - - - Database user name. - - User - - - - - - Use provided certificate from key store to authenticate user to MongoDB. - - Use certificate for authentication - - - - - - Retry connections to a server, for an interval up to the maxAutoConnectRetryTime, if the socket cannot be opened. - - Auto connect retry - - - - - - - Limits the number of open connections to each host. Connections are pooled when not in use. - - Connection per host - - - - - - - - - - - - - - - - - Connection timeout for new connections. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Connect timeout - - - - - - - Attempts to clean up DBCursors that are not closed. - - Cursor finalizer enabled - - - - - - - Description of a Mongo instance. - - Description - - - - - - - Interval during which to retry attempts to open a connection to a server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Maximum auto connect retry time - - - - - - - Maximum amount of time to wait for an available connection. If negative, the connection request never times out. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Maximum wait time - - - - - - - Configures whether or not to keep sockets alive. - - Socket keep alive - - - - - - - The socket timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Socket timeout - - - - - - - Configures whether or not to enable SSL. - - Secure socket layer enabled - - - - - - - ID of the SSL configuration to be used to connect to the SSL-enabled server. - - Secure socket layer reference - - - ssl - - - - - - This value, multiplied by connectionsPerHost, establishes an upper limit on threads that are allowed to wait for an available connection. - - Max blocking threads multiplier - - - - - - - - - - - - - - - - - Configures the read preference. - - Read preference - - - - - - - - - - nearest - - - - - primary - - - - - primaryPreferred - - - - - secondary - - - - - secondaryPreferred - - - - - - - - - - The reliability of a write operation to the mongo server. - - Write concern - - - - - - - - - - ACKNOWLEDGED - - - - - ERRORS_IGNORED - - - - - FSYNC_SAFE - - - - - FSYNCED - - - - - JOURNAL_SAFE - - - - - JOURNALED - - - - - MAJORITY - - - - - NONE - - - - - NORMAL - - - - - REPLICA_ACKNOWLEDGED - - - - - REPLICAS_SAFE - - - - - SAFE - - - - - UNACKNOWLEDGED - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for a MongoDB DB instance. - - MongoDB DB - - - - - - Specifies the Mongo instance that this DB instance belongs to. - - Mongo Instance - - - - - - - Name of the database. - - Database name - - - - - - Specifies the Mongo instance that this DB instance belongs to. - - Mongo instance reference - mongo - - - - - - JNDI name for a MongoDB DB instance - - JNDI name - jndiName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for Monitoring Feature which includes enabled traditional PMI ,FineGrained and any future configurations updates. - - Monitor - - - - - - - - Property to enable or disable Traditional PMI way of reporting. - - Enable traditional PMI - - - - - - Allows user to enable/disable monitors based on group name such as WebContainer,JVM,ThreadPool,Session,ConnectionPool and so on. - - Filtered (monitored) groups - - - - - - - - - Provides a specific custom property to an application. - - A Name/value Pair Describing A Property - - - - - - - - Provides name of the application scoped property. - - Application scoped property name - - - - - - Provides value of the application scoped property. - - Application scoped property value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Provides custom properties to an application. - - Application Scoped Properties - - - - - - Provides a specific custom property to an application. - - A Name/value Pair Describing A Property - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration to process the MicroProfile JWT token. - - MicroProfile JWT - - - - - - The trusted audience list to be included in the aud claim in the JSON web token. - - Trusted audiences - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - The unique ID. - - Unique ID - uniqueId - - - - - - Specifies a JSON Web Key service URL. - - JWK endpoint url - - - - - - The value of the claim will be used as user principal to authenticate. - - User principal claim - - - - - - Specifies an ID of the SSL configuration that is used for SSL connections. - - SSL reference - ssl - - - - - - Specifies a trusted key alias for using the public key to verify the signature of the token. - - Verification key name - - - - - - The url of the issuer. - - Issuer - - - - - - The value of the claim will be used as the user group membership. - - Group claim - - - - - - Specifies whether to map userIdentifier to a registry user. - - Map user identifier - - - - - - Specifies whether the token can be re-used. - - Re-use the token - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - The expected authentication scheme in the Authorization header that contains the JSON Web Token. - - Authorization header scheme - - - - - - This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - The time difference allowed between systems - - - - - - Specifies the allowed token age in seconds when validating the JSON web token. This attribute is used only in versions 2.1 and later of the MP-JWT feature. The issued at (iat) claim must be present in the JWT token. The configured number of seconds since iat must not have elapsed. If it has elapsed, then the request is rejected with an unauthorized response. The specified token age overrides the mp.jwt.verify.token.age MicroProfile Config property if it is configured. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Time allowed since the JWT token was issued - - - - - - Specifies the decryption algorithm that is used to decrypt the Content Encryption Key. This attribute is used only in versions 2.1 and later of the MP-JWT feature. The specified decryption algorithm overrides the mp.jwt.decrypt.key.algorithm MicroProfile Config property if it is configured. - - Key management key algorithm - - - - - - Ignore the configured authentication method in the application. Allow legacy applications that do not configure MP-JWT as their authentication method to use MicroProfile JWT token if one is included in the request. - - Ignore authentication method - - - - - - Specifies the string that will be used to generate the shared keys for HS256 signatures. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. - - Shared secret - - - - - - Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - The HTTP request header that is expected to contain a MicroProfile JWT. This attribute is only used by versions 1.2 and beyond of the MP-JWT feature. This value overrides the mp.jwt.token.header MicroProfile Config property if one is configured. - - Token header - - - - - - - - - Authorization - - - - - Cookie - - - - - - - - - - The name of the cookie that is expected to contain a MicroProfile JWT. The default value is Bearer. This attribute is only used by versions 1.2 and beyond of the MP-JWT feature. This value overrides the mp.jwt.token.cookie MicroProfile Config property if one is configured. This value will be ignored unless tokenHeader or the mp.jwt.token.header MicroProfile Config property is set to Cookie. - - Cookie name - - - - - - Private key alias of the key management key that is used to decrypt the Content Encryption Key. This private key must correspond to the public key that is used to encrypt the Content Encryption Key. This attribute is only used by versions 1.2 and beyond of the MP-JWT feature. This value overrides the mp.jwt.decrypt.key.location MicroProfile Config property if one is configured. - - Key management key alias - - - - - - Specifies the signature algorithm that will be used to sign the JWT token. - - JWT token signature algorithm - - - - - - - - - %tokenSignAlgorithm.RS256 - - - - - %tokenSignAlgorithm.RS384 - - - - - %tokenSignAlgorithm.RS512 - - - - - %tokenSignAlgorithm.HS256 - - - - - %tokenSignAlgorithm.HS384 - - - - - %tokenSignAlgorithm.HS512 - - - - - %tokenSignAlgorithm.ES256 - - - - - %tokenSignAlgorithm.ES384 - - - - - %tokenSignAlgorithm.ES512 - - - - - - - - - - - - - - - - - - - Configuration for MicroProfile Metrics. - - MicroProfile Metrics - - - - - - Identifies User provided Micrometer binaries and dependencies - - Shared Library - - - - - - - Indicates whether or not users should provide user name and password when accessing metrics endpoint. - - Enable authentication - - - - - - Identifies User provided Micrometer binaries and dependencies - - Shared library reference - library - - - - - - - - - OpenId authentication. - - OpenId Authentication - - - - - - Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response. - - User Information Reference - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - Specifies whether to use the client OpenID identity to create a user subject. If set to true, only the OpenID client identity is used. If set to false and the first element of userInfoRef is found, we use it to create a user subject. Otherwise, we use the OpenID identity to create a user subject. - - Use client identity - - - - - - Specifies whether to map identity to registry user. The user registry is not used to create the user subject. - - Map identity to registry user - - - - - - Specifies an ID of the SSL configuration is used to connect to the OpenID provider. - - SSL reference - ssl - - - - - - Require SSL communication between the OpenID relying party and provider service. - - Require SSL communication - - - - - - Specifies the hash algorithm that is used to sign and encrypt the OpenID provider response parameters. - - Hash algorithm - - - - - - - - - Secure hash algorithm SHA1 - - - - - Secure hash algorithm SHA256 - - - - - - - - - - Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response. - - User information reference - userInfo - - - - - - Specifies the OpenID provider authentication mode either checkid_immediate or checkid_setup. checkid_setup is the default authentication mode. - - OpenID provider authentication mode - - - - - - - - - The checkid_setup enables the openID provider to interact with the user, to request authentication or self-registration before returning a result to the openId relying party. - - - - - The checkid_immediate disables the browser interact with the user. - - - - - - - - - - Specifies whether enable host name verification or not. - - Host name verification enabled - - - - - - Specifies the attribute for the OpenID provider name. - - OpenID provider realm identifier - - - - - - Specifies a default OpenID provider URL where users get the Open IDs. - - OpenID provider URL - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - - - - Specifies the user information that is included in the response of the openID provider. - - User Information - - - - - - - - Specifies an alias name. - - Alias name - - - - - - Specifies a URI type. - - URI type - - - - - - Specifies how much userInfo is included in the response of the openID provider. - - Count - - - - - - - - - - - - - - - - Specifies whether user information is required or not. - - Required - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Schedules and runs persistent tasks. - - Persistent Scheduled Executor - - - - - - Configures how context is captured and propagated to threads. - - Thread Context Propagation - - - - - - - Determines whether or not this instance may run tasks. - - Enable task execution - - - - - - Duration of time to wait before this instance might poll the persistent store for tasks to run. A value of -1 delays polling until it is started programmatically. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Initial poll delay - - - - - - The amount of time after the expected start of a task run to reserve for running the task. Other members are prevented from running the task before the expiration of this interval. If the interval elapses without the task running successfully, or the task rolls back, then the task run is considered missed, enabling another member to attempt to run it. Missed task threshold values within the supported range of 100 seconds to 9000 seconds (2.5 hours) enable failover. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Missed task threshold for fail over - - - - - - Limit of consecutive retries for a task that has failed or rolled back, after which the task is considered permanently failed and does not attempt further retries. A value of -1 allows for unlimited retries. - - Retry limit - - - - - - - - - - - - - - - - - - Persistent store for scheduled tasks. - - Persistent task store reference - databaseStore - - - - - - Configures how context is captured and propagated to threads. - - Thread context propagation reference - contextService - - - - - - Interval at which the executor looks for tasks in the persistent store to run. If unspecified and fail over is enabled, a poll interval is automatically computed. If fail over is not enabled, the default is -1, which disables all polling after the initial poll. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Poll interval - - - - - - The maximum number of task entries to find when polling the persistent store for tasks to run. If unspecified, there is no limit. - - Poll size - - - - - - - - - - - - - - - - The amount of time that must pass between consecutive retries of a failed task. The retry interval applies only when failover is disabled. When failover is enabled, servers retry at their next poll. When failover is not enabled, the first retry occurs immediately on the same server, and at the retry interval thereafter. The default retry interval is 1 minute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Retry interval - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Provides warnings and diagnostic information for the slow or hung requests. - - Request Timing - - - - - - - - - - - Duration of time that a request can run before being considered slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Slow request threshold - - - - - - Duration of time that a request can run before being considered hung. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Hung request threshold - - - - - - Indicates whether thread dumps are created when a hung request is detected. When this value is set to true (default), thread dumps are created. When set to false, thread dumps are not created. - - Enable thread dumps - - - - - - Rate at which the sampling should happen for the slow request tracking. To sample one out of every n requests, set sampleRate to n. To sample all requests, set sampleRate to 1. - - Sampling rate - - - - - - - - - - - - - - - - Indicates if the context information details are included in the log output. - - Include context information - - - - - - Indicates whether a request that is hung is to be interrupted. A value of true causes the requestTiming-1.0 feature to attempt to interrupt the hung request. A value of false allows the request to continue to run. - - Interrupt hung requests - - - - - - - - - This element contains artifacts that control the level of file access exposed for remote connections. - - Remote File Access - - - - - - A directory that remote clients are allowed to read from. There can be multiple readDir elements, and each represents a single directory that may refer to variables or absolute paths. Default is ${wlp.install.dir}, ${wlp.user.dir} and ${server.output.dir} - - Read access directory - - - - - - A directory that remote clients are allowed to read from and write to. There can be multiple writeDir elements, and each represents a single directory that may refer to variables or absolute paths. Default is an empty set of directories. - - Write access directory - - - - - - - - - - A collection of users, groups, or both that are assigned the server reader role. - - Reader Role - - - - - - User assigned a role. - - User name - - - - - - A user access ID in the general form user:realmName/userUniqueId. - - User access ID - - - - - - Group assigned a role. - - Group name - - - - - - A group access ID in the general form group:realmName/groupUniqueId. - - Group access ID - - - - - - - - - - A collection of users, groups, or both that are assigned the server administrator role. - - Administrator Role - - - - - - User assigned a role. - - User name - - - - - - A user access ID in the general form user:realmName/userUniqueId. - - User access ID - - - - - - Group assigned a role. - - Group name - - - - - - A group access ID in the general form group:realmName/groupUniqueId. - - Group access ID - - - - - - - - - - Simple administrative security configuration. - - Quick Start Security - - - - - - - - Single user defined as part of the quick start security configuration. This user is granted the Administrator role. - - User name - - - - - - Password for the single user defined as part of the quick start security configuration. It is recommended that you encode or hash this password. To do so, use the securityUtility tool with the encode option. - - User password - - - - - - - - - When specified, the security context of the work initiator is propagated to the unit of work. - - Security Context - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for HTTP session management. - - HTTP Session - - Specifies a mechanism for HTTP session management. - Controls how unused sessions are cleaned up. - Controls how cookies are used. - Controls how URL rewriting is used. - Controls how sessions are secured. - Controls how sessions are passivated and activated between servers. - The default values of these options work for most environments. - - - - - - - - Maximum number of sessions to maintain in memory for each web module. - - Maximum in-memory session count - - - - - - Allows the number of sessions in memory to exceed the value of the Max in-memory session count property. - - Allow session overflow - - - - - - Specifies that session tracking uses Secure Sockets Layer (SSL) information as a session identifier. - - Enable SSL identifier tracking - - - - - - - Specifies that session tracking uses cookies to carry session identifiers. - - Enable cookies - - - - - - - Specifies that the session management facility uses rewritten URLs to carry the session identifiers. - - Enable URL rewriting - - - - - - - Amount of time a session can go unused before it is no longer valid, in seconds if unit of time isn't specified. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Session timeout - - - - - - - The wake-up interval, in seconds, for the process that removes invalid sessions. The minimum value is 30 seconds. If a value less than the minimum is entered, an appropriate value is automatically determined and used. This value overrides the default installation value, which is between 30 and 360 seconds, based off the session timeout value. Because the default session timeout is 30 minutes, the reaper interval is usually between 2 and 3 minutes. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Reaper poll interval - - - - - - - If your requests normally are not bound by a response time limit, specify 0 to indicate that the session manager should wait indefinitely until a request is complete before attempting to invalidate the session. Otherwise, set this property to a positive integer to delay the invalidation of active sessions. Active timed out sessions will not be invalidated by the first invalidation interval pass, but will be invalidated by the interval pass based on this value. For example, a value of 2 would invalidate an active session on the second invalidation interval pass after the session timeout has expired. - - Force invalidation multiple - - - - - - - A unique name for a session management cookie. - - Cookie name - - - - - - - Domain field of a session tracking cookie. - - Cookie domain - - - - - - - Maximum amount of time that a cookie can reside on the client browser. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Cookie maximum age - - - - - - - A cookie is sent to the URL designated in the path. - - Cookie path - - - - - - - Specifies that the cookie path equals the context root of the web module instead of / - - Use context root as cookie path - - - - - - - Specifies that the session cookies include the secure field. - - Restrict cookies to HTTPS sessions - - - - - - - Specifies that session cookies include the HttpOnly field. Browsers that support the HttpOnly field do not enable cookies to be accessed by client-side scripts. Using the HttpOnly field will help prevent cross-site scripting attacks. - - Include HttpOnly field in session cookies - - - - - - - Specifies a SameSite attribute value to use for session cookies. - - Include a SameSite attribute in session cookies - - - - - - - - - Do not set a SameSite attribute value on the session cookies - - - - - Set the session cookie SameSite attribute value to Lax - - - - - Set the session cookie SameSite attribute value to None - - - - - Set the session cookie SameSite attribute value to Strict - - - - - - - - - - Use this property to change the key used with URL rewriting. - - Rewrite identifier - - - - - - - Adds the session identifier to a URL when the URL requires a switch from HTTP to HTTPS or from HTTPS to HTTP. - - Enable protocol switch rewriting - - - - - - - The Servlet 2.5 specification specifies to not encode the URL on a response.encodeURL call if it is not necessary. To support backward compatibility when URL encoding is enabled, set this property to true to call the encodeURL method. The URL is always encoded, even if the browser supports cookies. - - Always encode URL - - - - - - - Enables security integration, which causes the session management facility to associate the identity of users with their HTTP sessions. - - Associate identity of users with HTTP sessions - - - - - - - Indicates that the session security identity and the client security identity should be considered a match even if their cases are different. For example, when this property is set to true, the session security identity USER1 matches the client security identities User1 and user1. - - Security user ignore case - - - - - - - Set this property to true if, in response to an unauthorized request, you want the session manager to invalidate a session instead of issuing an UnauthorizedSessionRequestException. When a session is invalidated, the requester can create a new session, but does not have access to any of the previously saved session data. This allows a single user to continue processing requests to other applications after a logout while still protecting session data. - - Invalidate sessions requested by invalid users - - - - - - - The clone identifier of the cluster member. Within a cluster, this identifier must be unique to maintain session affinity. When set, this name overwrites the default name generated by the server. - - Clone identifier - - - - - - - The single character used to separate the session identifier from the clone identifier in session cookies. The default value should usually be used. On some Wireless Application Protocol (WAP) devices, a colon (:) is not allowed, so a plus sign (+) should be used instead. Different values should rarely be used. You should understand the clone character requirements of other products running on your system before using this property to change the clone separator character. The fact that any character can be specified as the value for this property does not imply that the character you specify will function correctly. This fact also does not imply that IBM is responsible for fixing any problem that might arise from using an alternative character. - - Clone separator - - - - - - - Length of the session identifier. - - Session identifier length - - - - - - - In a multi-JVM environment that is not configured for session persistence, setting this property to "true" enables the session manager to use the same session information for all of a user's requests even if the web applications that are handling these requests are governed by different JVMs. The default value for this property is false. Set this property to true if you want to enable the session manager to use the session identifier sent from a browser to preserve session data across web applications that are running in an environment that is not configured for session persistence. - - Reuse identifier - - - - - - - Forces removal of information that is not needed in session identifiers. - - No additional info - - - - - - - Enable this option to perform additional checks to verify that only the session associated with the request is accessed or referenced, and log messages if any discrepancies are detected. Disable this option to skip the additional checks. - - Debug crossover - - - - - - - Httpsession activeCount metric might become inaccurate when the session is accessed by multiple applications. Set the property to "false" to resolve the issue. - - Modify active count on invalidated session - - - - - - - Enable this option to allow serialized access to session data. - - Allow serialized access - - - - - - - The amount of time, in seconds, a servlet waits on a session before it continues execution. - - Max wait time - - - - - - - This property gives the servlet access to the session, which allows normal execution even if the session is still locked by another servlet. Set this property to false to stop the servlet execution when the session requests a timeout. The default value is true. - - Access on timeout - - - - - - - Additional properties related to session management. - - Additional properties - - - - - - - - - Properties used when generating the web server plugin configuration file - - Web Server Plugin - - - - - - Specify the identifier of the http endpoint to include in the generated plugin-cfg.xml file. The endpoint defines the server in the cluster. The default value is 'defaultHttpEndpoint'. - - Http Endpoint - - - - - - Additional properties to be added to the Config element in the generated plug-in configuration file. These properties can be specified by IBM support to modify behavior of the web server plug-in. For more information, see https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/rwsv_plugin_propstable.html - - Additional Properties - - - - - - - Web server plugin installation location in file system of web server host - - Plugin install location - - - - - - Name of the web server where this configuration will be used. Used to generate the plugin log file location if that is not specified explicitly by Log file name or directory. - - Web server name - - - - - - Web server HTTP port - - Web server HTTP port - - - - - - - - - - - - - - - - - - Web server HTTPS port - - Web server HTTPS port - - - - - - - - - - - - - - - - - - The fully qualified path to the SSL keyring file on the web server host - - Location of SSL keyring - - - - - - The fully qualified path to the SSL stashfile on the web server host - - Location of SSL stashfile - - - - - - Specifies the label of the certificate within the keyring that the plug-in is to use when the web container requests a client certificate from the plug-in. - - SSL cert label - - - - - - Used when resolving an application server host name of {null} or {0}, to prefer the type of address when possible - - IPv6 is preferred - - - - - - Specify the identifier of the http endpoint to include in the generated plugin-cfg.xml file. The endpoint defines the server in the cluster. The default value is 'defaultHttpEndpoint'. - - Http endpoint - httpEndpoint - - - - - - Identifies the maximum amount of time that the application server should maintain a connection with the web server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connection timeout - - - - - - Identifies the maximum amount of time that the web server plugin waits to send a request or receive a response from the application server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Use read/write timeout - - - - - - Identifies the maximum amount of time that the web server plugin waits to send a request or receive a websocket response from the application server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Use read/write timeout for websockets - - - - - - Identifies the maximum amount of time that the web server plugin waits to terminate an idle websocket connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Websocket idle connection timeout - - - - - - If true, the web server plugin uses an extended handshake to determine if the application server is running. - - Use extended handshake - - - - - - If false (the default value), the web server plugin sends the "Expect: 100-continue" header with HTTP requests that have a message body. When set to true, the web server plugin sends the "Expect: 100-continue" header with every HTTP request. Consider setting this value to true if you have a firewall between the web server and the application server, and are sensitive to requests retries with no request body. - - Always use "Expect: 100-continue" headers - - - - - - A fully qualified path to to the web server plug-in log file. Directory component must already exist. For Apache-based web servers, a path that begins with a pipe character is interpreted as an external piped logger. If specified, the path overrides logDirLocation. - - Log file name - - - - - - Deprecated: Identifies the directory where the http_plugin.log file is located. See Log file name. - - Directory of the http_plugin.log file - - - - - - Limits the number of request retries after a read or write timeout. The default value, {-1}, applies no additional limits, so retries are limited by the number of available servers in the cluster. A {0} value indicates there should be no retries. This value is scoped to the server cluster and does not apply to connection failures or timeouts due to the HTTP plug-in Connection timeout, or to web socket timeouts. - - Maximum retries after read or write timeout - - - - - - - - - - - - - - - - - - This value is dynamically changed during run time. The weight of a server is lowered each time a request is assigned to that server. When all weights for all servers drop to 0 or a lesser value, the web server plug-in readjusts all the weights so that they are greater than 0. - - Starting weight of the server - - - - - - The server role identifies a server as primary or backup. When primary servers are available, the web server plug-in uses them for load balance and failover. However, if none of the primary servers are available, the web server plug-in uses only backup servers for load balance and failover. - - Designation of the server role - - - - - - - - - Primary - - - - - Backup - - - - - - - - - - ESIEnable property enables Edge Side Include processing to cache the responses. This property provides the option to disable ESI in the web server plugin configuration file. - - Override the ESIEnable property - - - - - - ESIMaxCacheSize is the maximum size of the cache which defaults to 1MB. This property provides the option to override the value in the web server plugin configuration file. - - Override the ESIMaxCacheSize property - - - - - - ESIInvalidationMonitor specifies if the ESI processor should receive invalidations from the application server. This property provides the option to override the value in the web server plugin configuration file. - - Override the ESIInvalidationMonitor property - - - - - - ESIEnableToPassCookies allows forwarding of session cookies to WebSphere Application Server. This property provides the option to override the value in the web server plugin configuration file. - - Override the ESIEnableToPassCookies property - - - - - - Enables trusted proxies to be used. When specified, this property overrides the value in the web server plug-in configuration file. - - Override the TrustedProxyEnable property - - - - - - A comma-separated list of trusted proxies. When specified, this property overrides the value in the web server plug-in configuration file. - - Override the TrustedProxyGroup property - - - - - - Indicates whether the webserver plug-in ignores affinity requests when it is tracking runtime weight for round-robin load balancing. - - Ignore affinity requests - - - - - - - - - Configuration for the web container. - - Web Container - - - - - - - - A comma separated list of listener classes. - - Listeners - - - - - - Decode URLs using an encoding setting of UTF-8. - - Decode URLs using UTF-8 encoding - - - - - - Enable file serving if this setting was not explicitly specified for the application. - - Enable file serving - - - - - - Disables all file serving by applications. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.disallowAllFileServing. - - Disallow all file serving - - - - - - Enable directory browsing of an application. - - Enable directory browsing - - - - - - Enable servlets to be accessed in a web application using a class name if not explicitly specified. - - Serve servlets by class name - - - - - - Disallows the use of serveServletsByClassnameEnabled on the application server level. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.disallowserveservletsbyclassname. - - Disallow serve servlet by class name - - - - - - A semi-colon delimited list of classes to be completely disallowed from being served by classname. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.donotservebyclassname. - - Do not serve by class name - - - - - - For SSL offloading, set to the name of the HTTP header variable inserted by the SSL accelerator/proxy/load balancer. - - HTTPS indicator header - - - - - - When this property is set to true, a servlet can access static files in the WEB-INF directory. When this property is set to false, which is the default, a servlet cannot access static files in the WEB-INF directory. - - Expose web info on dispatch - - - - - - Decode the plus sign when it is part of the URL. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.decodeurlplussign. For servlet-5.0 and newer Servlet features, the default value is false. - - Decode url plus sign - - - - - - Web container will generate SMF and PMI data when serving the static files. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.fileWrapperEvents. - - File wrapper events - - - - - - Restore HTTP TRACE processing. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.DefaultTraceRequestBehavior. - - Allow the HTTP TRACE request method to be invoked - - - - - - Restore the behavior where the HEAD request is not subject to the security constraint defined for the GET method. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.DefaultHeadRequestBehavior. - - Allow the HTTP HEAD request method to be invoked - - - - - - Enables the web container to support the use of symbolic links. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.TolerateSymbolicLinks. - - Tolerate symbolic links - - - - - - Initial size of the symbolic link cache. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.SymbolicLinksCacheSize. - - Symbolic link cache size - - - - - - Web container is updated to search and use the exception-type before the error-code. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst. - - Enable error exception type first - - - - - - Retain post data for multiple read accesses. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.enablemultireadofpostdata. - - Enable multiple reads of post data - - - - - - Web container will return an enumeration of a copy of the list of attributes to the servlet to avoid a concurrent access error by the servlet. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.copyattributeskeyset. - - Copy the request attributes list - - - - - - Web container will re-throw errors allowing interested resources to process them. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.dispatcherRethrowser. - - Rethrow error - - - - - - Improves performance by preventing the web container from accessing a session for static file requests involving filters. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.IgnoreSessiononStaticFileRequest. - - Ignore session for static file requests - - - - - - Web container will call the filter's init() method at application startup. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.invokeFilterInitAtStartup. - - Invoke filter init at startup - - - - - - Allow the JSP mapping to be overridden so that the application can serve the JSP contents itself. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.enablejspmappingoverride. - - JSP mapping override - - - - - - Always evaluate whether to ignore EL expressions in tag files. If parent JSP files have different isELIgnored settings, the setting will be re-evaluated in the tag file. The equivalent custom property in the full profile application server is com.ibm.ws.jsp.enabledefaultiselignoredintag. - - Evaluate isELIgnored behavior in JSP tag files - - - - - - Web container will detect non URL encoded UTF-8 post data and include it in the parameter values. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.parseutf8postdata. - - Parse UTF-8 post data - - - - - - Log servlet container class loading errors as warnings rather than logging them only when debug is enabled. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.logservletcontainerinitializerclassloadingerrors. - - Warn on ServletContainerIntializer errors - - - - - - Allow RequestDispatch to send errors on Include methods. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.allowincludesenderror. - - Allow include send errors - - - - - - Do not search the meta-inf directory for application resources. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.skipmetainfresourcesprocessing. - - Skip meta-inf resources processing - - - - - - Initial size (number of entries) of the meta-inf resource cache. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.metainfresourcescachesize.name. - - Meta-inf resources cache size - - - - - - Alternative string for the X-Powered-By header setting. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.xpoweredby. There is no default value for this property. If the property is not set, the value of the X-Powered-By header is set to Servlet/<servlet spec version>, as defined by the Servlet specification. - - X-Powered-By - - - - - - When this property is set to true, the X-Powered-By header is not set. In servlet-5.0 and later, the default value is true. In servlet-4.0 and earlier, the X-Powered-By header is set by default. This property is configurable only in servlet-5.0 and earlier. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.disablexpoweredby. - - Disable the X-Powered-By header - - - - - - Defer servlet loading from application server startup. - - Defer servlet load - - - - - - Maximum size of tasks in the Async task pool before automatically purging canceled tasks. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asyncmaxsizetaskpool. - - Async servlet maximum pool size - - - - - - Time interval to wait between each required purge of the cancelled task pool. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asyncpurgeinterval. - - Async servlet purge interval - - - - - - Async servlet timeout value used when a timeout value has not been explcitly specified. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asynctimeoutdefault. - - Default async timeout - - - - - - Maximum number of threads to use for async servlet timeout processing. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asynctimerthreads. - - Async timer threads - - - - - - Toggle to set content length when an application explicitly closes the response. The default value is true; however, set this value to false if an application response contains double-byte characters. - - Set content length on close - - - - - - Toggle if you want to return an empty collection, instead of null, when no servlet mappings are added. The default value is false. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.emptyservletmappings. - - Return empty servlet mappings - - - - - - Toggle if you want to defer ServletRequestListener destroy when there is an error serving the request. The default value is false, but is true for servlet 5.0 and later. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.deferServletRequestListenerDestroyOnError. - - Defer servlet request listener destroy - - - - - - Toggle to load the ExpressionFactory that is set by the application. Enable this custom property if you are using a custom EL implementation (for example, JUEL) that needs to set its own ExpressionFactory. - - Allow expression factory per application - - - - - - Toggle to ignore the trailing semicolon when redirecting to the welcome page. The default value is false. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.ignoreSemiColonOnRedirectToWelcomePage. - - Ignore semicolon on redirect to welcome page - - - - - - Toggle to use the semicolon as a delimiter in the request URI. The default value is false. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.useSemiColonAsDelimiterInURI. - - Use semicolon as delimiter in URI - - - - - - Wait time in seconds for an active request to complete when the owning application is stopped. The default value is 60 seconds. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.servletDestroyWaitTime. - - Wait for an active request to complete - - - - - - Set the servlet path value to the request URI minus the context path. The path information is null when a servlet is used as a default mapping. The default value is true for version 4.0 or later of the servlet feature. It is false for other servlet features. When mapping is to the /* pattern, the servlet path is empty and the path information starts with a leading slash (/). - - Set the servlet path value for a default mapping - - - - - - Throw an illegal state exception when an asynchronous request cannot be completed or dispatched. The default is true. If the asynchronous request must complete or the dispatch method must return, even if the call does not succeed, set the property to false. - - Throw exception for not complete or dispatch asyn - - - - - - Return non-null paths from the ServletContext.getRealPath(String) method, even if no resource exists at the given path. The default is true. If applications expect the getRealPath method to return null when given a path for which no resource exists, set the property to false. - - Always return a non-null path from getRealPath - - - - - - Some web applications depend on context listeners for setup before the web application starts. When this property is set to true, the application stops starting up when an unhandled exception is thrown from the context listeners. For servlet-5.0 and newer Servlet features, the default value is true. - - Stop application for unhandled listener exception - - - - - - Send redirect response to a relative URL location without processing it. Set this property to true to send redirect response without converting the URL to an absolute location. - - Send redirect response to a relative URL location - - - - - - Enables the HTTP Strict Transport Security (HSTS) header for HTTPS responses and allows a value to be set for that header, for example: "max-age=31536000;includeSubDomains". HSTS can also be configured in the web.xml file by setting the "com.ibm.ws.webcontainer.ADD_STS_HEADER_WEBAPP" context parameter. - - Add the HTTP strict transport security header - - - - - - When this property is set to true, if the query parameter in a URL contains only the string name, the server returns an empty string as the value for the request.getParameter(name) query. When this property is set to false, the server returns null as the value for the request.getParameter(name) query. The default value is false, but is true for servlet 5.0 and higher. - - Allow query parameters with no value - - - - - - When this property is false, the webcontainer will not set the response's content type header during the error handling process. An application is responsible to set the response's content type. The default value (true) sets the content type to "text/html". - - Disable text/html content type on error responses - - - - - - When this property is set to true, during startup, ServletContainerInitializer implementors that use the HandlesTypes annotation do not receive classes that are specified as HandlesTypes parameters. - - Disable returning handlesTypes parameters - - - - - - A request is rejected if the request URI contains the %23, %2E, %2F, or %5C encoded characters. When this property is set to true, the request URI is not checked for these encoded characters. This property is available starting in servlet 6.0, and default value is false. - - Skip verification of encoded characters in URI - - - - - - The maximum number of files that can be uploaded by a multipart/form-data request. The default value is 5000. For unlimited file upload, set the value to -1. - - The maximum uploaded files in a single request - - - - - - - - - Additional properties to be added to the Config element in the generated plug-in configuration file. These properties can be specified by IBM support to modify behavior of the web server plug-in. For more information, see https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/rwsv_plugin_propstable.html - - Additional Properties - - - - - - - - - [extraProperties.com.ibm.ws.generatePluginConfig.properties.description, extraProperties.description] - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for the Cross-Origin Resource Sharing (CORS). - - Cross-Origin Resource Sharing - - - - - - - - The domain name represents the URL being setup with these CORS settings. - - Domain name - - - - - - A comma-separated list of origins that are allowed to access the configured domain. If this is set to "*", it indicates the resource is publicly accessible, with no access control checks. Also, the value of "null" indicates the domain must not be accessible. - - Allowed origins - - - - - - A comma-separated list of HTTP methods allowed to be used by the origin domain when making requests to the configured domain. - - Allowed methods - - - - - - A comma-separated list of HTTP headers that are allowed to be used by the origin domain when making requests to the configured domain. If this is set to "*", it indicates the request can include any HTTP headers. - - Allowed headers - - - - - - A comma-separated list of HTTP headers that are safe to expose to the calling API. - - Expose headers - - - - - - A long that indicates how many seconds a response to a preflight request can be cached in the browser. - - Max age - - - - - - A boolean that indicates if the user credentials can be included in the request. - - Allow credentials - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for the SIP stack - - SIP Stack - Override RFC3261 SIP Timers default values - - - - - - A comma-separated list of headers that is not output to the SIP container logs. - - Hide message headers - - - - - - A list of header fields that should be comma-separated. If there are multiple values of the same header, the headers are not duplicated and the value will be in the same header separated by a comma. - - Comma separated headers - - - - - - A list of header parameters with values that are quoted. - - SIP quoted parameters - - - - - - - Hide message content in the SIP container logs. - - Hide message body - - - - - - Hide the message request URI in the SIP container logs. - - Hide message request URI - - - - - - The SIP container automatically sends a 100 response code when an INVITE request is received. - - Automatic 100 on invite - - - - - - The SIP container automatically sends a 482 response code when a merged request is received. This behavior is defined in the SIP RFC 3261 Section 8.2.2.2. - - Automatic 482 on merged requests - - - - - - Connections are reused in subsequent requests even if the alias parameter exists in the via header. - - Force connection reuse - - - - - - Accept byte sequences that are not encoded in UTF-8. - - Accept non-UTF-8 bytes - - - - - - The amount of time that the SIP container keeps a cached InetAddress entry and does not resolve it again. - - Network address cache TTL - - - - - - The round-trip time (RTT) estimate, in milliseconds, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - T1 - - - - - - - The maximum retransmit interval, in milliseconds, for non-INVITE requests and INVITE responses, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - T2 - - - - - - - The maximum duration that a message remains in the network in milliseconds, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - T4 - - - - - - - The initial INVITE request retransmit interval for UDP only, in milliseconds, as defined in RFC 3261. The default value equals T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - A - - - - - - - The INVITE client transaction timeout timer, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - B - - - - - - - The wait time for INVITE response retransmits, in milliseconds, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - D - - - - - - - The initial non-INVITE request retransmit interval for UDP only, in milliseconds, as defined in RFC 3261. The default value equals T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - E - - - - - - - The non-INVITE transaction timeout timer, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - F - - - - - - - The wait time for ACK retransmits, in milliseconds, as defined in RFC 3261. The default value equals T4. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - I - - - - - - - The wait time for non-INVITE request retransmits, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - J - - - - - - - The wait time for non-INVITE response retransmits, in milliseconds, as defined in RFC 3261. The default value equals T4. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - K - - - - - - - The maximum transmission unit (MTU) for outbound UDP requests, as defined in RFC 3261-18.1.1. - - Path maximum transmission unit - - - - - - Defines when the SIP stack uses compact headers when encoding a message. - - Compact headers - - - - - - - - - Headers are never sent in compact form - - - - - Headers are sent in compact form only when MTU is exceeded - - - - - Headers are sent according to JSR289 javax.servlet.sip.SipServletMessage.setHeaderForm(javax.servlet.sip.SipServletMessage.HeaderForm) - - - - - Headers are always sent in compact form - - - - - - - - - - The custom property should be set to true to mandate the SIP Container to send a request from the SipProvider instance that is selected by the application using SipProvider.sendRequest(). By default, a request is sent using any provider. - - Strict outbound local port - - - - - - The custom property should be set to true to mandate the SIP Container to send a request from the SipProvider instance that is selected by the application using SipProvider.sendRequest(). By default, a request is sent using any provider. - - Use listening point from outbound - - - - - - Indicates whether to clone an ACK request for 2xx retransmissions. By default, the same ACK instance is sent on every retransmission causing issues when the ACK request is modified by the next element upstream. When set to true, the original ACK request is cloned and the copy of the original request is sent on every retransmission.. - - Clone ACK on 2xx retransmission - - - - - - The initial INVITE response retransmit interval, in milliseconds, as defined in RFC 3261. The default value equals T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - G - - - - - - - The wait time for ACK receipts, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - H - - - - - - - - - - Configuration for the SIP application router - - SIP Application Router - - - - - - - - The location of the default application router (DAR) properties file. This value is mapped to JSR 289 javax.servlet.sip.ar.dar.configuration. The DAR must be configured as specified in JSR 289. - - SIP application router DAR file location - - - - - - The error response code that is sent by the SIP container when no active servlet can be mapped to an incoming initial request. - - SIP response error code when no route found - - - - - - The fully qualified domain name (FQDN) of the custom application router provider. Set to an asterisk (*) to use an arbitrary available provider. - - Custom application router provider - - - - - - Applications are routed using the available custom application router; otherwise, the default application router is used. - - Enable custom application router loading - - - - - - - - - Configuration for the SIP domain resolver - - SIP Domain Resolver - - - - - - Allows a SIP URI to be resolved through DNS into the IP address, port, and transport protocol. The value is a String that contains exactly one or two address and port tuples, where two tuples are separated by a space. - - DNS servers - - - - - - - Resolve domain names automatically. - - DNS auto resolve - - - - - - Defines the transport protocol for DNS lookup to resolve RFC 3263 SIP URIs. If set to Y, UDP is used. If set to N, TCP is used. - - DNS UDP lookup method - - - - - - - - - Y - - - - - N - - - - - - - - - - The UDP payload size in bytes for the DNS resolver service. - - DNS UDP payload size - - - - - - - - - - - - - - - - - - The number of seconds after which a single query times out for the DNS failover mechanism. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - DNS single query timeout - - - - - - The number of allowed DNS lookup failures for the DNS failover mechanism. - - DNS allowed failures - - - - - - The minimum window size for the DNS failover mechanism. - - DNS minimum window size - - - - - - The resolver service window size interval for the DNS failover mechanism. - - DNS window size interval - - - - - - The minimum time in minutes after which cached DNS queries time out. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - DNS request cache timeout minimum - - - - - - Add an IBMTTL parameter to the SIP URI. - - Add TTL - - - - - - - - - Configuration for the SIP servlets container - - SIP Container - - - - - - Configuration for the SIP introspect - - SIP Introspect - - - - - - Configuration for the executor of parallel SIP tasks - - SIP Performance - - - - - - - When the SIP container shuts down, the sessions are no longer valid. By default, sessions remain active until they expire. - - Invalidate sessions on shutdown - - - - - - Save the message arrival time as an attribute of the message. - - Save message arrival time - - - - - - Mark internally generated responses by setting the com.ibm.websphere.sip.container.internal.message attribute on the response. - - Add mark internally generated response header - - - - - - On a multi-homed host, the custom property should be set to true to mandate the use of a particular outbound interface. In case the custom property is not applied or set to false, the container shall apply default behavior of interface selection. - - Enable setting outbound interface - - - - - - On a multi-homed host, when a loopback adapter is used as an outbound interface, the custom property should be set to true to mandate the use of the selected outbound interface. In case the custom property is not applied or set to false, the container shall apply default behavior of interface selection. - - Enable setting outbound interface for loopback - - - - - - By default, the IBM-PO header is set in any request. The header field is used internally and defines the outbound interface that should be used when sending a message to the destination. Setting the custom property to false avoids setting the header field when a request is sent over a loopback adapter. - - Add IBM-PO header - - - - - - The burst factor for the message queue size. The message queue size is set to (dispatcher message queue size) * (message queue burst factor). Setting a burst factor handles bursts in traffic by providing additional space in the queue before new messages are dropped. - - Message queue burst factor - - - - - - The maximum number of SIP application sessions allowed at once. - - Max application sessions - - - - - - The maximum number of messages allowed per averaging period. - - Max message rate - - - - - - The maximum number of tasks that a SIP container queue can contain before it declares an overload state. - - Dispatcher message queue size - - - - - - The maximum response time allowed in milliseconds. When set to 0, the response time is unlimited. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Max response time - - - - - - - - - Configuration for the executor of parallel SIP tasks - - SIP Performance - - - - - - - - The maximum number of concurrent SIP tasks that can be dispatched to the executor. - - Concurrent SIP tasks - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for the SIP endpoint - - SIP Endpoint - - - - - - Defines TCP protocol settings - - TCP Endpoint Options - - - - - - Defines SSL protocol settings - - SSL Endpoint Options - - - - - - - Defines TCP protocol settings - - TCP options reference - tcpOptions - - - - - - Defines SSL protocol settings - - SSL options reference - sslOptions - - - - - - The TCP port used by the SIP endpoint. Use -1 to disable this port. - - SIP TCP port - - - - - - The UDP port used by the SIP endpoint. Use -1 to disable this port. - - SIP UDP port - - - - - - The TLS port used by the SIP endpoint. Use -1 to disable this port. - - SIP secure TLS port - - - - - - The number of retries that are attempted when port binding is unsuccessful. - - Retries - - - - - - The delay between retries in milliseconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Retries delay - - - - - - The IP of the endpoint host - - Host - defaultHostName - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for the SIP introspect - - SIP Introspect - - - - - - - - The level of SIP state details to include when generating server dump. - - Dump verbosity - - - - - - - - - Server dumps include only the SIP application sessions and SIP sessions IDs - - - - - Includes the detailed state of the SIP application sessions and the SIP sessions in the server dump. - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Defines the properties of a Spring Boot application. - - Spring Boot Application - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start After - - - - - - Defines the settings for an application classloader. - - Classloader - - - - - - Defines an application argument which is passed to the main method of the start class for a Spring Boot application. - - Application argument - - - - - - - Location of an application expressed as an absolute path or a path relative to the server-level apps directory. - - Location - - - - - - Name of an application. - - Name - - - - - - Indicates whether or not the server automatically starts the application. - - Automatically start - - - - - - Specifies applications that are required to start before this application can begin starting. - - Start after - application - webApplication - enterpriseApplication - ejbApplication - resourceAdapter - springBootApplication - - - - - - Defines the settings for an application classloader. - - Classloader - classloader - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The default repertoire for SSL services. - - SSL Default Repertoire - - - - - - - - The name of the SSL repertoire that will be used as the default. The default SSL repertoire called defaultSSLConfig is used if none is specified. - - Default SSL repertoire - ssl - - - - - - The name of the SSL repertoire that will be used as the default for outbound SSL connections. The default SSL repertoire will be used if no SSL repertoire is specified. This attribute is ignored if the transportSecurity-1.0 feature is not specified. - - Outbound default SSL repertoire - ssl - - - - - - Specifies whether SSL outbound host name verification is enabled. The default is false. If set to true, then during the outbound SSL handshake requests, the JDK will verify that the returned certificate contains a host name that matches the outbound HTTP request. - - Perform outbound host name verification - - - - - - - - - An SSL repertoire with an ID, a defined keystore, and an optional truststore. - - SSL Repertoire - - - - - - A keystore containing key entries for the SSL repertoire. This attribute is required. - - Keystore - - - - - - A keystore containing trusted certificate entries used by the SSL repertoire for signing verification. This attribute is optional. If unspecified, the same keystore is used for both key and trusted certificate entries. - - Truststore - - - - - - - - - A keystore containing key entries for the SSL repertoire. This attribute is required. - - Keystore - keyStore - - - - - - A keystore containing trusted certificate entries used by the SSL repertoire for signing verification. This attribute is optional. If unspecified, the same keystore is used for both key and trusted certificate entries. - - Truststore - keyStore - - - - - - The SSL handshake protocol. The protocol can be set to a single value found in the documentation for the underlying JRE's Java Secure Socket Extension (JSSE) provider. When using the IBM JRE the default value is SSL_TLSv2 and when using the Oracle JRE the default value is SSL. The protocol can also be a comma-separated list of any of the following values: TLSv1, TLSv1.1, TLSv1.2, or TLSv1.3. - - SSL protocol - - - - - - Specifies whether client authentication is enabled. If set to true then client authentication is required and the client must provide a certificate for the server trusts. - - Client authentication - - - - - - Specifies whether a client authentication is supported. If set to true then the client authentication support means the server will check trust from a client if the client presents a certificate. - - Client authentication is supported - - - - - - Specifies the cipher suite group used by the SSL handshake. HIGH are 3DES and 128 bit and higher ciphers, MEDIUM are DES and 40 bit ciphers, LOW are ciphers without encryption. If the enabledCiphers attribute is used the securityLevel list is ignored. - - Security level - - - - - - - - - Cipher suites 3DES and 128 bit and higher - - - - - Cipher suites DES and 40 bit - - - - - Cipher suites without encryption - - - - - Custom list of cipher suites - - - - - - - - - - Specifies the alias of the certificate in the keystore that is used as the key to send to a server that has client authentication enabled. This attribute is only needed if the keystore has more than one key entry. - - Client key alias - - - - - - Specifies the alias of the certificate in the keystore used as the server's key. This attribute is only needed if the keystore has more then one key entry. - - Server key alias - - - - - - Specifies a custom list of ciphers. Separate each cipher in the list with a space. The supported cipher will depend on the underlying JRE used. Please check the JRE for valid ciphers. - - Enabled ciphers - - - - - - Specifies whether host name verification for outbound connections using a specific SSL configuration is enabled. If set to true, then all outbound SSL connections that use the specified SSL configuration undergo verification of the target server host name against that server's certificate. The attribute is set to false by default. - - Host name verification - - - - - - Specifies whether the trust manager can establish trust by using the default certificates. If set to true, then the default certificates are used in addition to the configured truststore file to establish trust. The attribute is set to false by default. - - Trust the default certificates - - - - - - Specify on the server socket whether to enforce the cipher order. If set to true, the server socket is enabled to enforce the cipher order. The attribute is set to false by default. - - Enforce cipher order on the server side - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A repository of security certificates used for SSL encryption. - - Keystore - - - - - - - - - A unique configuration ID. - - ID - - - - - - The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password. - - Password - - - - - - An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12. - - Location - - - - - - A keystore type supported by the target SDK. - - Type - - - - - - Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type. - - File based keystore - - - - - - Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore. - - Read only keystore - - - - - - Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Keystore file polling rate - - - - - - Keystore file update method or trigger. - - Keystore file update trigger - - - - - - - - - Server will scan for keystore file changes at the polling interval and update if the keystore file has detectable changes. Polled does not apply to non file-based keystores such as SAF keyrings. - - - - - Server will only update the keystore when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application. - - - - - Disables all update monitoring. Changes to the keystore file will not be applied while the server is running. - - - - - - - - - - - - - - - - - - - Dynamic outbound connection information tells the server which SSL connection to use based on host and port filters. This element is ignored if the transportSecurity-1.0 feature is not specified. - - Dynamic Outbound Connection Information - - - - - - - - The server uses this SSL configuration when it accesses the specified host name. - - Remote host name - - - - - - The server uses this SSL configuration when it accesses the remote host name at the specified port. - - Remote port - - - - - - The client uses this certificate alias if you make a connection to a server that supports or requires client authentication. - - Client certificate alias - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Information about a private key entry specified in the keystore. - - Key Entry Information - - - - - - - - Name of the private key entry in the keystore. - - Key entry name - - - - - - Password of the private key entry in the keystore. - - Key entry password - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The SSL protocol configuration for a transport. - - SSL Options - - - - - - - - Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Session timeout - - - - - - Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly. If disabled, the message and console logs do not record handshake errors, and the trace log records handshake errors when SSL Channel tracing is on. - - Suppress SSL handshake errors - - - - - - The default SSL configuration repertoire. The default value is defaultSSLConfig. - - Default SSL repertoire - ssl - - - - - - The timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - SSL session timeout - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for the Transaction Manager service - - Transaction Manager - - - - - - This is an optional property. By default the transaction service stores its recovery logs in a file. As an alternative it is possible to store the logs in an RDBMS. This is achieved by setting this property which defines a non-transactional data source where the transaction logs will be stored. - - Non-transactional Data Source - - - - - - - Specifies whether the transaction manager optimizes when all resources but one vote read only. - - Enable 1PC optimization - - - - - - Specifies whether the server should begin transaction recovery at server startup. - - Recover on startup - - - - - - Specifies whether the server should wait for transaction recovery to complete before accepting new transactional work. - - Wait for recovery - - - - - - Specifies whether all applications on this server accept the possibility of a heuristic hazard occurring in a two-phase transaction that contains a one-phase resource. - - Accept heuristic hazard - - - - - - Maximum duration between transactional requests from a remote client. Any period of client inactivity that exceeds this timeout results in the transaction being rolled back in this application server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Client inactivity timeout - - - - - - Amount of time that the application server waits before retrying a completion signal, such as commit or rollback, after a transient exception from a resource manager or remote partner. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Heuristic retry wait - - - - - - Amount of time that the application server waits before retrying a completion signal, such as commit or rollback, after a transient exception from a resource manager or remote partner. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Heuristic retry wait - - - - - - The number of times that the application server retries a completion signal, such as commit or rollback. Retries occur after a transient exception from a resource manager or remote partner. - - Heuristic retry limit - - - - - - Upper limit of the transaction timeout for transactions that run in this server. This value should be greater than or equal to the value specified for the total transaction timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Maximum transaction timeout - - - - - - Default maximum time allowed for transactions started on this server to complete. Any such transactions that do not complete before this timeout occurs are rolled back. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Total transaction lifetime timeout - - - - - - A directory for this server where the transaction service stores log files for recovery. - - Transaction log directory - - - - - - The interval after which the lease check strategy is implemented. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Lease check interval - - - - - - The percentage of the duration of the recovery log lease that passes before the lease is renewed - - Lease renewal threshold - - - - - - - - - - - - - - - - - - The length of time before a recovery log lease expires. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Lease length - - - - - - Specifies the size of transaction log files in Kilobytes. - - Transaction log size - - - - - - Unique identity of this server for transaction peer recovery. - - Identity of server for tran peer recovery - - - - - - Name of the recovery group that this server belongs too. Members of a recovery group can recover the transaction logs of other servers in the group. - - Name of the recovery group - - - - - - Specifies whether the transaction manager will stop an application server that is part of a recoveryGroup if an unrecoverable error occurs accessing its own transaction service logs. - - Shutdown server on transaction log failure - - - - - - Specifies the interval in seconds between attempts to recover from a transient error accessing the transaction service logs. - - Interval between tran log retries on failure - - - - - - Specifies the maximum number of attempts to recover from a transient error accessing the transaction service logs for an unrecoverable error condition. - - Max number of tran log retries on failure - - - - - - When recovery logs are stored in an RDBMS table, this property allows SQL operations that fail to be retried. - - Enable retries on database transaction logs - - - - - - Specifies whether the application server logs about-to-commit-one-phase-resource events from transactions that involve both a one-phase commit resource and two-phase commit resources. - - Enable logging for heuristic reporting - - - - - - When recovery logs are stored in an RDBMS table, this property allows the table name to be post-pended with a string to make it unique for this Server. - - Transaction log database table suffix - - - - - - Specifies whether there is a delay between a transaction timeout and the abnormal ending of the servant region that was running the transaction. - - Enable transaction timeout grace period - - - - - - Specifies the direction that is used to complete a transaction that has a heuristic outcome; either the application server commits or rolls back the transaction, or depends on manual completion by the administrator. Allowed values are: COMMIT, ROLLBACK and MANUAL - - Heuristic completion direction - - - - - - - - - Rollback - - - - - Commit - - - - - Manual - - - - - - - - - - Default maximum shutdown delay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Default maximum shutdown delay - - - - - - This is an optional property. By default the transaction service stores its recovery logs in a file. As an alternative it is possible to store the logs in an RDBMS. This is achieved by setting this property which defines a non-transactional data source where the transaction logs will be stored. - - Non-transactional data source reference - dataSource - - - - - - - - - The name of the queue that this JMS queue is assigned to. - - Embedded Messaging - - - - - - - - The delivery mode for messages sent to this destination. This controls the persistence of messages on this destination. - - Delivery mode - - - - - - - - - Application - - - - - Persistent - - - - - NonPersistent - - - - - - - - - - The name of the associated Queue - - Queue name - - - - - - Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. - - Read ahead - - - - - - - - - AsConnection - - - - - AlwaysOn - - - - - AlwaysOff - - - - - - - - - - The default time in milliseconds from its dispatch time that the system must keep the messages live in the destination. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Time to live - - - - - - The relative priority for messages sent to this destination, in the range 0 to 9, with 0 as the lowest priority and 9 as the highest priority. - - Priority - - - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A JMS topic connection factory is used to create connections to the associated JMS provider of JMS destinations, for publish/subscribe messaging. - - Embedded Messaging - - - - - - - - The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. - - Bus name - - - - - - The JMS client identifier needed for durable(and for shared non-durable) topic subscriptions on all connections. This identifier is required if the application is doing durable(and for shared non-durable) publish/subscribe messaging. - - Client id - - - - - - Durable subscription home defines ME name to which connection needs to be established. - - Durable subscription home - - - - - - The reliability applied to Non-persistent JMS messages sent using this connection factory. - - Non-persistent reliability - - - - - - - - - BestEffortNonPersistent - - - - - ExpressNonPersistent - - - - - ReliableNonPersistent - - - - - - - - - - The reliability applied to persistent JMS messages sent using this connection factory. - - Persistent reliability - - - - - - - - - ReliablePersistent - - - - - AssuredPersistent - - - - - - - - - - Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. - - Read ahead - - - - - - - - - Default - - - - - AlwaysOn - - - - - AlwaysOff - - - - - - - - - - The prefix of up to twelve characters used for the temporary topics created by applications that use this topic connection factory. - - Temporary topic name prefix - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. - - Remote server address - - - - - - Controls whether or not durable subscription can be shared across connections. - - Share durable subscription - - - - - - Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. - - Transport chain - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A JMS connection factory is used to create connections to the associated JMS provider of JMS destinations, for both point-to-point and publish/subscribe messaging. - - Embedded Messaging - - - - - - - - The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. - - Bus name - - - - - - The JMS client identifier needed for durable(and for shared non-durable) topic subscriptions on all connections. This identifier is required if the application is doing durable(and for shared non-durable) publish/subscribe messaging. - - Client id - - - - - - Durable subscription home defines ME name to which connection needs to be established. - - Durable subscription home - - - - - - The reliability applied to Non-persistent JMS messages sent using this connection factory. - - Non-persistent reliability - - - - - - - - - BestEffortNonPersistent - - - - - ExpressNonPersistent - - - - - ReliableNonPersistent - - - - - - - - - - The reliability applied to persistent JMS messages sent using this connection factory. - - Persistent reliability - - - - - - - - - ReliablePersistent - - - - - AssuredPersistent - - - - - - - - - - Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. - - Read ahead - - - - - - - - - Default - - - - - AlwaysOn - - - - - AlwaysOff - - - - - - - - - - The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. - - Remote server address - - - - - - The prefix of up to twelve characters used for the temporary queues created by applications that use this queue connection factory. - - Temporary queue name prefix - - - - - - The prefix of up to twelve characters used for the temporary topics created by applications that use this topic connection factory. - - Temporary topic name prefix - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - Controls whether or not durable subscription can be shared across connections. - - Share durable subscription - - - - - - Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. - - Transport chain - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The name of the topic that this JMS topic is assigned to, in the topic space defined by the Topic space property. - - Embedded Messaging - - - - - - - - The delivery mode for messages sent to this destination. This controls the persistence of messages on this destination. - - Delivery mode - - - - - - - - - Application - - - - - Persistent - - - - - NonPersistent - - - - - - - - - - Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. - - Read ahead - - - - - - - - - AsConnection - - - - - AlwaysOn - - - - - AlwaysOff - - - - - - - - - - The default time in milliseconds from its dispatch time that the system must keep the messages live in the destination. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Time to live - - - - - - The name of the topic that this JMS topic is assigned to, in the topic space defined by the Topic space property. - - Topic name - - - - - - A topic space is a location for publish/subscribe messaging. - - Topic space - - - - - - The relative priority for messages sent to this destination, in the range 0 to 9, with 0 as the lowest priority and 9 as the highest priority. - - Priority - - - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A JMS queue connection factory is used to create connections to the associated JMS provider of JMS queues, for point-to-point messaging. - - Embedded Messaging - - - - - - - - The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. - - Bus name - - - - - - The reliability applied to Non-persistent JMS messages sent using this connection factory. - - Non-persistent reliability - - - - - - - - - BestEffortNonPersistent - - - - - ExpressNonPersistent - - - - - ReliableNonPersistent - - - - - - - - - - The reliability applied to persistent JMS messages sent using this connection factory. - - Persistent reliability - - - - - - - - - ReliablePersistent - - - - - AssuredPersistent - - - - - - - - - - Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. - - Read ahead - - - - - - - - - Default - - - - - AlwaysOn - - - - - AlwaysOff - - - - - - - - - - The prefix of up to twelve characters used for the temporary queues created by applications that use this queue connection factory. - - Temporary queue name prefix - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - Password - - - - - - The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. - - Remote server address - - - - - - Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. - - Transport chain - - - - - - It is recommended to use a container managed authentication alias instead of configuring this property. - - User name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A JMS activation specification is associated with one or more message-driven beans and provides the configuration necessary for them to receive messages. - - Embedded Messaging - - - - - - - - The acknowledge mode indicates how a message received by a message-driven bean should be acknowledged. - - Acknowledge mode - - - - - - - - - Auto-acknowledge - - - - - Dups-ok-acknowledge - - - - - - - - - - The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. - - Bus name - - - - - - The type of the destination, which is javax.jms.Queue or javax.jms.Topic. - - Destination type - - - - - - - - - javax.jms.Queue - - - - - javax.jms.Topic - - - - - - - - - - The maximum number of endpoints to which the messages are delivered concurrently. The increase in the number can improve the performance, but it also increases the number of threads that are in use at the specified time. If the message order must be retained for all the failed deliveries, set the maximum concurrent endpoints value to 1. - - Maximum concurrent MDB - - - - - - - - - - - - - - - - - - Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. - - Read ahead - - - - - - - - - Default - - - - - AlwaysOn - - - - - AlwaysOff - - - - - - - - - - The delay (in seconds) between attempts to connect to a messaging engine, both for the initial connection, and any subsequent attempts to establish a better connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Retry interval - - - - - - Type of MS topic subscription. The value can be any of following values: Durable DurableShared NonDurable NonDurableShared - - Subscription durability - - - - - - - - - NonDurable - - - - - NonDurableShared - - - - - Durable - - - - - DurableShared - - - - - - - - - - Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. - - Transport chain - - - - - - - - - InboundBasicMessaging - - - - - InboundSecureMessaging - - - - - - - - - - The JMS client identifier needed for durable(and for shared non-durable) topic subscriptions on all connections. This identifier is required if the application is doing durable(and for shared non-durable) publish/subscribe messaging. - - Client id - - - - - - This property can be used to specify the lookup name of an administratively-defined javax.jms.ConnectionFactory, javax.jms.QueueConnectionFactory or javax.jms.TopicConnectionFactory object that is used to connect to the JMS provider from which the endpoint (message-driven bean) can receive messages. - - Connection factory jndi name - - - - - - Reference to a JMS destination - - Destination reference - - - - - - This property can be used to specify the lookup name of the administratively-defined javax.jms.Queue or javax.jms.Topic objects that define the JMS queue or topic from which the endpoint (message-driven bean) can receive messages. - - Destination jndi name - - - - - - Reference to a JMS destination - - Destination reference - adminObject - jmsQueue - jmsTopic - jmsDestination - - - - - - The maximum number of messages received from the messaging engine in a single batch. - - Maximum batch size - - - - - - - - - - - - - - - - - - The JMS message selector used to determine which messages the message-driven bean receives. The value is a string that is used to select a subset of the available messages. - - Message selector - - - - - - The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. - - Remote server address - - - - - - Controls whether or not durable subscription can be shared across connections. - - Share durable subscription - - - - - - The subscription name needed for durable(and for shared non-durable). Required field when using a durable(and for shared non-durable) topic subscription.This subscription name must be unique within a given client identifier. - - Subscription name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for WAS JMS outgoing connection requests. - - WAS JMS Outbound - - - - - - TCP protocol options for WAS JMS outbound - - TCP Options - - - - - - SSL protocol options for WAS JMS outbound - - SSL Options - - - - - - - The name of the WAS JMS outbound. - - WAS JMS outbound name - - - - - - Set the value to true to enable the secure communication channel - - Enable SSL - - - - - - TCP protocol options for WAS JMS outbound - - TCP options reference - tcpOptions - - - - - - SSL protocol options for WAS JMS outbound - - SSL options reference - sslOptions - - - - - - - - - - - - - - - Security for the wasJmsServer-1.0 feature - - Messaging Security - - - - - - A set of permissions that are mapped to the users and groups - - Role - - - - - - - - - - Users that are assigned to the particular role - - User - - - - - - - - The user that is defined as part of the registry - - User name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Groups that are assigned to the role - - Group - - - - - - - - The group that is defined as part of the user registry - - Group name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Permission that is defined on a topic for a set of users and groups - - Topic Permission - - - - - - Operations that are allowed on the destination - - Action - - - - - - - - - SEND - - - - - RECEIVE - - - - - ALL - - - - - - - - - - - Name of the Topic inside the TopicSpace - - Topic name - - - - - - Reference to the TopicSpace defined in the Messaging Engine - - TopicSpace reference - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A set of permissions that are mapped to the users and groups - - Role - - - - - - Permission that is defined on a queue for a set of users and groups - - Queue Permission - - - - - - Permission that is defined on a temporary destination for a set of users and groups - - Temporary Destination Permission - - - - - - Permission that is defined on a topic for a set of users and groups - - Topic Permission - - - - - - Users that are assigned to the particular role - - User - - - - - - Groups that are assigned to the role - - Group - - - - - - - The name of the role - - Role name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Permission that is defined on a queue for a set of users and groups - - Queue Permission - - - - - - Operations that are allowed on the destination - - Action - - - - - - - - - SEND - - - - - RECEIVE - - - - - BROWSE - - - - - ALL - - - - - - - - - - - Reference to the Queue defined in the Messaging Engine - - Queue reference - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Permission that is defined on a temporary destination for a set of users and groups - - Temporary Destination Permission - - - - - - Operations that are allowed on the destination - - Action - - - - - - - - - SEND - - - - - RECEIVE - - - - - CREATE - - - - - ALL - - - - - - - - - - - Prefix defined for a temporary destination - - Prefix - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for WAS JMS incoming connection requests. - - WAS JMS Endpoint - - - - - - TCP protocol options for the WAS JMS endpoint. - - TCP Options - - - - - - SSL protocol options for the WAS JMS endpoint. - - SSL Options - - - - - - - Toggle the availability of WAS JMS Endpoint. - - Enabled - - - - - - IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for all available network interfaces. - - Host - - - - - - The port used for WAS JMS client messaging application connection requests. Use -1 to disable this port. - - Port - - - - - - - - - - - - - - - - - - The port used for WAS JMS client messaging application connection requests secured with SSL. Use -1 to disable this port. - - Secure port - - - - - - - - - - - - - - - - - - TCP protocol options for the WAS JMS endpoint. - - TCP options reference - tcpOptions - - - - - - SSL protocol options for the WAS JMS endpoint. - - SSL options reference - sslOptions - - - - - - - - - A messaging engine is a component, running inside a server, that manages messaging resources. Applications are connected to a messaging engine when they send and receive messages. - - Messaging Engine - - - - - - Messaging file store. Important: Do not delete any of the file store files. Deleting them can lead to corruption of the message store. If any of these files are deleted accidentally, then delete the remaining files and restart the messaging engine. The messaging engine restarts in a clean state, but all messages are lost. - - File Store - - - - - - A queue destination represents a message queue and is used for point-to-point messaging. - - Queue - - - - - - A topic space destination represents a set of "publish and subscribe" topics and is used for publish/subscribe messaging. - - Topic Space - - - - - - An alias destination maps an alternative name for a bus destination. You can use an alias destination for point-to-point messaging or publish/subscribe messaging. - - Alias - - - - - - Security for the wasJmsServer-1.0 feature. - - Messaging Security - - - - - - - - - - Messaging file store. Important: Do not delete any of the file store files. Deleting them can lead to corruption of the message store. If any of these files are deleted accidentally, then delete the remaining files and restart the messaging engine. The messaging engine restarts in a clean state, but all messages are lost. - - File Store - - - - - - - - Path to the file store. - - File store path - - - - - - Size in megabytes of the log file. The log file size cannot exceed half the size of the file store size. For a file store size set to 400 MB, the log file size cannot exceed 200 MB. The maximum recommended log file size is 25% of the file store size. For a file store size set to 400 MB, the maximum recommended setting for log file size would be 100 MB. - - Log size - - - - - - - - - - - - - - - - The combined size in megabytes for both permanent and temporary store. The file store size is equally divided between permanent and temporary store. For example, if you specify 400 MB as file store size then 200 MB is used for permanent store and 200 MB is used for temporary store. - - File store size - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A topic space destination represents a set of "publish and subscribe" topics and is used for publish/subscribe messaging. - - Topic Space - - - - - - - - The name of the topic space. - - Topic space name - - - - - - The reliability assigned to a message produced to this destination when an explicit reliability has not been set by the producer. - - Force reliability - - - - - - - - - BestEffortNonPersistent - - - - - ExpressNonPersistent - - - - - ReliableNonPersistent - - - - - ReliablePersistent - - - - - AssuredPersistent - - - - - - - - - - The destination to which a message is forwarded by the system when it cannot be delivered to this destination. - - Exception destination name - - - - - - Lists the actions that the messaging engine must take when the maxredeliverycount is reached for a message. - - Failed delivery policy - - - - - - - - - SEND_TO_EXCEPTION_DESTINATION - - - - - DISCARD - - - - - KEEP_TRYING - - - - - - - - - - When no exception destination is configured, the time interval to apply between retry attempts, after the maximum failed deliveries limit is reached, for this destination. - - Redelivery interval - - - - - - The maximum number of failed attempts to process a message. After this number of failed attempts, if an exception destination is configured, the message is forwarded from the intended destination to its exception destination. If an exception destination is not configured, a time interval between retry attempts is applied. - - Maximum redelivery count - - - - - - Producers can send messages to this destination. - - Send allowed - - - - - - Clear this option (setting it to false) to prevent consumers from being able to receive messages from this destination. - - Receive allowed - - - - - - Maintains the order in which a producer sends messages to the destination. - - Maintain strict message order - - - - - - The maximum number of messages that the messaging engine can place on its message points. - - Maximum message depth - - - - - - - - - - - - - - - - - - - - - - - - - A queue destination represents a message queue and is used for point-to-point messaging. - - Queue - - - - - - - - The name of the queue. - - Queue name - - - - - - The reliability assigned to a message produced to this destination when an explicit reliability has not been set by the producer. - - Force reliability - - - - - - - - - BestEffortNonPersistent - - - - - ExpressNonPersistent - - - - - ReliableNonPersistent - - - - - ReliablePersistent - - - - - AssuredPersistent - - - - - - - - - - The destination to which a message is forwarded by the system when it cannot be delivered to this destination. - - Exception destination name - - - - - - Lists the actions that the messaging engine must take when the maxredeliverycount is reached for a message. - - Failed delivery policy - - - - - - - - - SEND_TO_EXCEPTION_DESTINATION - - - - - DISCARD - - - - - KEEP_TRYING - - - - - - - - - - When no exception destination is configured, the time interval to apply between retry attempts, after the maximum failed deliveries limit is reached, for this destination. - - Redelivery interval - - - - - - The maximum number of failed attempts to process a message. After this number of failed attempts, if an exception destination is configured, the message is forwarded from the intended destination to its exception destination. If an exception destination is not configured, a time interval between retry attempts is applied. - - Maximum redelivery count - - - - - - Producers can send messages to this destination. - - Send allowed - - - - - - Clear this option (setting it to false) to prevent consumers from being able to receive messages from this destination. - - Receive allowed - - - - - - Maintains the order in which a producer sends messages to the destination. - - Maintain strict message order - - - - - - The maximum number of messages that the messaging engine can place on its message points. - - Maximum message depth - - - - - - - - - - - - - - - - - - - - - - - - - An alias destination maps an alternative name for a bus destination. You can use an alias destination for point-to-point messaging or publish/subscribe messaging. - - Alias - - - - - - - - The name of the alias queue or alias topic space. - - Alias name - - - - - - The target destination parameter identifies a destination that might be within the same Bus as the alias destination. By default, if no property is set, it points to Default.Queue. - - Target destination - - - - - - The reliability assigned to a message produced to this destination when an explicit reliability has not been set by the producer. - - Force reliability - - - - - - - - - BestEffortNonPersistent - - - - - ExpressNonPersistent - - - - - ReliableNonPersistent - - - - - ReliablePersistent - - - - - AssuredPersistent - - - - - - - - - - Producers can send messages to this destination. - - Send allowed - - - - - - - - - true - - - - - false - - - - - - - - - - - - - - - - - - - Configures web container application security. - - Web Container Application Security - - - - - - The JCache cache reference that is used as the logged-out-cookie cache. - - JCache Cache Reference - - - - - - - Specifies whether to fail over to basic authentication when certificate authentication fails. The equivalent custom property in the full application server profile is com.ibm.wsspi.security.web.failOverToBasicAuth. - - Allow failover to HTTP basic auth - - - - - - Warning, security risk: Setting this property to true may open your systems to potential URL redirect attacks. If set to true, any host can be specified for the logout page redirect. If set to false, and the logout page points to a different host, or one not listed in the logout page redirect domain list, then a generic logout page is displayed. The equivalent custom property in the full application server profile is com.ibm.websphere.security.allowAnyLogoutExitPageHost. - - Allow logout page to redirect to any host - - - - - - Warning, security risk: if this property is set to true, and the user registry's realm name contains sensitive information, it is displayed to the user. For example, if an LDAP configuration is used, the LDAP server hostname and port are displayed. This configuration controls what the HTTP basic authentication login window displays when the realm name is not defined in the application web.xml. If the realm name is defined in the application web.xml file, this property is ignored. If set to true, the realm name displayed will be the user registry realm name for the LTPA authentication mechanism. If set to false, the realm name displayed will be "Default Realm". The equivalent custom property in the full application server profile is com.ibm.websphere.security.displayRealm. - - Display the realm for HTTP basic auth - - - - - - Specifies whether the HTTP only (HttpOnly) cookies option is enabled. - - Enable HTTP only cookies - - - - - - Specifies whether users will be logged out after the HTTP session timer expires. If set to false, the user credential will stay active until the Single Sign-On token timeout occurs. The equivalent custom property in the full application server profile is com.ibm.ws.security.web.logoutOnHTTPSessionExpire. - - Logout users after the HTTP session timer expires - - - - - - A pipe (|) separated list of domain names that are allowed for the WASReqURL page redirect. The hostname found on the form login request is implied. - - Domain names allowed for WASReqURL page redirect - - - - - - A pipe (|) separated list of domain names that are allowed for the logout page redirect (localhost is implied). The equivalent custom property in the full application server profile is com.ibm.websphere.security.logoutExitPageDomainList. - - Domain names for logout page redirect - - - - - - Size of the POST parameter cookie. If the size of the cookie is larger than the browser limit, unexpected behavior may occur. The value of this property must be a positive integer and represents the maximum size of the cookie in bytes. The equivalent custom property in the full application server profile is com.ibm.websphere.security.util.postParamMaxCookieSize. - - POST parameter cookie size - - - - - - Specifies where POST parameters are stored upon redirect. Valid values are cookie (POST parameters are stored in a cookie), session (POST parameters are stored in the HTTP Session) and none (POST parameters are not preserved). The equivalent custom property in the full application server profile is com.ibm.websphere.security.util.postParamSaveMethod. - - POST parameter store behavior for redirects - - - - - - - - - Cookie - - - - - Session - - - - - None - - - - - - - - - - Warning, security risk: Setting this to true may open your systems to potential URL redirect attacks. This property specifies whether the fully qualified referrer URL for form login redirects is preserved. If false, the host for the referrer URL is removed and the redirect is to localhost. The equivalent custom property in the full application server profile is com.ibm.websphere.security.util.fullyQualifiedURL - - Preserve the fully qualified referrer URL - - - - - - Specifies whether single sign-on is enabled. - - Enable single sign-on - - - - - - Customizes the SSO cookie name. A custom cookie name allows you to logically separate authentication between SSO domains and to enable customized authentication to a particular environment. Before setting this value, consider that setting a custom cookie name can cause an authentication failure. For example, a connection to a server that has a custom cookie property set sends this custom cookie to the browser. A subsequent connection to a server that uses either the default cookie name or a different cookie name, is not able to authenticate the request via a validation of the in-bound cookie. The equivalent custom property in the full application server profile is com.ibm.websphere.security.customSSOCookieName. - - Single sign-on cookie name - - - - - - Specifies whether to use only the custom cookie name. - - Use only the custom cookie name - - - - - - A pipe (|) separated list of domain names that SSO Cookies should be presented. The equivalent custom property in the full application server profile is com.ibm.ws.security.config.SingleSignonConfig - - Domain names for SSO cookies - - - - - - Specifies whether a SSO cookie is sent over SSL. The equivalent property in the full application server profile is requiresSSL. - - Single sign-on requires SSL - - - - - - Specifies whether to use the domain name from the request URL for the cookie domain. - - Use domain name from the request URL - - - - - - Enables the single sign-on behavior using the LTPA token for a JASPIC authentication. After the initial authentication is performed by the JASPIC provider, the LTPA cookie is created and used for subsequent logins to achieve the single-sign on behavior. The JASPIC provider is not called until the token expires. The JASPIC authentication applies when an external provider is used and also when the application uses the Java EE Security API annotations. The single sign-on behavior can also be achieved by enabling the JASPIC session cookie or the application provided RememberMeIdentityStore bean for a JASPIC authentication. In this case, set the useLtpaSSOForJaspic attribute to false. - - Enable LTPA single sign-on for JASPIC - - - - - - Specifies whether authentication data can be used when accessing an unprotected resource. The unprotected resource can access validated authenticated data that it previously could not access. This option enables the unprotected resource to call the getRemoteUser, isUserInRole, and getUserPrincipal methods to retrieve an authenticated identity. The equivalent custom property in the full application server profile is com.ibm.wsspi.security.web.webAuthReq=persisting. - - Use authenticated identity for an unprotected URI - - - - - - Specifies whether the login() method will throw an exception when an identity has already been authenticated. - - Allow login with authenticated identity - - - - - - Specifies the global URL of a form login page including the root context. The form login page must be part of the WAR file. If a form login application does not specify the form login page in the web.xml file, it uses the global form login URL. This is required when overrideHttpAuthMethod attribute is set to FORM. - - Login form URL - - - - - - Specifies the global URL of a form login error page that includes the root context. The form login error page must be part of a WAR file. An application uses the global login error URL if the application uses form login authentication and does not specify either the form login page or the login error page in the auth-method element of the web.xml file. This is required when overrideHttpAuthMethod attribute is set to FORM. - - Login error URL - - - - - - Specifies the authentication failover method that is used when the certificate authentication fails or if the certificate is missing. Valid values are BASIC, FORM, and APP_DEFINED. APP_DEFINED is only valid when overrideHttpAuthMethod attribute is set to CLIENT_CERT. When APP_DEFINED is set, the authentication method that is configured in the application is used. - - Failover method when certificate login fails - - - - - - - - - BASIC - - - - - FORM - - - - - APP_DEFINED - - - - - - - - - - Setting the Path parameter can allow the client/browser to manage multiple WASReqURL cookies during multiple concurrent logins on the same user agent. The equivalent custom property in the full application server profile is com.ibm.websphere.security.setContextRootForFormLogin. - - Set the path parameter for the WASReqURL cookie - - - - - - Specifies whether to track LTPA single signon tokens that are logged out on a server so that it can not be reused on the same server. - - Track logged out LTPA single signon tokens - - - - - - Specifies the authentication method to be used for all applications. This specified value overrides any application defined authentication method. The acceptable value is BASIC, FORM or CLIENT_CERT. When FORM is used, loginFormURL and loginErrorURL attributes are required to be set. - - Name of authentication method to override - - - - - - - - - BASIC - - - - - FORM - - - - - CLIENT_CERT - - - - - - - - - - Specifies the context root of a form login page, which is specified by the loginFormURL property. If this value is not set, the first path element of the loginFormURL property is used as a context root. This value is applicable when overrideHttpAuthMethod is set to FORM, or if overrideHttpAuthMethodis is set to CLIENT_CERT and allowAuthenticationFailOverToAuthMethod is set to FORM. - - Context root for the Java EE 8 login form - - - - - - Specifies a realm name for the Java EE 8 Security HTTP basic authentication. This value is applicable when overrideHttpAuthMethod is set to BASIC, or if overrideHttpAuthMethod is set to CLIENT_CERT and allowAuthenticationFailOverToAuthMethod is set to BASIC. The default value is defaultRealm. - - Realm name of the Java EE 8 basic authentication - - - - - - Specifies the SameSite attribute value to use for the SSO cookie. - - Add the SameSite attribute to the SSO cookie - - - - - - - - - Do not set the SameSite attribute value on the SSO cookie - - - - - Set the SSO cookie SameSite attribute value to Lax - - - - - Set the SSO cookie SameSite attribute value to None. When None is set, the secure attribute is set to true on the cookie. - - - - - Set the SSO cookie SameSite attribute value to Strict - - - - - - - - - - The JCache cache reference that is used as the logged-out-cookie cache. - - JCache cache reference - cache - - - - - - - - - Configuration properties for WAS WebSocket outgoing connection requests. - - WAS WebSocket Outbound - - - - - - TCP protocol options for WAS WebSocket outbound - - TCP Options - - - - - - HTTPprotocol options for WAS WebSocket outbound - - HTTP Options - - - - - - SSL protocol options for WAS WebSocket outbound - - SSL Options - - - - - - - TCP protocol options for WAS WebSocket outbound - - TCP options reference - tcpOptions - - - - - - HTTPprotocol options for WAS WebSocket outbound - - HTTP options reference - httpOptions - - - - - - SSL protocol options for WAS WebSocket outbound - - SSL options reference - sslOptions - - - - - - - - - Configuration for the user registry federation. - - User Registry Federation - - - - - - Reference to the realm. - - Realm - - - - - - Primary realm configuration. - - Primary Realm - - - - - - The default parent for an entity type mapping. - - Entity Mapping Reference - - - - - - The extended properties for Person and Group. - - Extended Property Mapping - - - - - - - Maximum number of entries that can be returned in a search. - - Maximum search results - - - - - - Maximum amount of time, in milliseconds, to process a search. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Search timeout - - - - - - Defines the number of pagination requests that can be stored in the cache. The paging cache size needs to be configured based on the number of pagination requests executed on the system and the hardware system resources available. - - Paging cache size - - - - - - Defines the maximum time that an entry, which added to the page cache, is available. When the specified time has elapsed, the entry from the page cache is cleared. This needs to be configured based on the interval between pagination search requests executed on the system and the hardware system resources available. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Page cache timeout - - - - - - The minimum delay for a failed login attempt. For example, 0s or 1000ms. The failed login delay adds a variable delay to requests where the login fails. To customize the maximum delay time, set the failedLoginDelayMax attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Failed login delay minimum - - - - - - The maximum delay for a failed login attempt. For example, 5s or 5000ms. The failed login delay adds a variable delay to requests where the login fails. To disable the failed login delay, set the value to 0s. The delay is intended to mitigate user enumeration style attacks; therefore, disabling it is not recommended. To customize the minimum delay time, set the failedLoginDelayMin attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Failed login delay maximum - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Realm configuration. - - Realm - - - - - - The Base Entry that is part of this realm. - - Participating Base Entry - - - - - - The input and output property mappings for unique user id used in an user registry operation. - - Unique User Id Mapping - - - - - - The input and output property mappings for user security name in an user registry operation. - - User Security Name Mapping - - - - - - The input and output property mappings for user display name in an user registry operation. - - User Display Name Mapping - - - - - - The input and output property mappings for unique group id in an user registry operation. - - Unique Group Id Mapping - - - - - - The input and output property mappings for group security name in an user registry operation. - - Group Security Name Mapping - - - - - - The input and output property mappings for group display name in an user registry operation. - - Group Display Name Mapping - - - - - - The default parent mapping for the realm. - - Default Parent Mapping - - - - - - - Name of the realm. - - Realm name - - - - - - Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name. - - Delimiter - - - - - - Specifies whether operation is allowed if a repository is down. The default value is false. - - Allow operation if repository is down - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The default parent mapping for the realm. - - Default Parent Mapping - - - - - - - - The name of the entity being mapped. The name of the entity can be PersonAccount or Group. - - Name of entity - - - - - - The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created. - - Parent distinguished name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The property mapping for userDisplayName (default: principalName). - - User Display Name Mapping Properties - - - - - - - - The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. - - User registry input property - - - - - - The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. - - User registry output property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The default parent for an entity type mapping. - - Entity Mapping Reference - - - - - - The name of the entity being mapped. The name of the entity can be PersonAccount or Group. - - Name of entity - - - - - - The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created. - - Parent distinguished name - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The extended properties for Person and Group. - - Extended Property Mapping - - - - - - - - Defines the name of the property extended for Person and Group. - - Name of extended property - - - - - - Defines the data type of the property extended for Person and Group. The basic Java data types are supported. - - Data type of extended property - - - - - - - - - Integer - - - - - Long - - - - - String - - - - - Boolean - - - - - Date - - - - - Double - - - - - BigInteger - - - - - BigDecimal - - - - - - - - - - The name of the entity being mapped. The name of the entity can be PersonAccount or Group. - - Name of entity - - - - - - - - - Person - - - - - Group - - - - - - - - - - Defines if the property extended for Person and Group supports multiple values. - - Multi-valued - - - - - - Defines the default value for the property during write operation, if no default value is set. - - Default value to be set - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The property mapping for userSecurityName (default: principalName). - - User Security Name Mapping Properties - - - - - - - - The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. - - User registry input property - - - - - - The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. - - User registry output property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration of the registry base entry. - - Registry Base Entry - - - - - - - - Name of the base entry. - - Base entry name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The property mapping for uniqueGroupId (default: uniqueName). - - Unique Group ID Mapping Properties - - - - - - - - The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. - - User registry input property - - - - - - The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. - - User registry output property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The input and output mapping for the unique user id. - - Unique User ID Mapping Properties - - - - - - - - The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. - - User registry input property - - - - - - The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. - - User registry output property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The property mapping for groupDisplayName (default: cn). - - Group Display Name Mapping Properties - - - - - - - - The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. - - User registry input property - - - - - - The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. - - User registry output property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The property mapping for groupSecurityName (default: cn). - - Group Security Name Mapping Properties - - - - - - - - The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. - - User registry input property - - - - - - The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. - - User registry output property - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies a relational database as a persistent store for server features. - - Database Store - - - - - - Data source that connects to the persistent store. - - Data Source - - - - - - Authentication data for task scheduling, queries, and execution. - - Authentication Data - - - - - - - When set to true, database tables are created. - - Create database tables - - - - - - Data source that connects to the persistent store. - - Data source reference - dataSource - - - - - - The preferred strategy for generating unique primary keys. If the selected strategy is not supported for the database, a different strategy might be used. - - Key generation strategy - - - - - - - - - Automatically select the strategy to generate unique primary keys. - - - - - Use a database identity column to generate unique primary keys. - - - - - Use a database sequence to generate unique primary keys. - - - - - Use a database table to generate unique primary keys. - - - - - - - - - - Name prefix for tables, sequences, and other database artifacts. - - Table name prefix - - - - - - Authentication data for task scheduling, queries, and execution. - - Authentication data reference - authData - - - - - - Schema name with read and write access to the database tables. - - Schema name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for the ACME Certificate Authority. - - ACME Certificate Authority - - - - - - A domain name to request a certificate for. - - Domain name - - - - - - A contact URL the ACME server can use to contact the client for issues related this the ACME account. - - Account contact - - - - - - ACME transport layer. - - ACME Transport - - - - - - Configuration for checking the revocation status of certificates with the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs). - - ACME Certificate Revocation Checker - - - - - - - The URI to the ACME CA server's directory object. - - ACME server directory URI - - - - - - The duration of time that the certificate signing request specifies for the certificate to be valid. The default is defined by the ACME CA server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Valid for - - - - - - Subject distinguished name (DN) to use for the certificate. The DN can include the following relative distinguished name (RDN) types: cn, c, st, l, o and ou. If the cn RDN type is defined, it must be one of the domains defined by the domain configuration element and it must be the first RDN in the DN. If the cn RDN type is not defined, the first domain defined by the domain configuration element is used as the cn RDN value. - - Subject distinguished name - - - - - - The amount of time to spend polling the status of an ACME challenge before polling discontinues and treats the challenge as failed. A value of 0 indicates to poll indefinitely. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Challenge poll timeout - - - - - - The amount of time to spend polling the status of an ACME order before polling discontinues and treats the order as failed. A value of 0 indicates to poll indefinitely. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Order poll timeout - - - - - - A path to the file containing a key identifier for a registered account on the ACME CA server. If the file does not exist, a new account is registered with the ACME CA server and the associated key is written to this file. Back this file up to maintain control of the account on the ACME CA server. - - Account key file - - - - - - A path to the file containing a key identifier for a domain. If the file does not exist, a new key is generated and written to this file. Back this file up to maintain control of the domain. - - Domain key file - - - - - - ACME transport layer. - - ACME transport reference - acmeTransportConfig - - - - - - Renew time before expiration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Renew time before expiration - - - - - - Configuration for checking the revocation status of certificates with the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs). - - ACME certificate revocation checker reference - acmeRevocationChecker - - - - - - - - - ACME transport layer. - - ACME Transport - - - - - - - - The SSL handshake protocol. Protocol values can be found in the documentation for the Java Secure Socket Extension (JSSE) provider of the underlying JRE. When using the IBM JRE the default value is SSL_TLSv2 and when using the Oracle JRE the default value is SSL. - - SSL protocol - - - - - - A keystore that contains trusted certificate entries that are used by SSL for signing verification. - - Truststore - - - - - - The password that is used to load the truststore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password. - - Truststore password - - - - - - The keystore type for the truststore. Supported types are JKS, PKCS12 and JCEKS. - - Truststore type - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for checking the revocation status of certificates with the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs). - - ACME Certificate Revocation Checker - - - - - - - - Verifies whether certificate revocation checking is enabled for the ACME CA service. The default is true. - - Certificate revocation checking enabled - - - - - - Sets the URI that identifies the location of the OCSP responder. This setting overrides the ocsp.responderURL security property and any responder that is specified in the certificate Authority Information Access Extension. - - OCSP responder URL - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - An audit event - - Audit Event - - - - - - - - The unique name of the audit event. For example: SECURITY_AUTHN or SECURITY_AUTHZ. - - Audit event name - - - - - - - - - Audit record of the starting and stopping of audit services. - - - - - Audit record for all user and group management events, including creation, reading, updating and deleting of user and group records. - - - - - Audit record for any authentication which passes through the authentication API, excluding logouts. - - - - - Audit record for any authentication logout which passes through the authentication API. - - - - - Audit record for any security authentication event, excluding logouts. - - - - - Audit record for any authentication logout event. - - - - - Audit record for any authentication failover event. - - - - - Audit record for any delegation, identify assertion, and runAS. Used when switching user identities within a given session. - - - - - Audit record for any security authorization events. - - - - - Audit record for any create, query, invoke MBean operations - - - - - Audit record for any query, create or update to MBean attributes. - - - - - Audit record for any register or unregister MBean operations. - - - - - Audit record of any addition or removal of notification listeners. - - - - - Audit record for any JMS authentication events. - - - - - Audit record for any JMS auhorization events. - - - - - Audit record for SAF Authorization event when the SAF authorization service is configured to report additional information about authorization failures and a SAFAuthorizationException is thrown. - - - - - Audit record for OAuth application token and password management - - - - - Audit record for SAF Authorization event. - - - - - - - - - - Defines the outcome for an audit event to gather and report. For example: SUCCESS, FAILURE, or DENIED. If no outcome is specified, then all outcomes for the particular audit event are emitted to the audit.log. - - Audit outcome - - - - - - - - - success - - - - - failure - - - - - error - - - - - redirect - - - - - info - - - - - warning - - - - - denied - - - - - challenge - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configures Batch job logging. - - Batch Job Logging - - - - - - - - Enables or disables batch job logging. - - Enable batch job logging - - - - - - The maximum number of log records per job log file before rolling over to the next file. - - Maximum log records per file - - - - - - - - - - - - - - - - - - The maximum number of seconds allowed to elapse between publishes of job log events. - - Maximum number of seconds between log publishes - - - - - - - - - - - - - - - - - - - - - Connection Manager configuration - - Connection Manager - Additional properties for more advanced usage. - - - - - - - - Amount of time before a connection can be discarded by pool maintenance. A value of -1 disables this timeout. A value of 0 discards every connection, which disables connection pooling. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Aged timeout - - - - - - Amount of time after which a connection request times out. A value of -1 disables this timeout, meaning infinite wait. A value of 0 is immediate, meaning no wait. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Connection timeout - - - - - - Amount of time a connection can be unused or idle until it can be discarded during pool maintenance, if doing so does not reduce the pool below the minimum size. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Maximum idle time - - - - - - Maximum number of physical connections for a pool. A value of 0 means unlimited. The optimal setting depends on the application characteristics. For an application in which every thread obtains a connection to the database, you might start with a 1:1 mapping to the `coreThreads` attribute. - - Maximum connections - - - - - - - - - - - - - - - - Specifies which connections to destroy when a stale connection is detected in a pool. - - Purge policy - - - - - - - - - When a stale connection is detected, all connections in the pool are marked stale, and when no longer in use, are closed. - - - - - When a stale connection is detected, only the connection which was found to be bad is closed. - - - - - When a stale connection is detected, connections are tested and those found to be bad are closed. - - - - - - - - - - Amount of time between runs of the pool maintenance thread. A value of -1 disables pool maintenance. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Reap time - - - - - - Attempts to clean up after applications that leave connections open after the end of a servlet request, enterprise bean instance, managed executor task, contextual task, or managed completion stage. When an unsharable connection is obtained within one of these application artifacts and remains open when it ends, the container attempts to close the connection handle. The container may also close sharable connections that do not support DissociatableManagedConnection. Applications should always follow the programming model defined by the specification and close connections at the appropriate times rather than relying on the container, even when this option is enabled. - - Automatically close connections - - - - - - - If set to true, connections use container authentication. If set to false, connections use application authentication. - - Enable container authentication on direct lookups - - - - - - - If set to true, connections are shared. If set to false, connections are unshared. - - Enable connection sharing for direct lookups - - - - - - - Minimum number of physical connections to maintain in the pool. The pool is not pre-populated. Aged timeout can override the minimum. - - Minimum connections - - - - - - - - - - - - - - - - Limits the number of open connections on each thread. - - Maximum open connections per thread - - - - - - - - - - - - - - - - - Caches the specified number of connections for each thread. This setting can provide a performance improvement on large multi-core (8+) machines by reserving the specified number of database connections for each thread. For best performance, if you have n applications threads, set the maximum pool connections to at least n times the value of the numConnectionsPerThreadLocal attribute. Use the same credentials for all connection requests. For example, if you use 20 application threads, set the maximum pool connections to 20 or more. If you set the value of numConnectionPerThreadLocal attribute as 2 and you have 20 application threads, set the maximum pool connection to 40 or more. If setting numConnectionsPerThreadLocal does not improve performance due to application connection usage patterns that do not benefit from using numConnectionsPerThreadLocal, remove the attribute from configuration or set the value to 0. - - Number of cached connections per thread - - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Members of an external cache group that are controlled by WebSphere Application Server. - - External Cache Group Member - - - - - - Specifies the name of a class, which is located on the WebSphere Application Server class path, of the adapter between WebSphere Application Server and this external cache. - - Adapter bean name - - - - - - - Fully qualified host name - - Host name - - - - - - Port. - - Port - - - - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Enable disk offload to specify that when the cache is full, cache entries are removed from the cache and saved to disk. The location is a fully-qualified directory location that is used by the disk offload function. The Flush to Disk on Stop option specifies that when the server stops, the contents of the memory cache are moved to disk. - - Enable Disk Offload - - - - - - - - Specifies a value for the maximum disk cache size, in number of entries. - - Disk cache size - - - - - - - - - - - - - - - - Specifies a value for the maximum disk cache size, in gigabytes (GB). - - Disk cache size in gigabytes - - - - - - - - - - - - - - - - Specifies the eviction algorithm and thresholds that the disk cache uses to evict entries. When the disk size reaches a high threshold limit, the disk cache garbage collector wakes up and evicts randomly-selected (Random) or the largest (Size) entries on the disk until the disk size reaches a low threshold limit. - - Disk cache eviction policy - - - - - - - - - Random - - - - - Size - - - - - - - - - - Specifies when the eviction policy starts. - - High threshold - - - - - - - - - - - - - - - - - - Specifies when the eviction policy ends. - - Low threshold - - - - - - - - - - - - - - - - - - Specifies a directory to use for disk offload. - - Disk offload location - - - - - - Set this value to true to have objects that are cached in memory saved to disk when the server stops. This value is ignored if Enable disk offload is set to false. - - Flush to disk - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies sets of external caches that are controlled by WebSphere(R) Application Server on servers such as IBM(R) WebSphere(R) Edge Server and IBM(R) HTTP Server. - - External Cache Groups - - - - - - - - - Specifies a unique name for the external cache group. The external cache group name must match the ExternalCache property that is defined in the servlet or Java(TM) Server Pages (JSP) cachespec.xml file. - - Name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Distributed map configuration for a local cache. - - Distributed Map - - - - - - Specifies a reference to a shared library. - - Shared Library - - - - - - - - - - - Display name of the distributed map. - - Distributed map name - cacheId - - - - - - JNDI name for a cache instance. - - JNDI name - jndiName - - - - - - Specifies a positive integer that defines the maximum number of entries that the cache can hold. Values are usually in the thousands. The minimum value is 100, with no set maximum value. The default value is 2000. - - Memory cache size - - - - - - - - - - - - - - - - Specifies a value for the maximum memory cache size in megabytes (MB). - - Memory cache size in megabytes - - - - - - - - - - - - - - - - Specifies when the memory cache eviction policy starts. The threshold is expressed in terms of the percentage of the memory cache size in megabytes (MB). - - High threshold - - - - - - - - - - - - - - - - - - Specifies when the memory cache eviction policy ends. The threshold is expressed in terms of the percentage of the memory cache size in megabytes (MB). - - Low threshold - - - - - - - - - - - - - - - - - - Specifies the name of an alternate cache provider. - - Cache provider - - - - - - Specifies a reference to a shared library. - - Shared library reference - library - - - - - - - - - - - - - - - Configuration properties to be applied to gRPC endpoints that match the specified URI. - - GRPC Server Properties - - - - - - - - GRPC target endpoint - - GRPC target endpoint - - - - - - The maximum inbound message size. - - Maximum message size - - - - - - A list of fully qualified class names for gRPC server interceptor classes. - - GRPC server interceptors - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties to be applied to gRPC targets that match the specified URI. - - GRPC Client Properties - - - - - - Specifies an ID of the SSL configuration that is used to connect to the gRPC service. - - SSL Reference - - - - - - - The remote gRPC service hostname or IP address, with wildcard support. - - Remote host - - - - - - The remote gRPC service path, with wildcard support. A path consists of the gRPC service and method names, in the "ServiceName/MethodName" format. - - Remote procedure path - - - - - - HTTP header names to propagate from an inbound request to an outbound call. - - HTTP header names to propagate - - - - - - The time to wait for new messages before sending a new keepalive ping. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Keepalive interval - - - - - - End the connection if a keepalive response is not received within this time. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Keepalive timeout - - - - - - Perform keepalive when no outstanding RPCs are on the channel. - - Keepalive without calls - - - - - - The maximum inbound message size. - - Maximum message size - - - - - - - - - - - - - - - - The maximum allowed inbound metadata size. - - Maximum metadata size - - - - - - - - - - - - - - - - A list of fully qualified class names for gRPC client interceptor classes. - - GRPC client interceptors - - - - - - Specifies an ID of the SSL configuration that is used to connect to the gRPC service. - - SSL reference - ssl - - - - - - A custom authority that overrides the default authority. - - Override authority - - - - - - A custom User-Agent that adds a prefix to the default User-Agent. - - Custom user agent - - - - - - Use a plain text connection for the outbound gRPC channel. - - Use a plain text connection - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Vendor-specific JCache configuration properties, which are passed to the CachingProvider when the CacheManager instance is obtained. - - JCache Properties - - - - - - - - - List of vendor-specific JCache configuration properties, which are passed to the CachingProvider when the CacheManager is obtained. - - Vendor specific properties - - - - - - - - - Configuration for the JCache CacheManager. - - JCache CacheManager - - - - - - The JCache CachingProvider that this JCache CacheManager instance uses. - - JCache CachingProvider - - - - - - - - - The JCache CachingProvider that this JCache CacheManager instance uses. - - JCache caching provider reference - cachingProvider - - - - - - Vendor-specific JCache configuration URI, which is passed to the CachingProvider when the CacheManager instance is obtained. - - JCache caching provider URI - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for JCache Cache. - - JCache Cache - - - - - - The JCache CacheManager instance that manages this cache. - - JCache CacheManager - - - - - - - The JCache CacheManager instance that manages this cache. - - JCache cache manager reference - cacheManager - - - - - - The JCache cache name to use for caching. If this cache does not exist, it is created at runtime. The name must be unique for a given CacheManager instance. - - JCache name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration for the JCache CachingProvider - - JCache CachingProvider - - - - - - A library that contains the JCache implementation. - - JCache Implementation Library - - - - - - A library or libraries that contain any classes that might be stored in the cache. - - Common Library - - - - - - - A library that contains the JCache implementation. - - JCache implementation library reference - library - - - - - - The fully-qualified class name of the JCache javax.cache.CachingProvider instance. - - JCache caching provider class - - - - - - A library or libraries that contain any classes that might be stored in the cache. - - Common library reference - library - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Information about configuring the builder. The elements and attributes that you specify are used to build the token. - - JWT Builder - - - - - - The trusted audience list to be included in the aud claim in the JSON web token. - - Trusted audiences - - - - - - Specify a comma separated list of claims to include in the token. These claims must be existing user attributes that are defined for the subject of the JWT in the user registry. - - Supported claims - - - - - - - This ID is used to identify the JWT builder. If an ID value is not specified, the builder is not processed. The ID must be a URL-safe string. The ID is used as part of the issuer value if the issuer configuration attribute is not specified. The JwtBuilder API uses this ID to determine which builder configuration to use to construct JWTs. - - Builder ID - - - - - - An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme that contains scheme, host, and optionally port number and path components. - - Issuer - - - - - - Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored. - - Enable JSON web key (JWK) - - - - - - Indicates the token expiration time in hours. ExpiresInSeconds takes precedence if present. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h. - - Token expiration time in hours - - - - - - Indicates the token expiration time in seconds. Takes precedence over expiry. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Token expiration time in seconds - - - - - - Specify a white space separated list of OAuth scopes. - - Supported scopes - - - - - - Specifies the signature algorithm that will be used to sign the JWT token. - - JWT token signature algorithm - - - - - - - - - Use the RS256 signature algorithm to sign and verify tokens. - - - - - Use the RS384 signature algorithm to sign and verify tokens. - - - - - Use the RS512 signature algorithm to sign and verify tokens. - - - - - Use the HS256 signature algorithm to sign and verify tokens. - - - - - Use the HS384 signature algorithm to sign and verify tokens. - - - - - Use the HS512 signature algorithm to sign and verify tokens. - - - - - Use the ES256 signature algorithm to sign and verify tokens. - - - - - Use the ES384 signature algorithm to sign and verify tokens. - - - - - Use the ES512 signature algorithm to sign and verify tokens. - - - - - - - - - - Specifies the string that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. - - Shared secret - - - - - - Indicates whether to generate a unique id for the token. - - JTI - - - - - - A keystore containing the private key necessary for signing the token with an asymmetric algorithm. - - Keystore - keyStore - - - - - - A key alias name that is used to locate the private key for signing the token with an asymmetric algorithm. When the jwkEnabled attribute is set to true, the value for this attribute is ignored. - - Key alias name - - - - - - A keystore that contains the key management key that is used to encrypt the Content Encryption Key of a JWE. - - Trust keystore - keyStore - - - - - - Identifies the time when JWT is accepted for processing. The value must be a NumericDate object. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Not before claim offset - - - - - - Specifies the encryption algorithm that is used to encrypt the Content Encryption Key of a JWE. - - Key management key algorithm - - - - - - - - - Use the RSAES OAEP algorithm to encrypt the Content Encryption Key of a JWE. - - - - - - - - - - Public key alias of the key management key that is used to encrypt the Content Encryption Key of a JWE. - - Key management key alias - - - - - - Specifies the encryption algorithm that is used to encrypt the JWT plaintext to produce the JWE ciphertext. - - Content encryption algorithm - - - - - - - - - Use the AES GCM algorithm with a 256-bit key to encrypt the JWT plaintext of a JWE. - - - - - - - - - - - - - - - - - - - The JWT consumer information to validate the JWT token. - - JWT Consumer - - - - - - The trusted audience list to be included in the aud claim in the JSON web token. - - Trusted audiences - - - - - - - This ID is used to identify the JWT consumer. If an ID value is not specified, the consumer is not processed. The ID must be a URL-safe string. The JwtConsumer API uses this ID to determine which consumer configuration to use to consume JWTs. - - Consumer ID - - - - - - An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme that contains scheme, host, and optionally port number and path components. - - Issuer - - - - - - Specifies the string that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. - - Shared secret - - - - - - Specifies the signature algorithm that will be used to sign the JWT token. - - JWT token signature algorithm - - - - - - - - - Use the RS256 signature algorithm to sign and verify tokens. - - - - - Use the RS384 signature algorithm to sign and verify tokens. - - - - - Use the RS512 signature algorithm to sign and verify tokens. - - - - - Use the HS256 signature algorithm to sign and verify tokens. - - - - - Use the HS384 signature algorithm to sign and verify tokens. - - - - - Use the HS512 signature algorithm to sign and verify tokens. - - - - - Use the ES256 signature algorithm to sign and verify tokens. - - - - - Use the ES384 signature algorithm to sign and verify tokens. - - - - - Use the ES512 signature algorithm to sign and verify tokens. - - - - - - - - - - A keystore that contains the public key that can verify a signature of the JWT token. - - Trust keystore - keyStore - - - - - - A trusted key alias for using the public key to verify the signature of the token - - Trusted alias name - - - - - - This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - The time difference allowed between systems - - - - - - Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored. - - Enable JSON web key (JWK) - - - - - - Specifies a JWK end point URL. - - JSON web key(JWK) end point URL - - - - - - Specifies an ID of the SSL configuration that is used to connect to the OpenID Connect provider. - - SSL reference - ssl - - - - - - Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if you want the connections to use the http* and javax* system properties. - - Use system properties for HTTP client connections - - - - - - Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JWE. - - Key management key alias - - - - - - - - - - - - - - - Information about configuring JWT Single Sign On. - - JWT SSO - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - Name of the cookie that is used to store the JWT token. - - Name of cookie - - - - - - Set the secure flag on the JWT cookie to send it only over a secured connection. - - Set secure flag on JWT cookie - - - - - - After successful authentication with a JWT token, include an LTPA cookie in addition to the JWT cookie. - - Include LTPA cookie - - - - - - If the JWT cookie is missing, attempt to process an LTPA cookie if it is present. - - Use LTPA cookie if JWT cookie is not present - - - - - - Do not create the JWT cookie. - - Disable JWT cookie - - - - - - A reference to the JWT Builder configuration element in server.xml that describes how to build the JWT token. - - JWT builder reference - jwtBuilder - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - - - - Security role for token management requests. - - Token Manager Role - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Clients are defined in server.xml and tokens are cached in the server. - - Local Store - - - - - - - - - Token store size - - Token store size - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Special subject that has the security role. - - Special Subject - - - - - - - - One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. - - Special subject type - - - - - - - - - All authenticated users. - - - - - All users for every request, even if the request was not authenticated. - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Clients are defined, and tokens and consents are cached in a custom OAuthStore implementation. - - Custom OAuthStore - - - - - - - - Specifies the OAuthStore ID to use for a custom store. The value must match the value of the oauth.store.id property that is specified for the OAuthStore implementation. - - Custom OAuthStore ID - - - - - - The interval to use for cleaning up expired tokens and consents from the custom OAuthStore implementation. The valid range is 0 to Integer.MAX_VALUE in seconds. A value of 0 indicates that no cleanup is performed. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Custom OAuthStore cleanup interval - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - OAuth web application security role map. - - OAuth Role Map - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The grant_type for JWT Token handler - - JWT Grant Type - - - - - - - - The maximum size of cache, which keeps jti data of jwt token, to prevent the jti from being reused. - - Maximum size of cache for jti of jwt token - - - - - - - - - - - - - - - - The time difference allowed between OpenID Connect Client and OpenID Connect Provider systems when they are not synchronized. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - The time difference allowed between systems - - - - - - The time indicates the maximum lifetime of an alive jwt token since its issued-at-time. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Maximum lifetime of a jwt token - - - - - - The iat claim in a jwt token is required. - - Required iat claim in a jwt token - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Security role for client management requests. - - Client Manager Role - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Group that has the security role. - - Group - - - - - - - - Name of a group that has the security role. - - Group name - - - - - - A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified. - - Group access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Security role for authorization code and token requests. - - Authenticated Role - - - - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - OAuth client definition. Only clients defined here can access the provider. - - OAuth Client - - - - - - Array of redirect URIs for use in redirect-based flows such as the authorization code and implicit grant types of the client. The first redirect URI is used as a default, when none is specified in a request. Each URI must be an absolute URI as defined by RFC 3986. - - Array of redirect URIs - - - - - - Grant types the client may use. - - Grant types - - - - - - - - - authorization_code - - - - - implicit - - - - - refresh_token - - - - - client_credentials - - - - - password - - - - - urn:ietf:params:oauth:grant-type:jwt-bearer - - - - - - - - - - Response types the client may use. - - Response types - - - - - - - - - code - - - - - token - - - - - id_token token - - - - - - - - - - Array of URLs supplied by the RP to which it may request that the end-user's user agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. - - Post logout redirection URIs - - - - - - URIs for use by the coverage map. - - Trusted URI prefixes - - - - - - The resource identifiers which are the audiences of the Json Web Token. - - Resource identifiers - - - - - - A list of group ids to be to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_groupIds response parameter from the introspect endpoint. - - Functional user group IDs - - - - - - - Name of the client (sometimes referred to as the Id). - - Name - - - - - - Secret key of the client. - - Secret key - - - - - - Display name of the client. - - Display name - - - - - - The requested authentication method for the token endpoint of the client. - - Token endpoint authentication method - - - - - - - - - none - - - - - client_secret_post - - - - - client_secret_basic - - - - - - - - - - Specify by spaces the list of scopes of the client. - - Scope - - - - - - The type of application best describing the client. - - Application type - - - - - - - - - native - - - - - web - - - - - - - - - - Subject type requested for response to this client. - - Subject type - - - - - - - - - public - - - - - - - - - - Boolean indicating whether the client participates in OpenID session management. - - Session managed - - - - - - Space separated list of scope values that the client can use when requesting access tokens that are deemed to have been pre-approved by the resource owner and therefore does not require the resource owner's consent. - - PreAuthorized scope - - - - - - Boolean value specifying whether the client is allowed to access the introspection endpoint to introspect tokens issued by the authorization server. - - Introspect tokens - - - - - - Allow redirect URLs to contain regular expressions. The default is false. - - Allow regular expression redirects - - - - - - A user identifier to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_id response parameter from the introspect endpoint. - - Functional user ID - - - - - - Client is enabled if true, disabled if false. - - Client enabled - - - - - - When set to true, the OAuth client is allowed to request application passwords. - - Application password allowed - - - - - - When set to true, the OAuth client is allowed to request application tokens. - - Application token allowed - - - - - - Proof key for code exchange support for OAuth clients. - - Proof key for code exchange - - - - - - Specify whether OAuth client is public. - - Public OAuth client - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Clients are defined and tokens are cached in the database. - - Database Store - - - - - - Reference to the data source for the store. - - Data Source - - - - - - - Reference to the data source for the store. - - Data source reference - dataSource - - - - - - The interval to use for cleaning up expired tokens from the database store. The valid range is 0 to Integer.MAX_VALUE in seconds. A value of 0 indicates that no cleanup is performed. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Database cleanup interval - - - - - - User - - User - - - - - - Password used to access the database. - - Password - - - - - - Schema - - Schema - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - User who has the security role. - - User - - - - - - - - Name of a user who has the security role. - - User name - - - - - - A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified. - - User access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - OAuth provider definition. - - OAuth Provider Definition - - - - - - - - - - - - Reference to shared library containing the mediator plugin class. - - Shared Library - - - - - - Mediator plugin class name. - - Mediator class name - - - - - - An OAuth 2.0 grant type, as detailed in the OAuth 2.0 specification, that is allowed for the provider. By default, all grant types are allowed. The supported values are authorization_code, client_credentials, refresh_token, password, implicit and urn:ietf:params:oauth:grant-type:jwt-bearer. - - OAuth grant type - - - - - - Name of a client that is allowed to use auto authorization. - - Auto authorize client - - - - - - The type of token to be produced. One of opaque, jwt, or mpjwt. Mpjwt is microprofile standardized format. The default is opaque. - - Type of JWT token issued - - - - - - - - - opaque - - - - - jwt - - - - - mpjwt - - - - - - - - - - - - - SSL communication between the OAuth client and provider is required. - - Require SSL communication - - - - - - Authorization grant lifetime (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Authorization grant lifetime - - - - - - Authorization code lifetime (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Authorization code lifetime - - - - - - Length of the generated authorization code. - - Authorization code length - - - - - - Time that access token is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Access token lifetime - - - - - - Length of the generated OAuth access token. - - Access token length - - - - - - A value of false disables generation and the use of refresh tokens. - - Refresh token use flag - - - - - - Length of generated refresh token. - - Refresh token length - - - - - - Maximum number of access tokens that can be created by using refresh tokens for a single OAuth client and user combination. - - Refreshed access token limit - - - - - - A value of false disables revocation of associated access tokens when a refresh token is revoked. The default value is true. - - Revoke access tokens when refresh token revoked - - - - - - Reference to shared library containing the mediator plugin class. - - Shared library reference - library - - - - - - A value of false disables the access of public clients as detailed in the OAuth specification. - - Allow public clients to access OAuth provider - - - - - - URL of a custom authorization page template. - - Custom authorization form - - - - - - URL of a custom authorization error page template. - - Custom authorization error form - - - - - - URL of a custom login page. - - Custom login form - - - - - - To use auto authorization, append the autoAuthorize parameter to requests with a value of true. - - Auto authorization parameter - - - - - - To use auto authorization, append the autoAuthorize parameter to requests with a value of true. - - Auto authorization parameter - - - - - - Optional value to replace client URI strings for dynamic host names. - - Client URI substitution - - - - - - Maximum number of entries in the client token cache. - - Client token cache size - - - - - - Token limit for each user and client combination. - - User client token limit - - - - - - URI filter selects requests to be authorized by this provider. - - Request filter - - - - - - Set request character encoding to this value. - - Character encoding - - - - - - If the value is true, then requests matching the filter must have an access token or they will be failed. If false, then matching requests will be checked for other authentication data if no access token is present. - - Fail authentication if OAuth access token missing - - - - - - If the value is true, add the com.ibm.wsspi.security.oauth20.token.WSOAuth20Token as a private credential. - - Include OAuth token in subject - - - - - - Time that an entry in the consent cache is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Consent cache entry lifetime - - - - - - Maximum number of entries allowed in the consent cache. - - Consent cache size - - - - - - - - - - - - - - - - Enable caching to save access tokens in the database and in-memory cache. - - Cache access tokens - - - - - - Enable the authentication of client certificate in the https request. - - Enable client certificate authentication - - - - - - Allow the authentication of a client certificate if a client certificate is included in the https request. This attribute allows client certificates to be used for authentication even if the certAuthentication attribute is set to false. - - Allow client certificate authentication - - - - - - Allow the authentication of an SPNEGO token in the https request. - - Allow SPNEGO authentication - - - - - - Generate the Json Web Token, serialize it as a string and put in the place of the access token. - - Access token is JWT - - - - - - The max-age value (seconds) for the cache-control header of the coverage map service. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Coverage map session max age - - - - - - If the value is true, skip validation of resource owner. - - Skip resource owner validation - - - - - - The encoding type for the stored access token. The default is set to plain, for compatibility with earlier versions. PBKDF2WithHmacSHA512 is recommended. - - Access token encoding - - - - - - - - - plain - - - - - PBKDF2WithHmacSHA512 - - - - - - - - - - Optional URL that the client is redirected to after successfully invoking the logout endpoint. If a URL is not supplied, then a minimal default logout page is used. - - URL used after logout - - - - - - When set to true, OAuth authorization flows that use the resource owner password credentials grant type must use an application password instead of the password configured for a user in the user registry. When this attribute is enabled, OAuth clients must obtain an application password from this OAuth provider to use the password grant type. - - Password grant requires application password - - - - - - Specifies the lifetime of application passwords that are generated by this OAuth provider. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Application password lifetime - - - - - - Specifies the lifetime of application tokens that are generated by this OAuth provider. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Application token lifetime - - - - - - Token limit for each user and client combination. - - Application token or password limit - - - - - - The ID of an existing client that will be used to generate tokens for PersonalTokenManagement and UsersTokenManagement UI pages. - - Client ID used to generate tokens - - - - - - The secret of an existing client that will be used to generate tokens for PersonalTokenManagement and UsersTokenManagement UI pages. - - Client secret used to generate tokens - - - - - - The encoding type for the stored client secret. The default is set to XOR, for compatibility with earlier versions. PBKDF2WithHmacSHA512 is recommended. - - Client secret encoding - - - - - - - - - xor - - - - - PBKDF2WithHmacSHA512 - - - - - - - - - - If the user security name differs from the username that is supplied in the ROPC (Resource Owner Password Credentials) request, then the username is set to the user security name for all tokens that are created by the ROPC grant type. The default is false. If both ropcPreferUserSecurityName and ropcPreferUserPrincipalName are set to true, then ropcPreferUserPrincipalName takes precedence. - - ROPC grant prefers user security name - - - - - - If the user principal name differs from the username that is supplied in the ROPC (Resource Owner Password Credentials) request, then the username is set to the user principal name for all tokens that are created by the ROPC grant type. The default is false. If both ropcPreferUserSecurityName and ropcPreferUserPrincipalName are set to true, then ropcPreferUserPrincipalName takes precedence. - - ROPC grant prefers user principal name - - - - - - Track all OAuth clients that interact with this OAuth provider. - - Track OAuth clients - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Description of service - - OpenID Connect Client Web Application - - - - - - - - Description of service - - Context path - - - - - - - - - OpenID Connect client. - - OpenID Connect Client - - - - - - Specifies custom parameters to send to authorization endpoint of the OpenID Connect provider. - - Custom Parameters For Authorization Endpoint - - - - - - Specifies custom parameters to send to token endpoint of the OpenID Connect provider. - - Custom Parameters For Token Endpoint - - - - - - Specifies a comma-separated list of trusted audiences that is verified against the aud claim in the JSON Web Token. - - Trusted audiences - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - Resource parameter is included in the request. - - Resource request parameter - - - - - - Specifies a comma-separated list of parameter names to forward to the OpenID Connect provider. If a protected resource request includes one or more of the specified parameters, the OpenID Connect client will include those parameters and their values in the authorization endpoint request to the OpenID Connect provider. - - Forward login parameter - - - - - - - OpenID Connect scope (as detailed in the OpenID Connect specification) that is allowed for the provider. - - Scope - - - - - - Specifies a JSON attribute in the ID token that is used as the user principal name in the subject. If no value is specified, the JSON attribute "sub" is used. The value for this property is overridden by the value for userIdentifier, if specified. - - User identity use to create a subject - - - - - - Require SSL communication between the OpenID relying party and provider service. - - Require SSL communication - - - - - - Specifies the grant type to use for this client. Use of the responseType attribute is preferred instead. - - Grant type - - - - - - - - - Authorization code grant type - - - - - Implicit grant type - - - - - - - - - - Identity of the client. - - Client identity - - - - - - Secret key of the client. - - Client secret key - - - - - - After authorization, the relying party will be redirected to this destination, instead of the default. The default is the origin of the relying party request. - - Redirect destination sent to the relying party - - - - - - Specifies a path fragment to be inserted into the redirect URL, after the host name and port. The default is an empty string. - - Path fragment inserted into redirect URL - - - - - - Set this property to false if you do not want to use JavaScript to redirect to the OpenID Connect Provider for the initial authentication request. If JavaScript is not used, any URI fragments that are present in the original inbound request are lost. - - Client side redirect - - - - - - A case-sensitive URL using the HTTPS scheme that contains scheme, host and optionally port number and path components. Specify multiple values as a comma separated list. - - Issuer identifier - - - - - - Specifies whether to map the identity to a registry user. If this is set to false, then the user registry is not used to create the user subject. - - Map identity to registry user - - - - - - A keystore containing the public key necessary for verifying the signature of the ID token. - - Trust keystore - keyStore - - - - - - Key alias name to locate public key for signature validation with asymmetric algorithm. - - Trust alias name - - - - - - Enable the nonce parameter in the authorization code flow. - - Enable the nonce parameter - - - - - - Specifies a realm name to be used to create the user subject when the mapIdentityToRegistryUser is set to false. - - Realm name - - - - - - Specifies an ID of the SSL configuration that is used to connect to the OpenID Connect provider. - - SSL reference - ssl - - - - - - Specifies the signature algorithm that will be used to verify the signature of the ID token. - - ID token signature algorithm - - - - - - - - - Tokens are not required to be signed - - - - - Use the RS256 signature algorithm to sign and verify tokens - - - - - Use the RS384 signature algorithm to sign and verify tokens - - - - - Use the RS512 signature algorithm to sign and verify tokens - - - - - Use the HS256 signature algorithm to sign and verify tokens - - - - - Use the HS384 signature algorithm to sign and verify tokens - - - - - Use the HS512 signature algorithm to sign and verify tokens - - - - - Use the ES256 signature algorithm to sign and verify tokens - - - - - Use the ES384 signature algorithm to sign and verify tokens - - - - - Use the ES512 signature algorithm to sign and verify tokens - - - - - - - - - - Specifies whether to include ID token in the client subject. - - Include ID token in the client subject - - - - - - Specifies whether the LTPA token includes the access token. - - LTPA token includes the access token - - - - - - Specifies the beginning capacity of state cache. The capacity grows bigger when needed by itself. - - Beginning capacity of state cache - - - - - - - - - - - - - - - - Specifies whether to enable host name verification. - - Host name verification enabled - - - - - - Specifies a discovery endpoint URL for an OpenID Connect provider. - - Discovery endpoint URL - - - - - - Specifies an Authorization endpoint URL. - - Authorization endpoint URL - - - - - - Specifies a token endpoint URL. - - Token endpoint URL - - - - - - Specifies a User Info endpoint URL - - UserInfo endpoint URL - - - - - - Specifies whether the User info endpoint is contacted. - - User info endpoint enabled - - - - - - Specifies a JWK endpoint URL. - - JSON web key (JWK) endpoint URL - - - - - - Specifies the client identifier to include in the basic authentication scheme of the JWK request. - - JWK client identifier - - - - - - Specifies the client password to include in the basic authentication scheme of the JWK request. - - JWK client password - - - - - - Specifies the response requested from the provider, either an authorization code or implicit flow tokens. - - Response type - - - - - - - - - Authorization code - - - - - ID token - - - - - ID token and access token - - - - - Access token - - - - - - - - - - Specifies a JSON attribute in the ID token that is used as the user principal name in the subject. If no value is specified, the JSON attribute "sub" is used. - - Principal identifier - - - - - - Specifies a JSON attribute in the ID token that is used as the name of the group that the authenticated principal is a member of. - - Group identifier - - - - - - Specifies a JSON attribute in the ID token that is used as the realm name. - - Realm identifier - - - - - - Specifies a JSON attribute in the ID token that is used as the unique user name as it applies to the WSCredential in the subject. - - Unique identifier - - - - - - The method to use for sending credentials to the token endpoint of the OpenID Connect provider in order to authenticate the client. - - Authentication method of token endpoint - - - - - - - - - basic - - - - - post - - - - - Private key JWT client authentication. - - - - - - - - - - Controls the operation of the token inbound propagation of the OpenID relying party. - - Enable token inbound propagation - - - - - - - - - Support inbound token propagation - - - - - Require inbound token propagation - - - - - Do not support inbound token propagation - - - - - - - - - - The method of validation on the token inbound propagation. - - Method of validating the inbound token - - - - - - - - - Validate inbound tokens using token introspection - - - - - Validate inbound tokens using the userinfo endpoint - - - - - - - - - - Specifies whether a JWT access token that is received for inbound propagation is validated locally by the OpenID Connect client or by using the validation method that is configured by the OpenID Connect client. - - JWT access token remote validation - - - - - - - - - A JWT access token that is received for inbound propagation is parsed and validated locally by the OpenID Connect client. If validation fails, the access token is not validated by using the validation method that is configured by the OpenID Connect client. - - - - - A JWT access token that is received for inbound propagation is parsed and validated locally by the OpenID Connect client. If validation fails, the access token is validated by using the validation method that is configured by the OpenID Connect client. - - - - - A JWT access token that is received for inbound propagation is validated by using the validation method that is configured by the OpenID Connect client. The access token is not parsed or validated locally by the OpenID Connect client. - - - - - - - - - - The name of the header which carries the inbound token in the request. - - Name of the header containing the inbound token - - - - - - The endpoint URL for validating the token inbound propagation. The type of endpoint is decided by the validationMethod. - - Endpoint URL for validation - - - - - - Require the issuer claim to be absent when the OpenID Connect client validates a JWT access token for inbound propagation or when it performs token introspection for inbound propagation. - - Disable issuer checking - - - - - - An authentication session cookie will not be created for inbound propagation. The client is expected to send a valid OAuth token for every request. - - Authentication session cookie disabled - - - - - - Do not create an LTPA Token during processing of the OAuth token. Create a cookie of the specific Service Provider instead. - - Disable LTPA token - - - - - - Specifies whether to use Java system properties when the OpenID Connect client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - Authenticate a user again when its authenticating access token expires and disableLtpaCookie is set to true. - - Reauthenticate when access token expires - - - - - - The time period to authenticate a user again when its tokens are about to expire. The expiration time of an ID token is specified by its exp claim. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Cushion time for reauthentication - - - - - - Specifies whether a custom cache key is used to store users in an authentication cache. If this property is set to true and the cache key for a user is not found in the authentication cache, the user will be required to log in again. Set this property to false when you use the jwtSso feature to allow the security subject to be constructed directly from the jwtSso cookie. Set this property to false when you do not use the jwtSso feature to allow the security subject to be constructed directly from the user registry. If the security subject is reconstructed from the user registry, there will be no SSO components in the subject. If your LTPA cookie is used by more than one server, consider setting this property to false. If your application always requires the SSO components to be present in the subject, you must either set this property to true or use the jwtSso feature. - - Allow custom cache key - - - - - - Specifies the allowed clock skew in seconds when you validate the JSON Web Token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Clock skew - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies whether to create an HttpSession if the current HttpSession does not exist. - - Create session - - - - - - Maximum duration in milliseconds between redirection to the authentication server and return from the authentication server. Cookies expire after this duration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Authentication time limit - - - - - - Duration rate in milliseconds at which the OpenID Connect client checks for updates to the discovery file. The checking is done only if there is an authentication failure. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Next discovery interval - - - - - - Specifies whether JSON Web Tokens can be reused. Tokens must contain a jti claim for this attribute to be effective. The jti claim is a token identifier that is used along with the iss claim to uniquely identify a token and associate it with a specific issuer. A request is rejected when this attribute is set to false and the request contains a JWT with a jti and iss value combination that has already been used within the lifetime of the token. - - Allow re-use of JSON web tokens (JWT) - - - - - - Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JSON Web Encryption (JWE) token. - - Key management key alias - - - - - - Specifies whether authenticated subjects that are created by using a propagated access tokens are cached. - - Enable access token cache - - - - - - Specifies how long an authenticated subject that is created by using a propagated access token is cached. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Access token cache timeout - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies additional parameters to include in the requests to send to the provider. - - Custom Parameters To Include In Requests - - - - - - - - Specifies name of the additional parameter. - - Custom request parameter name - - - - - - Specifies value of the additional parameter. - - Custom request parameter value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify the claims for the scope. - - Scope To Claims Map - - - - - - - - - - Specify a comma-separated list of claims associated with the profile scope. - - Profile scope - - - - - - Specify a comma-separated list of claims associated with the email scope. - - Email scope - - - - - - Specify a comma-separated list of claims associated with the address scope. - - Address scope - - - - - - Specify a comma-separated list of claims associated with the phone scope. - - Phone scope - - - - - - Specify the claims for the scope. - - Scope to claims map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify the user registry key for the claim. - - Claim To User Registry Map - - - - - - - - - - Specify the user registry key that will be retrieved for the name claim. - - Name claim - - - - - - Specify the user registry key that will be retrieved for the given_name claim. - - Given name claim - - - - - - Specify the user registry key that will be retrieved for the picture claim. - - Picture claim - - - - - - Specify the user registry key that will be retrieved for the email claim. - - Email claim - - - - - - Specify the user registry key that will be retrieved for the address claim. - - Address claim - - - - - - Specify the user registry key that will be retrieved for the phone_number claim. - - Phone number claim - - - - - - Specify the user registry key for the claim. - - Claim to user registry map - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specify a property in addition to the parent element properties - - Additional Property - - - - - - - - Specify the name of the property - - Property name - - - - - - Specify the value of the property - - Value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - OpenID Connect server provider - - OpenID Connect Server Provider - - - - - - A reference to the ID of an OAuth provider. - - OAuth Provider Reference - - - - - - The extra claims to be put in the payloads of the ID token, in addition to the default realmName, uniqueSecurityName, and groupIds claims. - - Extra claims of ID token - - - - - - - - - - - - - A reference to the ID of an OAuth provider. - - OAuth provider reference - oauthProvider - - - - - - Specify an issuer identifier for the issuer of the response. - - Issuer identifier - - - - - - When this property is set to true, the default SSO cookie name, ltpaToken2, is used if a custom SSO cookie name is not configured. If a custom cookie name is configured for SSO, that cookie name is used. If a custom cookie name is not configured and this property is set to false, an auto-generated SSO cookie name will be used. - - Allow default SSO cookie name - - - - - - When JWK is enabled, the OpenID Connect provider dynamically generates key pairs for signing JWT tokens that it creates. To validate the signature, the client can retrieve the key from the JWK endpoint, which has the format https://<host_name>:<port_number>/oidc/endpoint/<provider_id>/jwk. When this attribute is false, the provider will use the key that is specified by the keyAliasName attribute to sign the JWT. The provider will still make that key available as a JWK from the JWK endpoint if this attribute is false. - - Enable JSON web key (JWK) - - - - - - Enable caching to save ID tokens in the database and in-memory cache. - - Cache ID tokens - - - - - - Amount of time after which a new JWK will be generated. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. - - JWK rotation time - - - - - - Size measured in bits of the signing key. - - JWK signing key size - - - - - - - - - 1024 bits - - - - - 2048 bits - - - - - 4096 bits - - - - - - - - - - Specify the signature algorithm that will be used to sign the ID token. - - ID token signature algorithm - - - - - - - - - No signature - - - - - RSASSA-PKCS-v1_5 using SHA-256 hash - - - - - HMAC using SHA-256 hash - - - - - - - - - - A keystore containing the private key necessary for signing with an asymmetric algorithm. - - Keystore - keyStore - - - - - - Key alias name to locate the private key for signing with an asymmetric algorithm. - - Key alias name - - - - - - A keystore containing the public key necessary for verifying a signature of the JWT token. - - Trust keystore - keyStore - - - - - - Indicate by true or false whether session management is supported. Default is false. - - Session managed - - - - - - Time that ID token is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - ID token lifetime - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Discovery is based on OpenID Connect and Jazz Authorization Server Profile. - - Discovery - - - - - - Specify by comma the list of the response types that will be supported by the OP. - - Response types supported - - - - - - - - - code - - - - - token - - - - - id_token token - - - - - - - - - - Specify the signature algorithm that will be used to sign the ID token. - - ID token signing algorithms supported - - - - - - - - - No signature - - - - - RSASSA-PKCS-v1_5 using SHA-256 hash - - - - - HMAC using SHA-256 hash - - - - - - - - - - Specify by comma the list of scopes that will be supported. - - Scopes supported - - - - - - Specify by comma the list of claims that will be supported. - - Claims supported - - - - - - Specify by comma the list of the response modes that will be used. - - Response modes supported - - - - - - - - - query - - - - - fragment - - - - - form_post - - - - - - - - - - Specify by comma the list of the grant types that will be used. - - Grant types supported - - - - - - - - - authorization_code - - - - - implicit - - - - - refresh_token - - - - - client_credentials - - - - - password - - - - - urn:ietf:params:oauth:grant-type:jwt-bearer - - - - - - - - - - Specify by comma the list of the token endpoint authentication methods that will be used. - - Token endpoint authentication methods supported - - - - - - - - - none - - - - - client_secret_post - - - - - client_secret_basic - - - - - - - - - - - Indicate by true or false whether claims parameter is supported. - - Claim parameter supported - - - - - - Indicate by true or false whether request parameter is supported. - - Request parameter supported - - - - - - Indicate by true or false whether request URI parameter is supported. - - Request URI parameter supported - - - - - - Indicate by true or false whether require request URI registration is supported. - - Require request URI registration - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies a list of x509 certificates that are used to verify the signature. - - X509 Certificate - - - - - - - - Specifies the path to the x509 certificate. - - X509 certificate path - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the PKIX trust information that is used to evaluate the trustworthiness and validity of XML signatures in a SAML response. Do not specify multiple pkixTrustEngine in a samlWebSso20. - - PKIX Trust Engine - - - - - - Specifies the identities of trusted IdP issuers. If the value is "ALL_ISSUERS", then all IdP identities are trusted. - - Trusted issuers - - - - - - - - - - - A keystore containing the public key necessary for verifying the signature of the SAMLResponse and Assertion. - - Trust keystore or anchor reference - keyStore - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Controls the operation of the Security Assertion Markup Language Web SSO 2.0 Mechanism. - - SAML Web SSO 2.0 Authentication - - - - - - A URI reference identifying an authentication context class that describes the authentication context declaration. The default is null. - - Authentication context class reference - - - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - The header name of the HTTP request which stores the SAML Token. - - Header name - - - - - - The list of audiences which are trusted to verify the audience of the SAML Token. If the value is "ANY", then all audiences are trusted. - - Audiences of SAML token - - - - - - - Enforce using SSL communication when accessing a SAML WebSSO service provider end point such as acs or metadata. - - Require SSL communication - - - - - - Controls the operation of the Security Assertion Markup Language Web SSO 2.0 for the inbound propagation of the Web Services Mechanisms. - - Enable SAML inbound propagation - - - - - - - - - %inboundPropagation.required - - - - - %inboundPropagation.none - - - - - - - - - - Indicates a requirement for the <saml:Assertion> elements received by this service provider to contain a Signature element that signs the Assertion. - - Sign SAML assertion - - - - - - Indicates the required algorithm by this service provider. - - Signature algorithm - - - - - - - - - SHA-256 signature algorithm - - - - - %signatureMethodAlgorithm.SHA128 - - - - - SHA-1 signature algorithm - - - - - - - - - - Specifies whether to create an HttpSession if the current HttpSession does not exist. - - Create session - - - - - - Indicates whether the <samlp:AuthnRequest> messages sent by this service provider will be signed. - - Sign the samlp:AuthnRequest messages - - - - - - Specifies whether to include the x509 certificate in the Liberty SP metadata. - - Include x509 in metadata - - - - - - Indicates whether the IdP should force the user to re-authenticate. - - IdP forces user to re-authenticate - - - - - - Indicates IdP must not take control of the end user interface. - - IdP controls the interface of end user - - - - - - Allow the IdP to create a new account if the requesting user does not have one. - - Allow create new account - - - - - - When an authnContextClassRef is specified, the authnContextComparisonType can be set. - - The comparison type - - - - - - - - - Exact. The authentication context in the authentication statement must be an exact match of at least one of the authentication contexts specified. - - - - - Minimum. The authentication context in the authentication statement must be at least as strong as one of the authentication contexts specified. - - - - - Maximum. The authentication context in the authentication statement must be as strong as possibe without exceeding the strength of at least one of the authentication contexts specified. - - - - - Better. The authentication context in the authentication statement must be stronger than any one of the authentication contexts specified. - - - - - - - - - - Specifies the URI reference corresponding to a name identifier format defined in the SAML core specification. - - Unique identifier of name id format - - - - - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName - - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:entity - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted - - - - - Customized Name ID Format. - - - - - - - - - - Specifies the customized URI reference corresponding to a name identifier format that is not defined in the SAML core specification. - - Customized XML name space of name id format - - - - - - Specifies the IdP metadata file. - - IdP metadata file - - - - - - A keystore containing the private key for the signing of the AuthnRequest, and the decryption of EncryptedAssertion element. The default is the server's default. - - Keystore reference - keyStore - - - - - - Key alias name to locate the private key for signing and decryption. This is optional if the keystore has exactly one key entry, or if it has one key with an alias of 'samlsp'. - - Key alias name - - - - - - Specifies the SAML IdP login application URL to which an unauthenticated request is redirected. This attribute triggers IdP-initiated SSO, and it is only required for IdP-initiated SSO. - - User defined login page URL - - - - - - Specifies an error page to be displayed if the SAML validation fails. If this attribute is not specified, and the received SAML is invalid, the user will be redirected back to the SAML IdP to restart SSO. - - SAML validation error URL - - - - - - This is used to specify the allowed clock skew in minutes when validating the SAML token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - The time difference allowed between systems - - - - - - This property is used to specify how long the Liberty SP should prevent token replay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - The timeout value to prevent token replay - - - - - - Indicates an upper bound on SAML session durations, after which the Liberty SP should ask the user to re-authenticate to the IdP. If the SAML token returned from the IdP does not contain a sessionNotOnOrAfter assertion, the value specified by this attribute is used. This property is only used if disableLtpaCookie=true. The default value is true. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - The default SAML session timeout value - - - - - - Specifies a SAML attribute that is used as the user principal name in the subject. If no value is specified, the NameID SAML assertion element value is used. - - Principal identifier - - - - - - Specifies a SAML attribute that is used as the name of the group that the authenticated principal is a member of. There is no default value. - - Group identifier - - - - - - Specifies a SAML attribute that is used as the unique user name as it applies to the WSCredential in the subject. The default is the same as the userIdentifier attribute value. - - Unique identifier - - - - - - Specifies a SAML attribute that is used as the realm name. If no value is specified, the Issuer SAML assertion element value is used. - - Realm identifier - - - - - - Specifies whether to include a SAML assertion in the subject. - - Include SAML assertion in the subject - - - - - - Specifies how to map an identity to a registry user. The options are No, User, and Group. The default is No, and the user registry is not used to create the user subject. - - Map a SAML identity to a registry user - - - - - - - - - Do not map a SAML identity to a user or group in the registry - - - - - Map a SAML identity to a user defined in the registry - - - - - Map a SAML identity to a group defined in the user registry - - - - - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - When too many authentication requests are created by Service Provider and redirected to IdP due to the application SSO setup, set this attribute to true to prevent creation of the initial request cookie. The default is false. - - Disable initial request cookie creation - - - - - - Do not create an LTPA Token during processing of the SAML Assertion. Create a cookie of the specific Service Provider instead. - - Disable LTPA token - - - - - - Specifies a cookie name for the SAML service provider. The service provider will provide one by default. - - SAML server provider cookie name - - - - - - Specifies a realm name when mapToUserRegistry is set to No or Group. - - Realm name - - - - - - Specifies the life time period of an authnReuqest which is generated and sent from the service provider to an IdP for requesting a SAML Token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - AuthnRequest alive time period - - - - - - The service provider is enabled if true and disabled if false. - - SP enabled - - - - - - Allow generating a custom cache key to access the authentication cache and get the subject. - - Customized cache key - - - - - - Specifies the hostname and port number by which the IdP addresses this SAML service provider. Use this attribute if the browser needs to be redirected to a router or proxy server instead of directly connecting to the service provider. The format for the value for this attribute is (scheme)://(proxyOrRouterHost):(proxyOrRouterPort). For example, https://myRouter.com:443. - - SAML host name and port number - - - - - - Authenticate the incoming HTTP request again when the NotOnOrAfter value in the Conditions element of the SAML Assertion is expired. - - Authenticate again when assertion expires - - - - - - The time period to authenticate the user again when the Subject associated with a SAML Assertion is about to expire. This cushion is applied to both the NotOnOrAfter value in the Conditions element and the SessionNotOnOrAfter attribute of the SAML Assertion. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Cushion time to authenticate again - - - - - - The default landing page for the IdP-initiated SSO if the relayState is missing. This property must be set to a valid URL if useRelayStateForTarget is set to false. - - Target page URL - - - - - - When doing IdP-initiated SSO, this property specifies if the relayState in a SAMLResponse should be used as the target URL. If set to false, the value for targetPageUrl is always used as the target URL. - - Use relayState for target URL - - - - - - The client is redirected to this optional URL after the client invokes the SAML logout endpoint and the logout completes - - URL used after logout - - - - - - Perform a SAML logout when you invoke the HttpServletRequest.logout method or the ibm_security_logout URL. - - Automatic SAML logout - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the list of crls that are used to evaluate the validity of the signature. - - CRL - - - - - - - - Specifies the path to the crl. - - CRL path - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Controls how HTTP sessions are persisted using JCache. - - HTTP Session Cache - Use these properties to tune performance. - - - - - - Identifies JCache provider files. - - Shared Library - - - - - - - - The JCache CacheManager reference that is used to get the HTTP session JCache caches. - - JCache CacheManager - - - - - - - Specifies which session data is written to the persistent store. - - Write contents - - - - - - - - - - Only attributes for which setAttribute is invoked are written to the persistent store. - - - - - Attributes for which getAttribute or setAttribute is invoked are written to the persistent store. This can be useful for applications that use getAttribute to obtain and mutate attribute values without using setAttribute to explicitly request that they be written to the persistent store. - - - - - All attributes are written to the persistent store regardless of whether getAttribute or setAttribute are invoked. - - - - - - - - - - Specifies when session data is written to the persistent store. - - Write frequency - - - - - - - - - - Session data is written to the persistent store after the servlet completes execution. - - - - - Session data is written to the persistent store upon programmatic sync of the IBMSession object. - - - - - Session data is written to the persistent store according to the write interval. - - - - - - - - - - Specifies how often to write session data to the persistent store. This value is used when a time-based write frequency is enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Write interval - - - - - - - Identifies JCache provider files. - - Shared Library - library - - - - - - Vendor-specific JCache configuration URI, which is passed to the JCache provider when the CacheManager is obtained. This setting is ignored when cacheManagerRef is used. - - JCache configuration URI - - - - - - Enable this option to reduce the number of cache updates required to remove invalidated HTTP sessions. Specify an hour of the day when there is the least activity. When this option is disabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions. - - First hour of scheduled invalidation - - - - - - - - - - - - - - - - - - - Enable this option to reduce the number of cache updates required to remove invalidated HTTP sessions. Specify an hour of the day when there is the least activity. When this option is disabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions. - - Second hour of scheduled invalidation - - - - - - - - - - - - - - - - - - - The single character used to separate the session meta cache name. The default value should usually be used. - - Cache name separator - - - - - - - By default, per-application JCache session cache names are generated by using the context root. When the JCache session caches are distributed across multiple servers, multiple applications with the same context root might exist that must not share a session cache. When this option is enabled, application names are included in JCache cache names to help avoid conflicting JCache cache names. The default value is false. - - Use the application name in the cache names - - - - - - - The JCache CacheManager reference that is used to get the HTTP session JCache caches. - - JCache cache manager reference - cacheManager - - - - - - - - - List of vendor-specific JCache configuration properties, which are passed to the JCache provider when the CacheManager is obtained. This setting is ignored when cacheManagerRef is used. - - JCache Configuration Properties - - - - - - - - - List of vendor-specific JCache configuration properties, which are passed to the JCache provider when the CacheManager is obtained. This setting is ignored when cacheManagerRef is used. - - Vendor specific properties - - - - - - - - - Controls how HTTP sessions are persisted to a database. - - HTTP Session Database - - Changing these settings may enhance performance. - Changing these settings may enhance performance, but the default values work for most environments. - These optional settings are only applicable to DB2 databases. - These optional settings are only applicable to Oracle databases. - - - - - - - - The identifier of the data source the session manager should use to persist HTTP session data. - - Data source - - - - - - The database table name. - - Table name - - - - - - When enabled, each session data attribute is placed in a separate row in the database, allowing larger amounts of data to be stored for each session. This configuration can yield better performance when session attributes are very large and few changes are required to the session attributes. When disabled, all session data attributes are placed in the same row for each session. - - Use multi row schema - - - - - - Set this property to "true" to disable index creation on server startup. This custom property should only be used if you want to manually create your own database indices for session persistence. However, it is recommended that you let session manager create database indices. Before enabling this property, make sure that the correct index does exist on your session database. - - Skip index creation - - - - - - Specifies when session data is written to the persistent store. By default, session data is written to the persistent store after the servlet completes execution. Changing this value can improve performance in some environments. - - Write frequency - - - - - - - - - - Session data is written to the persistent store after the servlet completes execution. - - - - - A programmatic sync on the IBMSession object is required to write the session data to the persistent store. - - - - - Session data is written to the persistent store based on the specified write interval value. - - - - - - - - - - Number of seconds that should pass before writing session data to the persistent store. The default is 120 seconds. This value is only used when a time based write frequency is enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. - - Write interval - - - - - - - Specifies how much session data should be written to the persistent store. By default, only updated attributes are written, but all attributes can be written instead (regardless of whether or not they changed). - - Write contents - - - - - - - - - - Only updated attributes are written to the persistent store. - - - - - Attributes for which getAttribute or setAttribute is invoked are written to the persistent store. This can be useful for applications that use getAttribute to obtain and mutate attribute values without using setAttribute to explicitly request that they be written to the persistent store. - - - - - All attributes are written to the persistent store. - - - - - - - - - - Enable this option to reduce the number of database updates required to keep the HTTP sessions alive. Specify the two hours of a day when there is the least activity in the application server. When this option is disabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions. - - Schedule invalidation - - - - - - - Indicates the first hour during which the invalidated sessions are cleared from the persistent store. Specify this value as an integer between 0 and 23. This value is valid only when schedule invalidation is enabled. - - First hour of day - - - - - - - Indicates the second hour during which the invalidated sessions are cleared from the persistent store. Specify this value as an integer between 0 and 23. This value is valid only when schedule invalidation is enabled. - - Second hour of day - - - - - - - Set this property to "true" to maintain affinity to the new member even after original one comes back up. When a cluster member fails, its requests routed to a different cluster member, and sessions are activated in that other member. Thus, session affinity is maintained to the new member, and when failed cluster member comes back up, the requests for sessions that were created in the original cluster member are routed back to it. Allowed values are true or false, with the default being false. Set this property to true when you have distributed sessions configured with time-based write. Note that this property has no affect on the behavior when distributed sessions are not enabled. - - No affinity switchBack - - - - - - - Set this property to "true" to reuse the incoming identifier if the session with that identifier was recently invalidated. This is a performance optimization because it prevents checking the persistent store. - - Use invalidated identifier - - - - - - - A value of true indicates that the last access time of a session should only be updated if a request gets the session. A value of false indicates that the last access time of a session should be updated upon every request. Changing this value can improve performance in some environments. - - Only check in cache during pre invoke - - - - - - - If the user's browser session is moving back and forth across multiple web applications, you might see extra persistent store activity as the in-memory sessions for a web module are refreshed from the persistent store. As a result, the cache identifiers are continually increasing and the in-memory session attributes are overwritten by those of the persistent copy. Set this property to true if you want to prevent the cache identifiers from continually increasing. A value of true indicates that the session manager should assess whether the in-memory session for a web module is older than the copy in persistent store. If the configuration is a cluster, ensure that the system times of each cluster member are as identical as possible. - - Optimize cache identifier increments - - - - - - - Table space page size configured for the sessions table, if using a DB2 database. Increasing this value can improve database performance in some environments. - - DB2 row size - - - - - - - - - - Use the default table space page size of 4 KB. You do not need to create a DB2 buffer pool or table space, and you do not need to specify a table space name. - - - - - Use a table space page size of 8 KB. You must additionally create a DB2 buffer pool and table space, and specify 8KB as the page size for both. You must also specify the name of the table space you created. - - - - - Use a table space page size of 16 KB. You must additionally create a DB2 buffer pool and table space, and specify 16KB as the page size for both. You must also specify the name of the table space you created. - - - - - Use a table space page size of 32 KB. You must additionally create a DB2 buffer pool and table space, and specify 32KB as the page size for both. You must also specify the name of the table space you created. - - - - - - - - - - Table space to be used for the sessions table. This value is only required when the DB2 Row Size is greater than 4KB. - - Table space name - - - - - - - Set this property to "true" if you are using DB2 for session persistence and the currentSchema property is set in the data source. - - Use custom schema name - - - - - - - Set this property to "true" to create the database table using the Binary Large Object (BLOB) data type for the medium column. This value increases performance of persistent sessions when Oracle databases are used. Due to an Oracle restriction, BLOB support requires use of the Oracle Call Interface (OCI) database driver for more than 4000 bytes of data. You must also ensure that a new sessions table is created before the server is restarted by dropping your old sessions table or by changing the datasource definition to reference a database that does not contain a sessions table. - - Use Binary Large Object (BLOB) for medium column - - - - - - - Set the limit of stored data per record, in megabytes. The default is 2 megabytes. - - Oracle row size limit - - - - - - - Additional properties related to session persistence. - - Additional properties - - - - - - - - - The configuration of the social login for Linkedin. - - Linkedin Social Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - - The application or client ID. - - ID of application or client - - - - - - The secret of the application or client. - - Secret of application or client - - - - - - Specifies an Authorization end point URL. - - Authorization end point URL - - - - - - Specifies a token end point URL. - - Token end point URL - - - - - - The URL of retrieving the user information. - - User information URL - - - - - - Specifies required scope. - - OAuth scope - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - Specifies required authentication method. - - Authentication method - - - - - - - - - client_secret_basic - - - - - client_secret_post - - - - - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - Specifies the OAuth response type. - - OAuth response type - - - - - - - - - Authorization code - - - - - - - - - - - - - The configuration of the social login for Google. - - Google Social Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - - The application or client ID. - - ID of application or client - - - - - - The secret of the application or client. - - Secret of application or client - - - - - - Specifies an Authorization end point URL. - - Authorization end point URL - - - - - - Specifies a token end point URL. - - Token end point URL - - - - - - Specifies a JSON Web Key service URL. - - JWK endpoint url - - - - - - Specifies required scope. - - OAuth scope - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - Specifies required authentication method. - - Authentication method - - - - - - - - - client_secret_basic - - - - - client_secret_post - - - - - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - The url of the issuer. - - Issuer - - - - - - The value of the claim is used as the subject realm. - - Claim as the realm - - - - - - The value of the claim is used as the user group membership. - - Claim as the group - - - - - - The value of the claim is used as the subject uniqueId. - - Claim as subject unique id - - - - - - The maximum time difference in milliseconds between when a key is issued and when it can be used. - - Clock skew - - - - - - The algorithm that is used to sign a token or key. - - Signature algorithm - - - - - - Specifies the OAuth response type. - - OAuth response type - - - - - - - - - Authorization code - - - - - ID token and access token - - - - - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - - - - The configuration of the social login for GitHub. - - GitHub Social Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - - The application or client ID. - - ID of application or client - - - - - - The secret of the application or client. - - Secret of application or client - - - - - - Specifies an Authorization end point URL. - - Authorization end point URL - - - - - - Specifies a token end point URL. - - Token end point URL - - - - - - The URL of retrieving the user information. - - User information URL - - - - - - Specifies required scope. - - OAuth scope - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - Specifies required authentication method. - - Authentication method - - - - - - - - - client_secret_basic - - - - - client_secret_post - - - - - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - Specifies the OAuth response type. - - OAuth response type - - - - - - - - - Authorization code - - - - - - - - - - - - - The configuration of the social login for Twitter. - - Twitter Social Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - - Consumer key issued by Twitter. - - Consumer key - - - - - - Consumer secret issued by Twitter. - - Consumer secret - - - - - - The request token endpoint of Twitter. - - Request token URL - - - - - - The user authorization end point URL of Twitter. - - Authorization URL - - - - - - The token end point URL of Twitter. - - Token end point URL - - - - - - The URL of retrieving the user information. - - User information URL - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - - - - Social Login Web Application. - - Social Login Web Application - - - - - - - - The context path that the social login web application redirect servlet listens on. - - Context path - - - - - - When this property is set to true and a custom social media selection page is not configured, the default social media selection page will include inputs for a user name and password. Users may choose to authenticate with a user name and password instead of selecting a social media provider. The user name and password will be verified against the configured user registry. - - Enable local authentication - - - - - - The URL of a custom web page that can display social media options that are available to use for authentication. The value must be an absolute URI that uses the HTTP or HTTPS protocol, or a relative URI. The web page must be able to receive HTTP request parameters that include the server configuration information that is required to display and submit the appropriate options. See the product documentation for more information. - - Social media selection page - - - - - - - - - The configuration of the social login for Facebook. - - Facebook Social Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - - The application or client ID. - - ID of application or client - - - - - - The secret of the application or client. - - Secret of application or client - - - - - - The login authorization end point URL of Facebook. - - Login dialog end point URL - - - - - - Specifies a token end point URL. - - Token end point URL - - - - - - The URL of retrieving the user information. - - User information URL - - - - - - Specifies the required scope from Facebook. - - OAuth permissions - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - Specifies required authentication method. - - Authentication method - - - - - - - - - client_secret_basic - - - - - client_secret_post - - - - - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - Specifies the OAuth response type. - - OAuth response type - - - - - - - - - Authorization code - - - - - - - - - - - - - The configuration of a social login that uses OIDC. - - OIDC Social Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - Specifies custom parameters to send to the authorization endpoint of the OpenID Connect provider. - - Custom Parameters For Authorization Endpoint - - - - - - Specifies custom parameters to send to the token endpoint of the OpenID Connect provider. - - Custom Parameters For Token Endpoint - - - - - - - The unique ID. - - Unique ID - uniqueId - - - - - - The application or client ID. - - ID of application or client - - - - - - The secret of the application or client. - - Secret of application or client - - - - - - Specifies an Authorization end point URL. - - Authorization end point URL - - - - - - Specifies a token end point URL. - - Token end point URL - - - - - - Specifies a UserInfo end point URL. - - Userinfo end point URL - - - - - - Specifies whether the User Info endpoint is contacted. - - Userinfo endpoint enabled - - - - - - Specifies a JSON Web Key service URL. - - JWK endpoint url - - - - - - Specifies required scope. - - OAuth scope - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies a trusted key alias for using the public key to verify the signature of the token. - - Trusted alias name - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - The url of the issuer. - - Issuer - - - - - - The value of the claim is used as the subject realm. - - Claim as the realm - - - - - - The value of the claim is used as the user group membership. - - Claim as the group - - - - - - The value of the claim is used as the subject uniqueId. - - Claim as subject unique id - - - - - - The maximum time difference in milliseconds between when a key is issued and when it can be used. - - Clock skew - - - - - - The algorithm that is used to sign a token or key. - - Signature algorithm - - - - - - Specifies required authentication method. - - Authentication method - - - - - - - - - client_secret_basic - - - - - client_secret_post - - - - - Private key JWT client authentication. - - - - - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - Specifies whether to enable host name verification when the client contacts the provider. - - Host name verification enabled - - - - - - Specifies the OAuth response type. - - OAuth response type - - - - - - - - - Authorization code - - - - - ID token and access token - - - - - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - Specifies a discovery endpoint URL for an OpenID Connect provider. - - Discovery endpoint URL - - - - - - Rate in milliseconds at which the OpenID Connect client checks for updates to the discovery file. The check is done only if an authentication failure exists. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Next discovery interval - - - - - - Specifies the client identifier to include in the basic authentication scheme of the JWK request. - - JWK client identifier - - - - - - Specifies the client password to include in the basic authentication scheme of the JWK request. - - JWK client password - - - - - - Specifies whether to create an HttpSession if the current HttpSession does not exist. - - Create session - - - - - - Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JSON Web Encryption (JWE) token. - - Key management key alias - - - - - - - - - - - - - - - The configuration of social login for OpenShift service accounts. - - OpenShift Service Account Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - The unique ID. - - Unique ID - uniqueId - - - - - - URL that is used to retrieve information about a user from a token. - - User validation API URL - - - - - - The length of time for which the social login feature caches the response from the user validation API. If a response is cached and the length of time that is specified by this attribute has passed, a new request to the user validation API is sent. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - User API response cache time - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - The realm name for this social media. - - Realm name - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - - - - - - - - - - Specifies the information that is used to build the JWT tokens. This information includes the JWT builder reference and the claims from the id token. - - JWT Builder - - - - - - Specifies a comma-separated list of claims to copy from the user information or the id token. - - List of claims to copy to the JWT token - - - - - - - The referenced JWT builder creates a JWT token, and the token is added to the authenticated subject. - - Builder reference - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies additional parameters to include in the requests to send to the provider. - - Custom Parameters To Include In Requests - - - - - - - - Specifies the name of the additional parameter. - - Custom request parameter name - - - - - - Specifies the value of the additional parameter. - - Custom request parameter value - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - The configuration of a generic social media login. - - OAuth Login - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - - - The unique ID. - - Unique ID - uniqueId - - - - - - The name of the social login configuration for display. - - Name of social login - - - - - - The website address. - - Website - - - - - - Specifies an Authorization end point URL. - - Authorization end point URL - - - - - - Specifies a token end point URL. - - Token end point URL - - - - - - Specifies the OAuth response type. - - OAuth response type - - - - - - - - - Authorization code - - - - - - - - - - Specifies required authentication method. - - Authentication method - - - - - - - - - client_secret_basic - - - - - client_secret_post - - - - - - - - - - Specifies an ID of the SSL configuration that is used to connect to the social media. - - SSL reference - ssl - - - - - - Specifies required scope. - - OAuth scope - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Specifies a callback protocol, host, and port number. For example, https://myhost:8020. - - Callback host and port number - - - - - - The application or client ID. - - ID of application or client - - - - - - The secret of the application or client. - - Secret of application or client - - - - - - The value of the claim is authenticated user principal. - - Claim as the principal - - - - - - The URL of retrieving the user information. - - User information URL - - - - - - The realm name for this social media. - - Realm name - - - - - - The value of the claim is used as the subject realm. - - Claim as the realm - - - - - - The value of the claim is used as the user group membership. - - Claim as the group - - - - - - The value of the claim is used as the subject uniqueId. - - Claim as subject unique id - - - - - - Specifies whether to map userIdentifier to registry user. - - Map user identifier - - - - - - Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. - - Is client side redirection supported - - - - - - Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. - - Use system properties for HTTP client connections - - - - - - Indicates which specification to use for the user API. - - User API specification - - - - - - - - - Indicates that the user API can be directly started with an HTTP GET request. - - - - - Indicates that the user API is a Kubernetes TokenReview API. - - - - - internal - - - - - - - - - - Specifies the access token that has permission to call the user API. For OpenShift, the token is from a service account with permission to call the TokenReview API, which usually requires the system:auth-delegator role. - - Access token for user API calls - - - - - - Determines whether the access token that is provided in the request is used for authentication. If true, the client must provide a valid access token. - - Access token authentication required - - - - - - Determines whether to support access token authentication if an access token is provided in the request. If true, and an access token is provided in the request, the access token is used as an authentication token. - - Access token authentication supported - - - - - - Name of the header to use when an OAuth access token is forwarded. - - OAuth access token header name - - - - - - - - - - - - - - - Controls the operation of the Simple and Protected GSS-API Negotiation Mechanism. - - Spnego Authentication - - - - - - Specifies the authentication filter reference. - - Authentication Filter Reference - - - - - - - Specifies the authentication filter reference. - - Authentication filter reference - authFilter - - - - - - Controls whether you want to use the canonical host name. - - Use canonical host name - - - - - - Deprecated: use configFile attribute on the <kerberos> element instead. Specifies the fully qualified Kerberos configuration path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path. - - The Kerberos configuration file with full path - - - - - - Deprecated: use keytab attribute on the <kerberos> element instead. Specifies the fully qualified Kerberos keytab path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path. The Kerberos keytab file contains a list of keys that are analogous to user passwords. It is important for hosts to protect their Kerberos keytab files by storing them on the local disk. - - The Kerberos keytab file name and include path - - - - - - Specifies a list of Kerberos service principal names separated by a comma. - - The Kerberos service principal names (SPN) - - - - - - Specifies that SPNEGO is used to log in to WebSphere Application Server first. However, if the login fails, then the application authentication mechanism is used to log in to the WebSphere Application Server. - - Disable fall back to application authentication - - - - - - Specifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response that is displayed by the browser client application if it does not support SPNEGO authentication. - - SPNEGO not supported error page URL - - - - - - Specifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response, which is displayed by the browser client application. - - NTLM token received error page URL - - - - - - Specifies the URL of a resource that contains the content that SPNEGO includes in the HTTP response. The HTTP response is displayed by the browser client application. - - SPNEGO authentication error page URL - - - - - - Specifies whether SPNEGO removes the suffix of the Kerberos principal user name, starting from the @ that precedes the Kerberos realm name. If this attribute is set to true, the suffix of the principal user name is removed. If this attribute is set to false, the suffix of the principal name is retained. - - Remove the realm name from a Kerberos principal - - - - - - Specifies whether the client delegation credentials should be stored in a client subject. - - Add the client delegation credentials to subject - - - - - - Specifies whether the custom cache key is stored in a client subject and LTPA cookie. If this property is set to true and the cache key for a user is not found in the authentication cache, the user is required to log in again. Set this property to false when you use the SPNEGO feature to allow the security subject to be constructed from the LTPA cookie and the user registry. If the security subject is reconstructed from the LTPA cookie and the user registry, no Kerberos or GSS credentials are included in the subject. If more than one server uses your LTPA cookie, consider setting this property to false. - - Add the custom cache key to subject - - - - - - Do not create an LTPA cookie during processing of the SPNEGO token. No LTPA cookie is added to the HTTP response. - - Disable LTPA cookie - - - - - - - - - Group that has the security role. - - Group - - - - - - - - Name of a group that has the security role. - - Group name - - - - - - A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified. - - Group access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - User who has the security role. - - User - - - - - - - - Name of a user who has the security role. - - User name - - - - - - A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified. - - User access ID - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A collection of role names and mappings of the roles to users, groups, or special subjects - - Feature Authorization Role Mapping - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - A role that is mapped to users and groups in a user registry. - - Security Role - - - - - - - - - - - - - Role name. - - Role name - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Special subject that has the security role. - - Special Subject - - - - - - - - One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. - - Special subject type - - - - - - - - - All authenticated users. - - - - - All users for every request, even if the request was not authenticated. - - - - - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration properties for the Web Services Atomic Transaction feature. - - WS-AtomicTransaction - - - - - - - - When set to true, WS-AtomicTransaction internal event messages sent between the WS-AT coordinator and participant are encrypted using SSL. - - SSL enabled - - - - - - Specifies the SSL configuration to be used for the WS-AtomicTransaction protocol when SSL is enabled. - - SSL reference - ssl - - - - - - Specifies whether additional client authentication is enabled for the WS-AtomicTransaction protocol when SSL is enabled. - - SSL client authentication enabled - - - - - - Optionally specifies the host and port address of a proxy server used to route the WS-AtomicTransaction protocol. - - Proxy server address - - - - - - - - - Web Services Security default configuration for provider. - - WS-Security Provider - - - - - - - Caller token. - - WebSphere Caller - - - - - - Required signature configuration. - - Signature Properties - - - - - - Required encryption configuration. - - Encryption Properties - - - - - - - - - User information to create Username Token. - - User name - - - - - - Password callback handler implementation class. - - Password callback handler - - - - - - Alias used for accessing encryption keystore. - - Encryption alias - - - - - - Alias used for accessing signature keystore. - - Signature alias - - - - - - Whether to cache UsernameToken nonces. - - Nonce cache - - - - - - Collection of additional properties for web services security. - - Additional properties - - - - - - - - - Web Services Security default configuration for client. - - WS-Security Client - - - - - - - Required signature configuration. - - Signature Properties - - - - - - Required encryption configuration. - - Encryption Properties - - - - - - - User information to create Username Token. - - User name - - - - - - User password information needed to create Username Token. - - Password - - - - - - Password callback handler implementation class. - - Password callback handler - - - - - - Alias used for accessing encryption keystore. - - Encryption alias - - - - - - Alias used for accessing signature keystore. - - Signature alias - - - - - - Collection of additional properties for web services security. - - Additional properties - - - - - - - - - Configuration information such as keystore type, keystore password - - WS-Security Encryption - - - - - - - - - JKS, JCEKS or PKCS11 - - Keystore type - - - - - - The default keystore alias to use, if none is specified. - - Keystore alias - - - - - - Password to access keystore file. - - Keystore password - - - - - - Provider used to create Crypto instances. Defaults to "org.apache.ws.security.components.crypto.Merlin". - - WSS4J provider - - - - - - The location of the keystore - - Keystore file - - - - - - The provider used to load keystores. Defaults to installed provider. - - Keystore provider - - - - - - The provider used to load certificates. Defaults to keystore provider. - - Certificate provider - - - - - - The location of an (X509) CRL file to use. - - X509 CRL file - - - - - - The default password used to load the private key. - - Key password - - - - - - The location of the truststore - - Truststore file - - - - - - The truststore password. - - Truststore password - - - - - - The truststore type. - - Truststore type - - - - - - Collection of additional properties for web services security. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Required configuration for caller processing. - - WebSphere Caller - - - - - - - - Specify token name. The options are Usernametoken, X509token, Samltoken. - - Caller token - - - - - - Specifies a SAML attribute that is used as the user principal name in the subject. The default is NameID assertion. - - Principal identifier - - - - - - Specifies a SAML attribute that is used as the name of the group that the authenticated principal is a member of. There is no default value. - - Group identifier - - - - - - Specifies a SAML attribute that is used as the unique user name as it applies to the WSCredential in the subject. The default is the same as the userIdentifier attribute value. - - Unique identifier - - - - - - Specifies a SAML attribute that is used as the realm name. The default is issuer. - - Realm identifier - - - - - - Specifies whether to include a SAML assertion in the subject. - - Include SAML assertion in the subject - - - - - - Specifies how to map an identity to a registry user. The options are No, User, and Group. The default is No, and the user registry is not used to create the user subject. - - Map a SAML identity to a registry user - - - - - - - - - Do not map a SAML identity to a user or group in the registry - - - - - Map a SAML identity to a user defined in the registry - - - - - Map a SAML identity to a group defined in the user registry - - - - - - - - - - Specifies a realm name when mapToUserRegistry is set to No or Group. - - Realm name - - - - - - Allow the generation of a custom cache key to access the authentication cache and get the subject. - - Customized cache key - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Configuration information such as keystore type, keystore password - - WS-Security Signature - - - - - - - - - JKS, JCEKS or PKCS11 - - Keystore type - - - - - - The default keystore alias to use, if none is specified. - - Keystore alias - - - - - - Password to access keystore file. - - Keystore password - - - - - - The location of the keystore - - Keystore file - - - - - - The location of the truststore - - Truststore file - - - - - - The truststore password. - - Truststore password - - - - - - The truststore type. - - Truststore type - - - - - - Provider used to create Crypto instances. Defaults to "org.apache.ws.security.components.crypto.Merlin". - - WSS4J provider - - - - - - The provider used to load keystores. Defaults to installed provider. - - Keystore provider - - - - - - The provider used to load certificates. Defaults to keystore provider. - - Certificate provider - - - - - - The location of an (X509) CRL file to use. - - X509 CRL file - - - - - - The default password used to load the private key. - - Key password - - - - - - Collection of additional properties for web services security. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - Specifies the properties that are used to evaluate the trustworthiness and validity of a SAML Assertion. - - SAML Token Properties - - - - - - - Specify the allowed audiences of the SAML Assertion. Default is all audiences allowed. - - The audience restrictions - - - - - - - Indicates a requirement for the <saml:Assertion> elements received by this service provider to be signed. - - Sign SAML assertion - - - - - - This is used to specify the allowed clock skew in minutes when validating the SAML token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - The time difference allowed between systems - - - - - - Specify whether the Subject Confirmation Method is required in the SAML Assertion. Default is true. - - Subject confirmation method required - - - - - - - - - bearer - - - - - - - - - - Specify the default life time of a SAML Assertion in the case it does not define the NoOnOrAfter condition. Default is 30 minutes. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. - - Default life time - - - - - - Collection of additional properties for web services security. - - Additional properties - - - - - - - - - - - - A unique configuration ID. - - ID - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Specify a configuration resource to include in the server's configuration. - - Include - - - - - Allow the included resource to be skipped if it cannot be found. - - Resource is optional - - - - - - Specifies the resource location. This can be a file path or a URI for a remote resource. - - Location - - - - - - Specifies the behavior that is used to merge elements when conflicts are found. - - On conflict - - - - - - - - - Conflicting elements will be merged together. - - - - - When elements conflict, the element from the included file will replace the conflicting element. - - - - - Conflicting elements in the included file will be ignored. - - - - - - - - - - - Declare a new variable by specifying the name and value for the variable. - - Variable Declaration - - - - - The name of the variable. - - Name - - - - - - The value to be assigned to the variable. - - Value - - - - - - The defaultValue to be assigned to the variable if no value is available. - - Default value - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + Defines the properties of a web application. + + Web Application + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start After + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + + + + + + + + + + + + Location of an application expressed as an absolute path or a path relative to the server-level apps directory. + + Location + + + + + + Name of an application. + + Name + + + + + + Indicates whether or not the server automatically starts the application. + + Automatically start + + + + + + Enables use of Jandex index files if they are supplied in the application + + Use Jandex + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start after + application + webApplication + enterpriseApplication + ejbApplication + resourceAdapter + springBootApplication + + + + + + Defines the settings for an application classloader. + + Classloader + classloader + + + + + + Context root of an application. + + Application context root + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines the properties of an enterprise application. + + Enterprise Application + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start After + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + + + + + + + + + + + + + Location of an application expressed as an absolute path or a path relative to the server-level apps directory. + + Location + + + + + + Name of an application. + + Name + + + + + + Indicates whether or not the server automatically starts the application. + + Automatically start + + + + + + Enables use of Jandex index files if they are supplied in the application + + Use Jandex + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start after + application + webApplication + enterpriseApplication + ejbApplication + resourceAdapter + springBootApplication + + + + + + Defines the settings for an application classloader. + + Classloader + classloader + + + + + + Default client module of an enterprise application. + + Default client module + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a trust association interceptor. + + Trust Association Interceptor + + + + + + A reference to the ID of the shared library configuration. + + Shared Library + + + + + + + + Enables or disables the interceptor. + + Enable interceptor + + + + + + Fully-qualified package name of the interceptor class. + + Class name + + + + + + Invoke an interceptor before single sign-on (SSO). + + Invoke an interceptor before SSO + + + + + + Invoke an interceptor after single sign-on (SSO). + + Invoke an interceptor after SSO + + + + + + A reference to the ID of the shared library configuration. + + Shared library + library + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Controls the operation of the trust association interceptor (TAI). + + Trust Association Interceptor + + + + + + + + Controls whether the TAI is invoked for an unprotected URI. + + Invoke TAI for unprotected URI + + + + + + Allow an interceptor to fall back to the application authentication mechanism. + + Allow fall back to application authentication + + + + + + Reserved for the future use. + + Continue after TAI for an unprotected URI + + + + + + Do not create an LTPA cookie for the trust association interceptor (TAI). + + Disable LTPA cookie + + + + + + Select whether to initialize the trust association interceptor (TAI) at the first incoming request or at the server startup. The default is to initialize the TAI at the server startup. + + Initialize the TAI at the first incoming request + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Collection of properties for the interceptor. + + Interceptor Properties + + + + + + + + + + Collection of properties for the interceptor. + + Interceptor properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the remote host TCP/IP address of the client application that sent the HTTP request, for example, remoteAddress id="sample" ip="100.100.100.99" matchType="greaterThan". + + Remote Address + + + + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + Greater than + + + + + Less than + + + + + + + + + + Specifies the remote host TCP/IP address. + + IP address + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the HTTP request URL, for example, requestUrl id="sample" urlPattern="/account/checking|/account/saving" matchType="contains". + + Request URL + + + + + + + + + Specifies the URL pattern. The * character is not supported to be used as a wildcard. + + URL pattern + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the HTTP request header attribute name, for example, requestHeader id="sample" name="email" value="Kevin@yahoo.com|Steven@gmail.com" matchType="contains". + + Request Header + + + + + + + + + Specifies the name. + + Name + + + + + + The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains". + + Value + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the user agent, for example, userAgent id="sample" agent="Mozilla/5.0" matchType="contains". + + User Agent + + + + + + + + + Specifies the browser's user agent to help identify which browser is being used. + + Agent + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the name of the cookie that the client sends in the HTTP request, for example, cookie id="sample" name="LtpaToken2" matchType="equals". If the cookie element is configured and there is no cookie in the HttpServletRequest, then the authentication filter sets the cookie name to blank. + + Cookie + + + + + + + + + Specifies the name. + + Name + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the web application name, for example, webApp id="sample" name="app1|app2" matchType="notContain". + + Web Application + + + + + + + + + Specifies the name. + + Name + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the hostname, for example, host id="sample" name="host.mycomp.com" matchType="contains". + + Host + + + + + + + + + Specifies the name. + + Name + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies a selection rule that represents conditions that are matched against the HTTP request headers. If all conditions are met, the HTTP request is selected for the authentication. When the value for the matchType attribute is notContain or contains, the filter supports a piped list of values. + + Authentication Filter + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Properties that control the behavior of the application manager + + Application Manager + + + + + + + + + Enables automatic extraction of WAR files and EAR files + + Automatically expand applications + + + + + + Enables use of Jandex index files if they are supplied in the application + + Use Jandex + + + + + + Specifies how long the server waits for an application to start before it considers it slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Start timeout + + + + + + Specifies how long the server waits for an application to stop before it considers it slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Stop timeout + + + + + + The expandLocation attribute enables a user to set the location where the autoExpanded application is located. The default location is ${server.config.dir}/apps/expanded/. + + Expand location + + + + + + + Defines how the server responds to application additions, updates, and deletions. + + Application Monitoring + + + + + + + + + Rate at which the server checks for application additions, updates, and deletions. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Application update polling rate + + + + + + Location of the application drop-in directory expressed as an absolute path or a path relative to the server directory. + + Application drop-in directory + + + + + + Monitor the drop-in directory for application additions, updates, and deletions. + + Monitor application drop-in directory + + + + + + Application update method or trigger. + + Application update trigger + + + + + + + + + Server will scan for application changes at the polling interval and update any applications that have detectable changes. + + + + + Server will only update applications when prompted by an MBean called by an external program such as an integrated development environment or a management application. + + + + + Disables all update monitoring. Application changes will not be applied while the server is running. + + + + + + + + + + + Defines the properties of an application. + + Application + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start After + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + + + + + + + + + + + + + Location of an application expressed as an absolute path or a path relative to the server-level apps directory. + + Location + + + + + + Name of an application. + + Name + + + + + + Type of application archive. + + Application type + + + + + + Context root of an application. + + Application context root + + + + + + Indicates whether or not the server automatically starts the application. + + Automatically start + + + + + + Enables use of Jandex index files if they are supplied in the application + + Use Jandex + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start after + application + webApplication + enterpriseApplication + ejbApplication + resourceAdapter + springBootApplication + + + + + + Defines the settings for an application classloader. + + Classloader + classloader + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Global classloading + + Classloading + + + + + + + + + Whether to use jar: or wsjar: URLs for referencing files in archives + + Use jar: URLs + + + + + + + The default implementation of the audit file handler which emits audit events to a text file. + + Default Audit File Handler + + + + + + A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log. + + Event + + + + + + Location of the keystore containing the certificate used to encrypt the audit records. + + Audit Encryption Keystore Reference + + + + + + Location of keystore that contains the personal certificate that is used to sign the audit records. + + Audit Signing Keystore Location + + + + + + + A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log. + + Event + auditEvent + + + + + + The maximum size, in MB, of each audit file log. + + Audit file log size + + + + + + + + + + + + + + + Maximum number of audit file logs to save before the oldest audit file log is wrapped. If an enforced maximum file size exists, this setting is used to determine how many of each of the logs files are kept. + + Maximum number of audit file logs + + + + + + + + + + + + + + + Location where the audit file log(s) will be written to. If not specified, the audit logs are written to the default log location for the server, WLP_OUTPUT_DIR/serverName/logs. + + Audit file location + + + + + + Indicates whether the audit records in the audit file log will be signed. Default behavior is to not sign the audit records. + + Sign the audit records in the audit log file + + + + + + Indicates whether the audit records in the audit file log will be encrypted. Default behavior is to not encrypt the audit records. + + Encrypt the audit records in the audit file log + + + + + + Alias name of the certificate that is used to encrypt the audit records. + + Alias name of certificate for encrypting + + + + + + Location of the keystore containing the certificate used to encrypt the audit records. + + Audit encryption keystore reference + keyStore + + + + + + Alias name of the personal certificate that is used to sign the audit records. + + Alias name of personal certificate for signing + + + + + + Location of keystore that contains the personal certificate that is used to sign the audit records. + + Audit signing keystore location + keyStore + + + + + + When set to true, the entire audit record, which is in JSON format, will be printed on one line within the audit log. + + Compact json record format + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Collection of login module options. + + Login Module Options + + + + + + + + + + Collection of login module options. + + Login module options + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The JAAS login context entry configuration. + + JAAS Login Context Entry + + + + + + + + + Name of a JAAS configuration entry. + + Entry name + + + + + + A reference to the ID of a JAAS login module. + + Login module reference + jaasLoginModule + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A login module in the JAAS configuration. + + JAAS Login Module + + + + + + A reference to the ID of the resource adapter or application that provides the JAAS login module class. Specify this configuration attribute only if you do not specify a shared library reference. + + Class Provider + + + + + + A reference to the ID of the shared library configuration. + + Shared Library + + + + + + A collection of JAAS Login module options + + JAAS Login Module Options + + + + + + + Fully-qualified package name of the JAAS login module class. + + Class name + + + + + + The login module's control flag. Valid values are REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL. + + Login module control flag + + + + + + + + + This LoginModule is REQUIRED as per the JAAS specification. The LoginModule is required to succeed. + + + + + This LoginModule is REQUISITE as per the JAAS specification. The LoginModule is required to succeed. If authentication fails, no other LoginModules will be called and control is returned to the caller. + + + + + This LoginModule is SUFFICIENT as per the JAAS specification. The LoginModule is not required to succeed. If authentication is successful, no other LoginModules will be called and control is returned to the caller. + + + + + This LoginModule is OPTIONAL as per the JAAS specification. The LoginModule is not required to succeed. + + + + + + + + + + A reference to the ID of the resource adapter or application that provides the JAAS login module class. Specify this configuration attribute only if you do not specify a shared library reference. + + Class provider + application + webApplication + enterpriseApplication + ejbApplication + resourceAdapter + springBootApplication + + + + + + A reference to the ID of the shared library configuration. + + Shared library + library + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Overrides defaults that are specified in the root attributes of requestTiming for JDBC requests. + + JDBC Timing + + + + + + + + + The name of the datasource that is being monitored. The datasource name is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all datasource names are monitored. + + Datasource name + + + + + + The SQL statement that is being monitored. The SQL statement is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all SQL statements are monitored. + + Query name + + + + + + Duration of time that a JDBC request can run before being considered slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Slow request threshold + + + + + + Duration of time that a JDBC request can run before being considered hung. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Hung request threshold + + + + + + Indicates whether thread dumps are created when a hung request is detected. When this value is set to true (default), thread dumps are created. When set to false, thread dumps are not created. + + Enable thread dumps + + + + + + Indicates whether a JDBC request that is hung is to be interrupted. A value of true causes the requestTiming-1.0 feature to attempt to interrupt the hung request. A value of false allows the request to continue to run. + + Interrupt hung requests + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Overrides defaults that are specified in the root attributes of requestTiming for servlet requests. + + Servlet Timing + + + + + + + + + The name of the application that is being monitored. The application name is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all applications are monitored. + + Application name + + + + + + The name of the servlet that is being monitored. The servlet name is provided by the context information in the eventLogging-1.0 service. If this attribute is not provided, all servlets are monitored. + + Servlet name + + + + + + Duration of time that a servlet request can run before being considered slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Slow request threshold + + + + + + Duration of time that a servlet request can run before being considered hung. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Hung request threshold + + + + + + Indicates whether thread dumps are created when a hung request is detected. When this value is set to true (default), thread dumps are created. When set to false, thread dumps are not created. + + Enable thread dumps + + + + + + Indicates whether a servlet request that is hung is to be interrupted. A value of true causes the requestTiming-1.0 feature to attempt to interrupt the hung request. A value of false allows the request to continue to run. + + Interrupt hung requests + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A member of a Basic User Registry group. + + Group Member + + + + + + + + + Name of a user in a Basic User Registry group. + + User name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A simple XML-based user registry. + + Basic User Registry + + + + + + A user in a Basic User Registry. + + User + + + + + + A group in a Basic User Registry. + + Group + + + + + + + The realm name represents the user registry. + + Realm name + + + + + + Allow case-insensitive user name authentication. + + Case-insensitive authentication + + + + + + Specifies the X.509 certificate authentication mapping mode for the basic registry: PRINCIPAL_CN, CUSTOM, or NOT_SUPPORTED. + + Certificate map mode + + + + + + + + + The basic registry attempts to authenticate the X.509 certificate by mapping the PrincipalName value in the X.509 certificate to the exact distinguished name (DN) in the repository. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. + + + + + The basic registry attempts to authenticate the X.509 certificate by using the custom X509CertificateMapper implementation that is specified by the certificateMapperId attribute. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. + + + + + The LDAP registry does not support X.509 certificate authentication. Attempts to authenticate with an X.509 certificate fail, and a CertificateMapNotSupportedException exception is thrown. + + + + + + + + + + Specifies the X509CertificateMapper to use when the X.509 certificate authentication mapping mode is CUSTOM. The value must match the value of the 'x509.certificate.mapper.id' property that is specified for the X509CertificateMapper implementation. + + Certificate mapper ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A group in a Basic User Registry. + + Group + + + + + + A member of a Basic User Registry group. + + Group Member + + + + + + + Name of a group in a Basic User Registry. + + Group name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A user in a Basic User Registry. + + User + + + + + + + + + Name of a user in a Basic User Registry. + + User name + + + + + + Password of a user in a Basic User Registry. The value can be stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option. + + Password + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configures the Batch persistence store. + + Batch Persistence + + + + + + Persistent store for batch data. + + Batch Persistent Store + + + + + + + Persistent store for batch data. + + Batch persistent store reference + databaseStore + + + + + + + Configures the Batch JMS dispatcher. + + Batch JMS Dispatcher + + + + + + The identifier of the JMS connection factory that the Batch dispatcher should use to obtain JMS connections. + + JMS Connection Factory + + + + + + The identifier of the JMS queue that the Batch JMS dispatcher uses to send JMS messages. + + JMS Queue + + + + + + + The identifier of the JMS connection factory that the Batch dispatcher should use to obtain JMS connections. + + Batch dispatcher connection factory reference + jmsConnectionFactory + + + + + + The identifier of the JMS queue that the Batch JMS dispatcher uses to send JMS messages. + + Batch dispatcher queue reference + jmsQueue + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configures the Batch JMS executor. + + Batch JMS Executor + + + + + + The identifier of the JMS activation specification that the Batch executor uses to create JMS listeners. + + JMS Activation Specification + + + + + + The identifier of the JMS queue that the Batch activation specification uses to listen for batch JMS messages. + + JMS Queue + + + + + + The identifier of the JMS connection factory that the Batch executor should user to obtain JMS connections. + + JMS Connection Factory + + + + + + The name of the operation group + + Group name + + + + + + + The identifier of the JMS activation specification that the Batch executor uses to create JMS listeners. + + Batch activation specification reference + jmsActivationSpec + + + + + + The identifier of the JMS queue that the Batch activation specification uses to listen for batch JMS messages. + + Batch executor queue reference + jmsQueue + + + + + + The identifier of the JMS connection factory that the Batch executor should user to obtain JMS connections. + + Batch executor reply connection factory reference + jmsConnectionFactory + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configure the Batch JMS events. + + Batch JMS Events + + + + + + The identifier of the JMS connection factory. + + JMS Connection Factory + + + + + + + The identifier of the JMS connection factory. + + Batch events connection factory reference + jmsConnectionFactory + + + + + + The root of the batch JMS event topic tree. The default topic tree root value is 'batch'. + + JMS event topic root + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + This feature enables the configuration of Basic Extensions using Liberty Libraries (BELL). A BELL enables the server runtime to be extended using shared libraries. + + BELL + + + + + + The library to use for the BELL. + + Library + + + + + + The name of the service that the system will look up in the /META-INF/services folder. If not specified, the system discovers all services located in the META-INF/services folder. + + Service type + + + + + + Name="Value" pairs the system will pass to a service implementation at creation and update. The service implementation class must declare a public constructor, or a public method named updateBell, with a single parameter of type java.util.Map<String, String>. + + Properties + + + + + + + The library to use for the BELL. + + The library reference + library + + + + + + Indicates whether the system makes feature SPI packages visible to the library referenced by the BELL. Enable SPI visibility whenever the BELL provides services that use feature SPI. + + Enable SPI visibility + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Name="Value" pairs the system will pass to a service implementation at creation and update. The service implementation class must declare a public constructor, or a public method named updateBell, with a single parameter of type java.util.Map<String, String>. + + Properties + + + + + + + + + + Name="Value" pairs the system will pass to a service implementation at creation and update. The service implementation class must declare a public constructor, or a public method named updateBell, with a single parameter of type java.util.Map<String, String>. + + Properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Binary trace options. The binary trace can be viewed using the logViewer command. + + Binary Trace + + + + + + + + + Specifies the maximum size for the binary trace repository in megabytes. When the value for purgeMaxSize is specified with a value of more than 0, cleanup based on repository size is enabled, otherwise it is disabled; a value of 0 means no limit. + + Maximum repository size + com.ibm.hpel.trace.purgeMaxSize + + + + + + + + + + + + + + + Specifies the duration, in hours, after which a server can remove a trace record. When the value for purgeMinTime is specified with a value of more than 0, cleanup based on trace record age is enabled, otherwise it is disabled; a value of 0 means no limit. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h. + + Minimum retention time + com.ibm.hpel.trace.purgeMinTime + + + + + + Makes the server close the active trace file and start a new one at the specified hour of the day. When the value for fileSwitchTime is specified, file switching is enabled, otherwise it is disabled. + + Hour of the day to switch file + com.ibm.hpel.trace.fileSwitchTime + + + + + + + + + + + + + + + + Specifies whether to allow a small delay in saving records to the disk for improved performance. When bufferingEnabled is set to true, records will be briefly held in memory before being written to disk. + + Enable output buffering + com.ibm.hpel.trace.bufferingEnabled + + + + + + Specifies the action to perform when the file system where records are kept runs out of free space. When outOfSpaceAction is set to "StopLogging" the server will stop tracing when records are not able to be written to disk. When this attribute is set to "PurgeOld" the server will attempt to delete the oldest records from the binary trace repository to make space for new records. When this attribute is set to "StopServer" binary trace will stop the server when records cannot be written. + + Action if data can't be stored + com.ibm.hpel.trace.outOfSpaceAction + + + + + + + + + Stop Server + + + + + Remove old records + + + + + Stop Logging + + + + + + + + + + + Binary logging options. The binary log can be viewed using the logViewer command. + + Binary Log + + + + + + + + + Specifies the maximum size for the binary log repository in megabytes. When the value for purgeMaxSize is specified with a value of more than 0, cleanup based on repository size is enabled, otherwise it is disabled; a value of 0 means no limit. + + Maximum repository size + com.ibm.hpel.log.purgeMaxSize + + + + + + + + + + + + + + + Specifies the duration, in hours, after which a server can remove a log record. When the value for purgeMinTime is specified with a value of more than 0, cleanup based on log record age is enabled, otherwise it is disabled; a value of 0 means no limit. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h. + + Minimum retention time + com.ibm.hpel.log.purgeMinTime + + + + + + Makes the server close the active log file and start a new one at the specified hour of the day. When the value for fileSwitchTime is specified, file switching is enabled, otherwise it is disabled. + + Hour of the day to switch file + com.ibm.hpel.log.fileSwitchTime + + + + + + + + + + + + + + + + Specifies whether to allow a small delay in saving records to the disk for improved performance. When bufferingEnabled is set to true, records will be briefly held in memory before being written to disk. + + Enable output buffering + com.ibm.hpel.log.bufferingEnabled + + + + + + Specifies the action to perform when the file system where records are kept runs out of free space. When outOfSpaceAction is set to "StopLogging" the server will stop logging when records are not able to be written to disk. When this attribute is set to "PurgeOld" the server will attempt to delete the oldest records from the binary log repository to make space for new records. When this attribute is set to "StopServer" the binary log will stop the server when records cannot be written. + + Action if data can't be stored + com.ibm.hpel.log.outOfSpaceAction + + + + + + + + + Stop Server + + + + + Remove old records + + + + + Stop Logging + + + + + + + + + + + Controls the built-in authentication service configuration. + + Authentication + + + + + + + + + Enables the authentication cache. + + Enable authentication cache + + + + + + Allow an application to login with just an identity in the hashtable properties. Use this option only when you have applications that require this and have other means to validate the identity. + + Allow hashtable login with ID only + + + + + + Specifies whether to return displayName for programmatic APIs like getRemoteUser, getCallerPrincipal, getUserPrincipal when using Custom User Registry. + + Use displayName as securityName in customUR + + + + + + + Controls the operation of the authentication cache. + + Authentication Cache + + + + + + The JCache cache reference that is used as the authentication cache. + + JCache Cache Reference + + + + + + + The initial number of entries that are supported by the in-memory authentication cache. This setting does not apply to the JCache cache. + + Initial cache size + + + + + + + + + + + + + + + The maximum number of entries that are supported by the in-memory authentication cache. This setting does not apply to the JCache cache. + + Maximum cache size + + + + + + + + + + + + + + + The duration until an entry in the in-memory authentication cache is removed. This setting does not apply to the JCache cache. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Cache eviction timeout + + + + + + Allow lookup by user ID and hashed password. + + Allow lookup by user ID and hashed password + + + + + + The JCache cache reference that is used as the authentication cache. + + JCache cache reference + cache + + + + + + + System-wide settings for Kerberos authentication + + Kerberos + + + + + + + + + The path of the keytab file that is used to obtain the principal's secret key. If unspecified, the keytab from the Kerberos configuration file is used. If a keytab file is not specified in the Kerberos configuration file, then the location {user.home}/krb5.keytab is checked. + + Kerberos keytab file + + + + + + The location of an MIT style krb5.conf configuration file. The location is passed to the JDK implementation of the Kerberos APIs by using the java.security.krb5.conf system property. If unspecified, the krb5.conf file is searched for according to the JDK implementation of the Kerberos APIs. + + Kerberos conf file + + + + + + + Defines the behavior of the Contexts and Dependency Injection (CDI). + + Contexts And Dependency Injection + + + + + + + + + The implicit bean archives are scanned for any bean discoveries. The default value is true. Only applies to CDI 1.2 or newer. + + Enable scanning implicit bean archives + + + + + + CDI 4.0 and later consider an archive with an empty beans.xml file to be an implicit bean archive (bean-discovery-mode=ANNOTATED). This property allows an empty beans.xml file to be treated as it was in CDI 3.0 (bean-discovery-mode=ALL). The default value is false. Only applies to CDI 4.0 or newer. + + CDI 3.0 compatibility for empty beans.xml files + + + + + + + Defines the behavior of the Contexts and Dependency Injection (CDI) v1.2 or newer. + + Contexts And Dependency Injection V1.2 Or Newer + + + + + + + + + The implicit bean archives are scanned for any bean discoveries. The default value is true. + + Enable scanning implicit bean archives + + + + + + + Defines channel and chain management settings. + + Channel Framework + + + + + + + + + Time interval between start retries. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Chain restart interval + + + + + + Number of retry attempts to make per chain. + + Chain restart attempts + + + + + + + + + + + + + + + Default amount of time to wait while quiescing chains. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Quiesce timeout + + + + + + Amount of time to wait before notifying of a missing factory configuration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Warning wait time + + + + + + + Defines TCP protocol settings. + + TCP Options + + + + + + + + + Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Inactivity timeout + + + + + + Enables immediate rebind to a port with no active listener. + + SO_REUSEADDR socket option + + + + + + A comma-separated list of addresses that are allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000". + + Address include list + + + + + + A comma-separated list of addresses that are not allowed to make inbound connections on this endpoint. You can specify IPv4 or IPv6 addresses. All values in an IPv4 or IPv6 address must be represented by a number or by an asterisk wildcard character. As examples, valid IPv4 addresses for this list include "*.1.255.0", "254.*.*.9", and "1.*.*.*", and valid IPv6 addresses include "0:*:*:0:007F:0:0001:0001", "F:FF:FFF:FFFF:1:01:001:0001", and "1234:*:4321:*:9F9f:*:*:0000". + + Address exclude list + + + + + + A comma-separated list of host names that are allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid. + + Host name include list + + + + + + A comma-separated list of host names that are not allowed to make inbound connections on this endpoint. Host names are not case-sensitive and can start with an asterisk, which is used as a wildcard character. However, asterisks cannot be elsewhere in the host name. For example, *.abc.com is valid, but *.abc.* is not valid. + + Host name exclude list + + + + + + Number of retries to open a TCP/IP port during server startup. There will be a one second delay between retries, until the opening is successful or the port open retry number is reached. + + Port open retries + + + + + + + + + + + + + + + + If true, then listening ports do not share the same thread for accepting connections. Otherwise, they share the same thread. + + Accept thread + + + + + + Defines the maximum number of connections allowed to be open on this endpoint. + + Max open connections + + + + + + Queries whether this TCP Channel will delay accepting connections until the server starts. If false, connections are closed until the server starts. If true, the value for the acceptThread tcpOption is also set to true, and connections are delayed until the server starts. + + Wait to accept + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Classloader context propagation configuration. + + Classloader Context + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + List of library references. Library class instances are unique to this classloader, independent of class instances from other classloaders. + + Library + + + + + + List of library references. Library class instances are shared with other classloaders. + + Shared Library + + + + + + List of class provider references. When searching for classes or resources, this class loader will delegate to the specified class providers after searching its own class path. + + Class Provider + + + + + + + Controls whether parent classloader is used before or after this classloader. If parent first is selected then delegate to immediate parent before searching the classpath. If parent last is selected then search the classpath before delegating to the immediate parent. + + Delegation + + + + + + + + + Parent first + + + + + Parent last + + + + + + + + + + List of library references. Library class instances are unique to this classloader, independent of class instances from other classloaders. + + Library references + library + + + + + + List of library references. Library class instances are shared with other classloaders. + + Shared library references + library + + + + + + List of class provider references. When searching for classes or resources, this class loader will delegate to the specified class providers after searching its own class path. + + Class provider references + resourceAdapter + + + + + + The types of API packages that this class loader supports. This value is a comma-separated list of any combination of the following API packages: spec, ibm-api, api, stable, third-party. If a prefix of pass:[+] or - is added to API types, those API types are added or removed, respectively, from the default set of API types. Common usage for the prefix, pass:[+]third-party, results in "spec, ibm-api, api, stable, third-party". The prefix, -api, results in "spec, ibm-api, stable". + + Allowed API types + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Folder containing resources such as .properties and .class files + + Folder + + + + + + + + + Directory or folder to be included in the library classpath for locating resource files + + Folder + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Add a file to be included in this library + + File + + + + + + + + + Fully qualified filename + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Shared Library + + Shared Library + + + + + + Id of referenced Fileset + + Fileset + + + + + + Id of referenced folder + + Folder + + + + + + Id of referenced File + + File + + + + + + + Name of shared library for administrators + + Name + + + + + + Description of shared library for administrators + + Description + + + + + + Id of referenced Fileset + + Fileset reference + fileset + + + + + + The types of API packages that this class loader supports. This value is a comma-separated list of any combination of the following API packages: spec, ibm-api, api, stable, third-party. + + Allowed API types + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for a Cloudant Database. + + Cloudant Database + + + + + + Specifies the builder for the Cloudant Client that will be used when connecting to this database. + + Cloudant Builder + + + + + + + Specifies the builder for the Cloudant Client that will be used when connecting to this database. + + Cloudant builder reference + cloudant + + + + + + Indicates that the Cloudant Client should create the database if it does not already exist. + + Create database + + + + + + Name of the database. + + Database name + + + + + + JNDI name. + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for a Cloudant Builder. A Cloudant Builder creates Cloudant Client instances, which can connect to a Cloudant Database. + + Cloudant Builder + Additional properties for more advanced usage. + + + + + + Specifies a library that contains the Cloudant Client library and its dependencies. + + Cloudant Java Driver Library + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Default Container Managed Authentication Data + + + + + + Specifies the SSL configuration that is needed to establish a secure connection. + + Secure Socket Layer + + + + + + + + + Specifies a library that contains the Cloudant Client library and its dependencies. + + Cloudant client java driver library reference + library + + + + + + Disables host name verification and certificate chain validation. + + Disable SSL authentication + + + + + + + JNDI name. + + JNDI name + jndiName + + + + + + URL for the Cloudant server, which includes the host and port. + + URL + + + + + + Account name used to connect to a Cloudant database. + + Account name + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Default container managed authentication data + authData + + + + + + The Cloudant user ID used to log in and access your databases. + + Cloudant user ID + + + + + + Password corresponding to your Cloudant user ID. + + Password + + + + + + The timeout to establish a connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Connection timeout + + + + + + + The maximum number of concurrent connections that a Cloudant Client can make to the host. + + Maximum connections + + + + + + + + + + + + + + + + The URL of a proxy server to use when connecting to a Cloudant server. + + Proxy URL + + + + + + + User name for a proxy server to use when connecting to a Cloudant server. + + Proxy user + + + + + + + Password corresponding to the user name for a proxy server to use when connecting to a Cloudant server. + + Proxy password + + + + + + + Timeout value to wait for a response from an established client connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Read timeout + + + + + + + Specifies the SSL configuration that is needed to establish a secure connection. + + Secure socket layer reference + + + ssl + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Authentication alias for a connection to an Enterprise Information System (EIS) or database. + + Authentication Data + + + + + + + + + Name of the user to use when connecting to the EIS. + + User name + + + + + + Password of the user to use when connecting to the EIS. The value can be stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option. + + Password + + + + + + The name of the Kerberos principal name or Kerberos service name to be used. + + Kerberos principal name + + + + + + The file location where Kerberos credentials for the Kerberos principal name or service name will be stored. Also known as the Kerberos credential cache (ccache) + + Kerberos ticket cache + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A set of behaviors and constraints that are applied to tasks that are capable of asynchronous execution, such as maximum concurrency and maximum queue size. + + Concurrency Policy + + + + + + + + + Indicates whether to loosely or strictly enforce maximum concurrency for tasks that run on the task submitter's thread. Tasks can run on the task submitter's thread when using the untimed invokeAll method, or, if only invoking a single task, the untimed invokeAny method. If the run-if-queue-full attribute is configured, it is also possible for tasks to run the task submitter's thread when using the execute and submit methods. In all of these cases, this attribute determines whether or not running on the submitter's thread counts against the maximum concurrency. + + Maximum policy + + + + + + + + + Maximum concurrency is loosely enforced. Tasks are allowed to run on the task submitter's thread without counting against maximum concurrency. + + + + + Maximum concurrency is strictly enforced. Tasks that run on the task submitter's thread count towards maximum concurrency. This policy does not allow tasks to run on the task submitter's thread when already at maximum concurrency. + + + + + + + + + + Specifies the maximum duration of time to wait for enqueuing a task. If unable to enqueue the task within this interval, the task submission is subject to the run-if-queue-full policy. When the maximum wait for enqueue is updated, the update applies only to tasks submitted after that point. Tasks submissions that were already waiting for a queue position continue to wait per the previously configured value. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Maximum wait for enqueue + + + + + + Applies when using the <execute> or <submit> methods. Indicates whether or not to run the task on the submitter's thread when the queue is full and the maximum wait for enqueue was exceeded. If the maximum policy is configured to strict, the ability to run on the submitter's thread is additionally contingent on the maximum concurrency constraint. If the task cannot run on the submitter's thread, the task submission is rejected after the maximum wait for enqueue elapses. + + Run if queue full + + + + + + Specifies the maximum number of tasks that can run simultaneously. The default is Integer.MAX_VALUE. Maximum concurrency can be updated while tasks are in progress. If the maximum concurrency is reduced below the number of concurrently running tasks, the update goes into effect gradually as in-progress tasks complete, rather than canceling them. + + Maximum concurrency + + + + + + + + + + + + + + + Specifies the maximum number of tasks that can be in the queue waiting for execution. As tasks are started, canceled, or aborted, they are removed from the queue. When the queue is at capacity and another task is submitted, the behavior is determined by the maximum wait for enqueue and run-if-queue-full attributes. To ensure that a specific number of tasks can be queued within a short interval of time, use a maximum queue size that is at least as large as that amount. The default maximum queue size is Integer.MAX_VALUE. Maximum queue size can be updated while tasks are both in progress or queued for execution. If the maximum queue size is reduced below the current number of queued tasks, the update goes into effect gradually rather than automatically canceling the excess queued tasks. + + Maximum queue size + + + + + + + + + + + + + + + Specifies the maximum amount of time that may elapse between the task submission and the task start. By default, tasks do not time out. If both a maximum wait for enqueue and a start timeout are enabled, configure the start timeout to be larger than the maximum wait for enqueue. When the start timeout is updated while in use, the new start timeout value applies to tasks submitted after the update occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Start timeout + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Managed executor service + + Managed Executor + + + + + + Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. + + Concurrency Policy + + + + + + Configures how context is propagated to threads + + Thread Context Propagation + + + + + + Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. + + Long Running Policy + + + + + + + Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. + + Concurrency policy + concurrencyPolicy + + + + + + Configures how context is propagated to threads + + Context propagation reference + contextService + + + + + + JNDI name + + JNDI name + jndiName + + + + + + Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. + + Long running policy + concurrencyPolicy + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Managed thread factory + + Managed Thread Factory + + + + + + Configures how context is propagated to threads + + Thread Context Propagation + + + + + + + Configures how context is propagated to threads + + Context propagation reference + contextService + + + + + + Configures whether or not threads created by the managed thread factory should be daemon threads. + + Create daemon threads + + + + + + Default priority for threads created by the managed thread factory. If unspecified, the priority of the creating thread is used. Priority cannot exceed the maximum priority for the managed thread factory, in which case the maximum priority is used instead. + + Default thread priority + + + + + + + + + + + + + + + + JNDI name + + JNDI name + jndiName + + + + + + Maximum priority for threads created by the managed thread factory. + + Maximum thread priority + + + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configures how context is propagated to threads + + Thread Context Propagation + Additional properties for more advanced usage. + + + + + + Specifies a base context service from which to inherit context that is not already defined on this context service. + + Base Context + + + + + + + + + + + Determines the action to take in response to configuration errors. For example, if securityContext is configured for this contextService, but the security feature is not enabled, then onError determines whether to fail, raise a warning, or ignore the parts of the configuration which are incorrect. + + Action to take on error + onError + + + + + + + + + Server will issue warning and error messages when it incurs a configuration error. + + + + + Server will issue a warning or error message on the first error occurrence and then stop the server. + + + + + Server will not issue any warning and error messages when it incurs a configuration error. + + + + + + + + + + Specifies a base context service from which to inherit context that is not already defined on this context service. + + Base instance from which to inherit context + + contextService + + + + + + JNDI name + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Managed scheduled executor service + + Managed Scheduled Executor + + + + + + Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. + + Concurrency Policy + + + + + + Configures how context is propagated to threads + + Thread Context Propagation + + + + + + Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. + + Long Running Policy + + + + + + + Concurrency policy for tasks that are submitted to this executor. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the collection of executors that specify the policy. + + Concurrency policy + concurrencyPolicy + + + + + + Configures how context is propagated to threads + + Context propagation reference + contextService + + + + + + JNDI name + + JNDI name + jndiName + + + + + + Concurrency policy for tasks that specify the LONGRUNNING_HINT execution property with value of 'true'. If multiple executors specify the same concurrency policy, then the policy's constraints are enforced across tasks that are submitted by the whole the collection of executors that specify the policy. If unspecified, the long running concurrency policy defaults to the executor's general concurrency policy. + + Long running policy + concurrencyPolicy + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Controls the operation of constrained delegation. + + Constrained Delegation + + + + + + + + + Indicate by true or false whether s4U2self is enabled. + + Enable s4U2self + + + + + + + Makes the namespace of the application component that submits a contextual task available to the task. + + Java EE Application Component Context + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for a CouchDB Connector. + + CouchDB + + + + + + Specifies a library that contains the CouchDB Client library and its dependencies. + + CouchDB Client Java Driver Library + + + + + + + Specifies a library that contains the CouchDB Client library and its dependencies. + + CouchDB client java driver library reference + library + + + + + + The CouchDB User ID used to log-in and access your DBs. + + CouchDB user id + + + + + + Password corresponding to your Couchdb User ID. + + Password + + + + + + JNDI name for a CouchDB instance. + + Jndi name + jndiName + + + + + + URL for the CouchDB server, which includes the host and port. + + URL + + + + + + Host name for the CouchDB server. + + Host + + + + + + Port number for the CouchDB server. + + Port + + + + + + The maximum number of concurrent connections to the host. + + Maximum connections + + + + + + The timeout to establish a connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Connection timeout + + + + + + The duration to wait for a response. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Socket timeout + + + + + + Enables SSL when connecting to CouchDB. + + Enable SSL + + + + + + Enables relaxed SSL settings which allows the trust manager to accept any host and certificate. + + Relaxed ssl setting + + + + + + Allows loading documents from http client's cache if it exists and the revision has not changed since last access. + + Caching + + + + + + The maximum number of cache entries for the http client. + + Maximum cache entries + + + + + + + + + + + + + + + Sets the maximum size for a stored document. + + Maximum object size in bytes + + + + + + + + + + + + + + + Use Expect Continue header in request when making requests to CouchDB. + + Use expect continue + + + + + + Closes connections automatically when they are considered idle. + + Cleanup idle connections + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configure how to trust the client. + + Transport Layer + + + + + + + + + Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP. + + SSL enabled + + + + + + Specify the SSL configuration needed to establish a secure connection. + + SSL reference + ssl + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify the port and SSL options for an IIOPS socket using the host of the enclosing iiopEndpoint element. + + Secure IIOP Port Options + + + + + + + + + Specify the port to be configured with the SSL options. + + Port to be secured + + + + + + Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Session timeout + + + + + + Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly. If disabled, the message and console logs do not record handshake errors, and the trace log records handshake errors when SSL Channel tracing is on. + + Suppress SSL handshake errors + + + + + + The default SSL configuration repertoire. The default value is defaultSSLConfig. + + Default SSL repertoire + ssl + + + + + + The timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + SSL session timeout + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify the CSIv2 layers like transport, authentication, and attribute. + + Layers + + + + + + Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests. + + Attribute Layer + + + + + + Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests. + + Authentication Layer + + + + + + Configure how to trust the client. + + Transport Layer + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Determine the attribute layer options that are claimed by the server for incoming CSIv2 requests. + + Attribute Layer + + + + + + Specify the supported identity token types for identity assertion. + + Identity assertion token types + + + + + + + + + Assert an ITTAnonymous identity token + + + + + Assert an ITTPrincipalName identity token + + + + + Assert an ITTX509CertChain identity token + + + + + Assert an ITTDistinguishedName identity token + + + + + + + + + + + Indicate by true or false whether identity assertion is enabled. Default is false. + + Identity assertion enabled + + + + + + Specify a pipe (|)-separated list of server identities, which are trusted to perform identity assertion to this server. A value of “*” is also accepted to indicate implicit trust (trust anyone). + + Trusted identities + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Common Secure Interoperability Version 2 (CSIv2) for outgoing Internet Inter-ORB Protocol (IIOP) requests. + + Client CSIv2 + + + + + + Specify the CSIv2 layers like transport, authentication, and attribute. + + Layers + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Determine the attribute layer options to be performed by the client for outgoing CSIv2 requests. + + Attribute Layer + + + + + + Specify the supported identity token types for identity assertion. + + Identity assertion token types + + + + + + + + + Assert an ITTAnonymous identity token + + + + + Assert an ITTPrincipalName identity token + + + + + Assert an ITTX509CertChain identity token + + + + + Assert an ITTDistinguishedName identity token + + + + + + + + + + + Indicate by true or false whether identity assertion is enabled. Default is false. + + Identity assertion enabled + + + + + + The trusted identity used to assert an entity to the remote server. + + Trusted identity + + + + + + Specify the password that is used with the trusted identity. + + Password + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify the CSIv2 layers like transport, authentication, and attribute. + + Layers + + + + + + Determine the attribute layer options to be performed by the client for outgoing CSIv2 requests. + + Attribute Layer + + + + + + Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. + + Authentication Layer + + + + + + Configure how to trust the client. + + Transport Layer + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Common Secure Interoperability Version 2 (CSIv2) for incoming Internet Inter-ORB Protocol (IIOP) requests. + + Server CSIv2 + + + + + + Specify the CSIv2 layers like transport, authentication, and attribute. + + Layers + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Determine the authentication mechanisms and association options that are claimed by the server for incoming CSIv2 requests. + + Authentication Layer + + + + + + Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA + + Authentication mechanisms + + + + + + + Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer. + + Establish trust in client + + + + + + + + + The association option is required + + + + + The association option is supported + + + + + The association option must not be used + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. + + Authentication Layer + + + + + + Specifies authentication mechanisms as a comma separated list. For example: GSSUP, LTPA + + Authentication mechanisms + + + + + + + Specify if this association option is Supported, Required, or Never used for this layer. It indicates authentication requirements at the authentication layer. + + Establish trust in client + + + + + + + + + The association option is required + + + + + The association option is supported + + + + + The association option must not be used + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Common Secure Interoperability Version 2 (CSIv2) for outgoing Internet Inter-ORB Protocol (IIOP) requests. + + Client Container CSIv2 + + + + + + Specify the CSIv2 layers like transport, authentication, and attribute. + + Layers + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configure how to trust the client. + + Transport Layer + + + + + + + + + Indicate by true or false whether SSL is enabled for CSIv2 requests. Default is true and is the recommended value. If this attribute is set to false, sensitive information such as passwords and tokens are sent over unsecured channels when using IIOP. + + SSL enabled + + + + + + Specify the SSL configuration needed to establish a secure connection. + + SSL reference + ssl + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify the CSIv2 layers like transport, authentication, and attribute. + + Layers + + + + + + Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. + + Authentication Layer + + + + + + Configure how to trust the client. + + Transport Layer + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Determine the authentication mechanisms and association options to be performed by the client for outgoing CSIv2 requests. + + Authentication Layer + + + + + + Specifies authentication mechanisms as a comma separated list. For example: GSSUP + + Authentication mechanisms + + + + + + + Specify if this association option is Supported, Required, or Never used for this layer. It indicates the authentication requirements at the authentication layer. + + Establish trust in client + + + + + + + + + The association option is required + + + + + The association option is supported + + + + + The association option must not be used + + + + + + + + + + The user name that is used to login to the remote server. + + User name + + + + + + The user password that is used with the user name. + + User password + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines the properties of an EJB application. + + EJB Application + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start After + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + + + + + + + + Location of an application expressed as an absolute path or a path relative to the server-level apps directory. + + Location + + + + + + Name of an application. + + Name + + + + + + Context root of an application. + + Application context root + + + + + + Indicates whether or not the server automatically starts the application. + + Automatically start + + + + + + Enables use of Jandex index files if they are supplied in the application + + Use Jandex + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start after + application + webApplication + enterpriseApplication + ejbApplication + resourceAdapter + springBootApplication + + + + + + Defines the settings for an application classloader. + + Classloader + classloader + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines the behavior of the EJB timer service. + + EJB Timer Service + + + + + + + Schedules and runs EJB persistent timer tasks. + + EJB Persistent Timers Scheduled Executor + + + + + + The context service is used to manage context propagation to non-persistent timer method threads. + + Non-persistent Timer Thread Context Propagation + + + + + + + + Number of minutes after the scheduled expiration of a timer that the start of the timer will be considered late. When a timer does start late, a warning message will be logged indicating that the timer has started later than scheduled. The default threshold is 5 minutes and a value of 0 minutes turns off the warning message feature. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + Late timer warning threshold + + + + + + When a non-persistent timer expires, the timeout callback method is called. If the transaction for this callback method fails or is rolled back, the container must retry the timer. The first retry attempt occurs immediately, and subsequent retry attempts are delayed by the number of seconds specified. If the value is set to 0, then all retries occur immediately. If you do not specify a value, the default interval is 300 seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Time interval between retries + + + + + + When a non-persistent timer expires, the timeout callback method is called. This setting controls how many times the EJB container attempts to retry the timer. If the transaction for this callback method fails or is rolled back, the EJB container must retry the timer at least once. The default value is -1, which means the EJB container retries infinitely until the timer is successful. If the value is set to 0, the EJB container does not retry the timer, however, this results in behavior that is not compliant with the EJB specification. + + Maximum number of retries + + + + + + + + + + + + + + + Schedules and runs EJB persistent timer tasks. + + EJB persistent timers executor reference + persistentExecutor + + + + + + The context service is used to manage context propagation to non-persistent timer method threads. + + Thread context propagation reference + + contextService + + + + + + Specifies the action to perform when the expiration of an interval or schedule-based persistent timer is missed. One or more expirations of a persistent timer are classified as missed if the current expiration is scheduled before application server start or the next expiration is scheduled before the current time. The default action when failover of persistent timers is enabled is ONCE, otherwise the default action is ALL. + + Missed persistent timer action + + + + + + + + + The timeout method is invoked immediately for all missed expirations. When multiple expirations are missed for the same timer, each invocation occurs synchronously until all missed expirations are processed, then the timer resumes with the next future expiration. + + + + + The timeout method is invoked once immediately. All other missed expirations are skipped and the timer resumes with the next future expiration. + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines the behavior of EJB asynchronous methods. + + EJB Asynchronous Methods + + + + + + The context service used to manage context propagation to asynchronous EJB method threads. + + Asynchronous Method Context Propagation + + + + + + + The maximum number of unclaimed results that the server retains from all remote asynchronous method calls that return a Future object. If the maximum is exceeded, the server purges the result of the method call that completed the longest ago to prevent memory leakage. + + Maximum remote method results + + + + + + + + + + + + + + + The amount of time that the server retains the result for each remote asynchronous method call that returns a Future object. If an application does not claim the result within the specified period of time, the server purges the result of that method call to prevent memory leakage. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Remote method result timeout + + + + + + The context service used to manage context propagation to asynchronous EJB method threads. + + Asynchronous method context propagation reference + contextService + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Logs a record of events, such as the JDBC requests and servlet requests, and their durations. + + Event Logging + + + + + + + + + Controls whether the event logging occurs at the entry to events, at the exit from events, or both. + + Logging mode for events + logMode + + + + + + + + + log at entry + + + + + log at exit + + + + + log at entry and exit + + + + + + + + + + To sample one out of every n requests, set sampleRate to n. To sample all requests, set sampleRate to 1. + + Sampling rate for event logging + + + + + + + + + + + + + + + Exit entries will be logged for events longer than minDuration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Minimum duration of a request to log + + + + + + A list of comma-separated event types that needs to be logged. Use all, to log all event types. + + Event types to log + + + + + + Indicates if the context information details are included in the log output. + + Include context information + + + + + + + Definition of mime types shared by all http virtual hosts + + Default Mime Types + + + + + + Definition of mime type as id=value. Use the extension as the id, and the associated type as the value. + + Mime extension and type + + + + + + + + HTTP Dispatcher configuration. + + HTTP Dispatcher + + + + + + The web server plug-in uses private headers to provide information about the original request. These headers take precedence over the HTTP host header and are used to select a virtual host to service a request. The default value is '*', which trusts incoming private headers from any source. To disable private headers and rely only on the http Host header, specify 'none'. To restrict private header processing to specific trusted sources, specify a comma-separated list of IP addresses and hostnames. This list supports '*' wildcards, with the following restrictions: IP addresses cannot be shortened and must contain a value for each field, for example "127.0.0.*" or "0:0:0:0:0:ffff:*:*", and hostnames must start with "*.", for example "*.ibm.com". The following example shows a valid list that includes wildcards: "localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com". + + Trusted private header origin + + + + + + The web server plug-in uses private headers to provide information about the original request. A subset of these headers is considered sensitive. By default, the value for this property is 'none'. Incoming sensitive private headers are not trusted from any source. To allow sensitive private header processing for specific trusted sources, specify a comma-separated list of IP addresses and hostnames. To trust incoming sensitive private headers from any source, specify '*'. This list supports '*' wildcards, with the following restrictions: IP addresses cannot be shortened and must contain a value for each field, for example "127.0.0.*" or "0:0:0:0:0:ffff:*:*", and hostnames must start with "*.", for example "*.ibm.com". The following example shows a valid list that includes wildcards: "localhost, 127.0.0.1, 192.168.*.*, 0:0:0:0:0:ffff:*:*, *.ibm.com". + + Trusted sensitive private header origin + + + + + + + Enables the default Liberty profile welcome page when no application is bound to a context root of "/". The default value is true. + + Enable welcome page + + + + + + Message to return to the client when the application in the requested URI can not be found. + + Message when application can not be found + + + + + + + HTTP transport encoding settings + + HTTP Transport Encoding + Character set converters + Language encodings + + + + + + + + + Shift_JIS Japanese converter + + Shift_JIS Japanese converter + + + + + + + EUC Japanese converter (EUC-JP) + + EUC Japanese converter + + + + + + + EUC Korean converter (EUC-KR) + + EUC Korean converter (EUC-KR) + + + + + + + EUC Korean converter (EUC_KR) + + EUC Korean converter (EUC_KR) + + + + + + + EUC Chinese (Taiwan) converter (EUC-TW) + + EUC Chinese (Taiwan) converter + + + + + + + Big5 Chinese converter + + Big5 Chinese converter + + + + + + + GB2312 Chinese converter + + GB2312 Chinese converter + + + + + + + ISO-2022 Korean converter (ISO-2022-KR) + + ISO-2022 Korean converter + + + + + + + English language encoding (en) + + English language encoding + + + + + + + French language encoding (fr) + + French language encoding + + + + + + + German language encoding (de) + + German language encoding + + + + + + + Spanish language encoding (es) + + Spanish language encoding + + + + + + + Portuguese language encoding (pt) + + Portuguese language encoding + + + + + + + Danish language encoding (da) + + Danish language encoding + + + + + + + Catalan language encoding (ca) + + Catalan language encoding + + + + + + + Finnish language encoding (fi) + + Finnish language encoding + + + + + + + Italian language encoding (it) + + Italian language encoding + + + + + + + Dutch language encoding (nl) + + Dutch language encoding + + + + + + + Norwegian language encoding (no) + + Norwegian language encoding + + + + + + + Swedish language encoding (sv) + + Swedish language encoding + + + + + + + Icelandic language encoding (is) + + Icelandic language encoding + + + + + + + Basque language encoding (eu) + + Basque language encoding + + + + + + + Czech language encoding (cs) + + Czech language encoding + + + + + + + Croatian language encoding (hr) + + Croatian language encoding + + + + + + + Hungarian language encoding (hu) + + Hungarian language encoding + + + + + + + Lithuanian language encoding (lt) + + Lithuanian language encoding + + + + + + + Polish language encoding (pl) + + Polish language encoding + + + + + + + Serbo-Croatian language encoding (sh) + + Serbo-Croatian language encoding + + + + + + + Slovak language encoding (sk) + + Slovak language encoding + + + + + + + Slovenian language encoding (sl) + + Slovenian language encoding + + + + + + + Albanian language encoding (sq) + + Albanian language encoding + + + + + + + Faroese language encoding (fo) + + Faroese language encoding + + + + + + + Romanian language encoding (ro) + + Romanian language encoding + + + + + + + Maltese language encoding (mt) + + Maltese language encoding + + + + + + + Estonian language encoding (et) + + Estonian language encoding + + + + + + + Latvian language encoding (lv) + + Latvian language encoding + + + + + + + Belarusian language encoding (be) + + Belarusian language encoding + + + + + + + Bulgarian language encoding (bg) + + Bulgarian language encoding + + + + + + + Macedonian language encoding (mk) + + Macedonian language encoding + + + + + + + Russian language encoding (ru) + + Russian language encoding + + + + + + + Serbian language encoding (sr) + + Serbian language encoding + + + + + + + Ukrainian language encoding (uk) + + Ukrainian language encoding + + + + + + + Arabic language encoding (ar) + + Arabic language encoding + + + + + + + Persian language encoding (fa) + + Persian language encoding + + + + + + + Malay language encoding (ms) + + Malay language encoding + + + + + + + Greek language encoding (el) + + Greek language encoding + + + + + + + Hebrew language encoding (iw) + + Hebrew language encoding + + + + + + + Hebrew language encoding (he) + + Hebrew language encoding + + + + + + + Yiddish language encoding (ji) + + Yiddish language encoding + + + + + + + Yiddish language encoding (yi) + + Yiddish language encoding + + + + + + + Turkish language encoding (tr) + + Turkish language encoding + + + + + + + Thai language encoding (th) + + Thai language encoding + + + + + + + Vietnamese language encoding (vi) + + Vietnamese language encoding + + + + + + + Japanese language encoding (ja) + + Japanese language encoding + + + + + + + Korean language encoding (ko) + + Korean language encoding + + + + + + + Chinese language encoding (zh) + + Chinese language encoding (simplified) + + + + + + + Chinese language encoding (zh_TW) + + Chinese language encoding (traditional) + + + + + + + Armenian language encoding (hy) + + Armenian language encoding + + + + + + + Georgian language encoding (ka) + + Georgian language encoding + + + + + + + Hindi language encoding (hi) + + Hindi language encoding + + + + + + + Marathi language encoding (mr) + + Marathi language encoding + + + + + + + Sanskrit language encoding (sa) + + Sanskrit language encoding + + + + + + + Tamil language encoding (ta) + + Tamil language encoding + + + + + + + Bengali language encoding (bn) + + Bengali language encoding + + + + + + + + HTTP access logs contain a record of all inbound HTTP client requests. + + HTTP Access Logging + + + + + + + + + Enables access logging when the accessLogging configuration element is defined. Note: Access logging must be configured for this attribute to take effect. + + Enabled + + + + + + Directory path and name of the access log file. Standard variable substitutions, such as ${server.output.dir}, can be used when specifying the directory path. + + Log file path + accessLogFilePath + + + + + + Specifies the log format that is used when logging client access information. + + Format + + + + + + Maximum size of a log file, in megabytes, before being rolled over; a value of 0 means no limit. + + Maximum log file size + + + + + + + + + + + + + + + Maximum number of log files that will be kept, before the oldest file is removed; a value of 0 means no limit. + + Maximum log files + + + + + + + + + + + + + + + The scheduled time of day for logs to first roll over. The rollover interval duration begins at rollover start time. Valid values follow a 24-hour ISO-8601 datetime format of HH:MM, where 00:00 represents midnight. Padding zeros are required. If rolloverInterval is specified, the default value of rolloverStartTime is 00:00, midnight. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. + + Rollover start time for time based log rollover + + + + + + The time interval in between log rollovers, in minutes if a unit of time is not specified. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 5 hours as 5h. You can include multiple values in a single entry. For example, 1d5h is equivalent to 1 day and 5 hours. If rolloverStartTime is specified, the default value of rolloverInterval is 1 day. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + Rollover interval for time based log rollover + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + An element that is configured within the httpEndpoint element so that the associated HTTP channel evaluates response header configurations. + + Header Options + + + + + + Specifies the header names and values that are added to each HTTP response. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this attribute must not be empty or present in the 'remove', 'set', or 'setIfMissing' header configurations. + + Headers to be added on each response + + + + + + Specifies the header names and values that are set to each HTTP response. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this attribute must not be empty, defined more than once, or present in the 'remove', 'add', or 'setIfEmpty' header configurations. If the header is already present on the response, existing values are overwritten in favor of this configuration. + + Headers to be set on each response + + + + + + Specifies the header names and values that are set to each HTTP response if not already present. Header values are optionally included by using a colon (:) delimiter. Any header name that is defined by using this attribute must not be empty, defined more than once, or present in the 'remove', 'add', or 'set' header configurations. + + Headers to be set if not present on each response + + + + + + Specifies the header names that are removed from each HTTP response. Any header name that is defined by using this attribute must not be empty. No header values are expected. Any header name that is defined by using this attribute must not be present in the 'add', 'set', or 'setIfMissing' header configurations. + + Headers to be removed from each response + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configures port redirection. HTTP Proxy Redirect is used when redirecting HTTP requests from a non-secure port (for example, 80) to an SSL-enabled secured port (for example, 443). + + HTTP Proxy Redirect + + + + + + + + + The (non-secure) port to redirect from. Incoming HTTP requests on this port are redirected to the specified HTTPS port. + + HTTP port + + + + + + + + + + + + + + + + The (secure) port to redirect to. Incoming HTTP requests that use the HTTP port are redirected to this port. + + HTTPS port + + + + + + + + + + + + + + + + This attribute determines whether or not the server should redirect ports that are specified in this configuration element. The default is true. + + Enabled + + + + + + The host name used for this proxy redirect. The server redirects HTTP requests only if the incoming request specifies a host name that matches this value. The default is * (all hosts). + + Host + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + An element that is configured within the httpEndpoint element so that the associated HTTP channel can consider SameSite configurations. + + SameSite Options + + + + + + List of cookie names or patterns for which the SameSite attribute is set to a value of Lax, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'none' nor 'strict' configurations. + + List of samesite lax cookies + + + + + + List of cookie names or patterns for which the SameSite attribute is set to a value of None, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'strict' configurations. Each cookie that is modified to contain a SameSite value of None as a result of this configuration is also set to Secure. + + List of samesite none cookies + + + + + + List of cookie names or patterns for which the SameSite attribute is set to a value of Strict, if not already defined. A single wildcard (*) character is supported as a stand-alone value, or following cookie name prefixes. Any cookie name or pattern that is defined by this list must be unique and not present in the 'lax' nor 'none' configurations. + + List of samesite strict cookies + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + An element that is configured within the httpEndpoint element so that the associated HTTP channel can consider compressing response bodies based on the client's Accept-Encoding header. + + Compression Options + + + + + + To include a content type in addition to the default values, affix the add (+) character as a prefix to that content type. To exclude a content type from compression, affix the remove (-) character as a prefix to that content type. Note: The wildcard (*) character is supported only as a content subtype, such as text/*. + + List of content types for response compression + + + + + + + The configured compression algorithm is used to compress the body of responses when it is specified with a non-zero quality value in the request's Accept-Encoding header. The valid compression algorithms include: deflate, gzip, x-gzip, zlib, and identity. + + Server-preferred algorithm for compression + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for an HTTP endpoint. + + HTTP Endpoint + + + + + + HTTP protocol options for the endpoint. + + HTTP Options + + + + + + Remote IP options for the endpoint. + + Remote IP Options + + + + + + Compression options for the endpoint. + + Compression Options + + + + + + SameSite options for the endpoint. + + SameSite Options + + + + + + Header options for the endpoint. + + Header Options + + + + + + SSL protocol options for the endpoint. + + SSL Options + + + + + + TCP protocol options for the endpoint. + + TCP Options + + + + + + HTTP access logging configuration for the endpoint. + + HTTP Access Logging + + + + + + + Action to take after a failure to start an endpoint. + + On error + onError + + + + + + + + + Server will issue warning and error messages when it incurs a configuration error. + + + + + Server will issue a warning or error message on the first error occurrence and then stop the server. + + + + + Server will not issue any warning and error messages when it incurs a configuration error. + + + + + + + + + + Toggle the availability of an endpoint. When true, this endpoint will be activated by the dispatcher to handle HTTP requests. + + Enabled + + + + + + IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for all available network interfaces. + + Host + defaultHostName + + + + + + The port used for client HTTP requests. Use -1 to disable this port. + + Port + + + + + + + + + + + + + + + + The port used for client HTTP requests secured with SSL (https). Use -1 to disable this port. + + Secure port + + + + + + + + + + + + + + + + When Servlet 4.0 API is enabled as a feature, set this attribute to http/1.1 to disable HTTP/2 processing for the ports that were defined for the httpEndpoint element. When Servlet 3.1 API is enabled as a feature, set this attribute to http/2 to enable HTTP/2 processing for the ports that are defined for the httpEndpoint element. + + Protocol version + + + + + + HTTP protocol options for the endpoint. + + HTTP options reference + httpOptions + + + + + + Remote IP options for the endpoint. + + Remote IP options reference + remoteIp + + + + + + Compression options for the endpoint. + + Compression options reference + compression + + + + + + SameSite options for the endpoint. + + SameSite options reference + samesite + + + + + + Header options for the endpoint. + + Header options reference + headers + + + + + + SSL protocol options for the endpoint. + + SSL options reference + sslOptions + + + + + + TCP protocol options for the endpoint. + + TCP options reference + tcpOptions + + + + + + HTTP access logging configuration for the endpoint. + + HTTP access logging reference + httpAccessLogging + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + HTTP protocol configuration. + + HTTP Options + + + + + + + + + Enables persistent connections (HTTP keepalive). If true, connections are kept alive for reuse by multiple sequential requests and responses. If false, connections are closed after the response is sent. + + Enable persistent connections + + + + + + Maximum number of persistent requests that are allowed on a single HTTP connection if persistent connections are enabled. A value of -1 means unlimited. This option supports low latency or high throughput applications, and SSL connections for use in situations where building up a new connection can be costly. + + Maximum persistent requests per connection + + + + + + + + + + + + + + + Amount of time that a socket will be allowed to remain idle between requests. This setting only applies if persistent connections are enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Persistent connection timeout + + + + + + Amount of time to wait for a read request to complete on a socket after the first read occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Read timeout + + + + + + Amount of time to wait on a socket for each portion of the response data to be transmitted. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Write timeout + + + + + + Removes server implementation information from HTTP headers. + + Remove server header + + + + + + Allows the user to control whether or not the presence of a Set-Cookie header should update the Cache-Control header with a matching no-cache value. This also adds the Expires header. + + No cache cookies control + + + + + + Specifies whether the HTTP Channel automatically decompresses incoming request body data. + + Auto decompression + + + + + + Limits the number of HTTP headers that can exist in an incoming message. When this limit is exceeded, an error is returned to the remote client. + + Limit number of headers + + + + + + + + + + + + + + + + Enforces the size limits on various HTTP fields, such as request URLs, or individual header names or values. Enforcing the size limits of these fields guards against possible Denial of Service attacks. An error is returned to the remote client, if a field exceeds the allowed size. + + Limit header field size + + + + + + + + + + + + + + + + Prevents the HTTP Channel from sending multiple Set-Cookie headers with the same name. + + Do not allow duplicate set cookies + + + + + + Limits the acceptable size of an incoming message. If a message arrives with a size larger than this value, then an error is returned to the remote client. + + Message size limit + + + + + + Specifies the size of each buffer used when reading the body of an incoming HTTP message. + + Incoming body buffer size + + + + + + + + + + + + + + + + Specifies whether the HTTP channel creates an I/O exception when an inbound connection is closed while still in use by the servlet. The default value is set according to the configured servlet feature. Prior to Servlet 4.0, the default value is false; starting with Servlet 4.0, the default value is true. + + Throw I/O exception for inbound connections + + + + + + Specifies the maximum ratio of decompressed to compressed request body payload. The HTTP channel reads the request body and verifies the ratio as the body decompresses. The channel stops decompression of the request body if the decompression ratio remains above the configured value and the decompressionTolerance is reached. + + Decompression ratio limit + + + + + + + + + + + + + + + Specifies the maximum number of times the HTTP channel tolerates a decompression ratio above the configured ratio, depicted by the decompressionRatioLimit httpOption attribute. If this number reaches, and the next decompression cycle still contains a decompression ratio above the ratio limit, then the HTTP channel stops decompressing the request body. + + Decompression tolerance + + + + + + + + + + + + + + + Specifies the amount of time, in seconds, that an HTTP/2 connection will be allowed to remain idle between socket IO operations. If not specified, or set to a value of 0, there is no connection timeout set. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + HTTP/2 connection idle timeout + + + + + + Specifies the maximum number of streams that an HTTP/2 connection can have active at any given point. Opening streams over the limit, will result on a REFUSED_STREAM (0x7). If not specified, the default value of concurrent streams will be set to 200. + + Max concurrent streams + + + + + + Specifies the maximum allowed size of a frame payload the server will advertise in the SETTINGS_MAX_FRAME_SIZE HTTP/2 settings frame. This can be configured to any size within the range of 16,384 to 16,777,215 bytes, inclusive. If not specified, the default is set to 57,344 bytes. + + Max frame size + + + + + + + + + + + + + + + + Specifies the initial window size in octets for HTTP/2 stream-level flow control. This value can be configured to any size within the range of 1 to 2,147,483,647 octets, inclusive. If no value is specified, the default value is 65,535 octets. + + Stream-level initial window size + + + + + + + + + + + + + + + + Specifies the window size in octets for HTTP/2 connection-level flow control. This value can be configured to any size within the range of 65,535 to 2,147,483,647 octets, inclusive. If no value is specified, the default value is 65,535 octets. + + Connection-level window size + + + + + + + + + + + + + + + + Specifies whether the server waits until half of the HTTP/2 connection-level and stream-level windows are exhausted before it sends WINDOW_UPDATE frames. Valid values are true or false. If no value is specified, the default value is false. + + Limit window_update frames + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + An element configured within the httpEndpoint element so that the associated HTTP channel is enabled to consider X-Forwarded-* or Forwarded request headers. + + Remote IP Options + + + + + + + + + A regular expression that defines trusted proxies. + + Proxies regex + + + + + + If this property is set to true and the remote client information was verified by the HTTP Channel, the NCSA access log reflects the Forwarded or X-Forwarded-* headers. These headers are reflected when one or more of the following items are recorded: the remote client IP, the host, or the request protocol. + + Use remote IP in access log + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A virtual host provides a logical grouping for configuring web applications to a particular host name. The default virtual host (default_host) is suitable for most simple configurations. + + Virtual Host + + + + + + Associate a host and port with this virtual host, using the host:port syntax. The specified host can be an IP address, domain name server (DNS) hostname with a domain name suffix, the DNS hostname, or * for a wildcard match on all hostnames. Note that IPv6 addresses must be enclosed in []. + + Virtual host alias + + + + + + Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints. + + Allow From Endpoints + + + + + + + Enable this virtual host. + + Enabled + + + + + + Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints. + + Allow from endpoints + httpEndpoint + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for a server or client ORB. Specify either the nameService attribute for a client ORB or one or more iiopEndpoint references for a server ORB. + + Object Request Broker (ORB) + + + + + + Optional IIOP Endpoint describing the ports open for this ORB + + IIOP Endpoint + + + + + + + + + + Optional URL for the remote name service, for example corbaname::localhost:2809 + + Naming context location for a client ORB + + + + + + ORB SSL initialization timeout specified in seconds + + Timeout that governs ORB SSL initialization + + + + + + Optional IIOP Endpoint describing the ports open for this ORB + + IIOP endpoint reference for a server ORB + iiopEndpoint + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for IIOP server policies + + IIOP Server Policies + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + IIOP Endpoint configuration + + IIOP Endpoint + + + + + + TCP protocol options for the IIOP endpoint + + TCP Options + + + + + + Specification of a secured server socket opened by this IIOP endpoint + + IIOPS Port And Options + + + + + + + IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name + + Host + defaultHostName + + + + + + Port for the unsecured server socket opened by this IIOP endpoint + + IIOP port + + + + + + TCP protocol options for the IIOP endpoint + + TCP options reference + tcpOptions + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties to be applied to JAX-RS WebTargets that match the specified URI when they are constructed. A property specified programmatically after object construction takes precedence over a property declared in xml. + + JAX-RS Client Properties + + + + + + + + + The URI specified in application code. If the URI matches the URI in code, the properties are applied to that WebTarget. If the URI ends with *, then its properties are applied to any WebTarget having a URI that begins with the specified URI. If more than one URI ending with * matches a WebTarget URI, all are applied in sorted order of URI. + + URI + + + + + + The amount of time to wait in milliseconds for a connection to be made. This is equivalent to the com.ibm.ws.jaxrs.client.timeout programmatic property. + + Connection timeout + + + + + + The amount of time to wait in milliseconds for a response after a connection is established. This is equivalent to the com.ibm.ws.jaxrs.client.receive.timeout programmatic property. + + Receive timeout + + + + + + The host name of the proxy server. This is equivalent to the com.ibm.ws.jaxrs.client.proxy.host programmatic property. + + Proxy host + + + + + + The port of the proxy server. This is equivalent to the com.ibm.ws.jaxrs.client.proxy.port programmatic property . + + Proxy port + + + + + + The port of the proxy server. This is equivalent to the com.ibm.ws.jaxrs.client.proxy.port programmatic property . + + Proxy type + + + + + + Disables the Common Name Check. Valid values are true or false. This is equivalent to the com.ibm.ws.jaxrs.client.disableCNCheck programmatic property . + + Disable common name check + + + + + + The type of authorization token to use. This must be ltpa, saml, or oauth. This is equivalent to specifying one of the com.ibm.ws.jaxrs.client.ltpa.handler, com.ibm.ws.jaxrs.client.saml.sendToken, or com.ibm.ws.jaxrs.client.oauth.sendToken programmatic properties. + + Type of authorization token to use + + + + + + An id of an ssl reference found in server.xml. That ssl configuration specified by that reference is used. + + The id of an ssl reference in server.xml + + + + + + Any other variables can also be specified and will be passed to the WebTarget intact. + + Any other variables + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies configuration for a resource adapter that is embedded in an application. + + + Resource Adapter + + + + + + Configures how context is captured and propagated to threads. + + Thread Context Propagation + + + + + + + + + Overrides the default identifier for the resource adapter. The identifier is used in the name of the resource adapter's configuration properties element, which in turn is used in determining the name of configuration properties elements for any resources provided by the resource adapter. The resource adapter's configuration properties element name has the format, properties.<APP_NAME>.<ALIAS>, where <APP_NAME> is the name of the application and <ALIAS> is the configured alias. If unspecified, the alias defaults to the module name of the resource adapter. + + Alias + + + + + + Identifies the name of the embedded resource adapter module to which this configuration applies. + + Module name + + + + + + Configures whether a resource adapter starts automatically upon deployment of the resource adapter or lazily upon injection or lookup of a resource. + + Automatically start + + + + + + Configures how context is captured and propagated to threads. + + Thread context propagation reference + contextService + + + + + + + + + + + + Defines a resource adapter installation. + + + Resource Adapter + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + + + + + + + Defines the path of the RAR file to install. + + RAR file path + + + + + + Configures whether a resource adapter starts automatically upon deployment of the resource adapter or lazily upon injection or lookup of a resource. + + Automatically start + + + + + + Enables use of Jandex index files if they are supplied in the application + + Use Jandex + + + + + + Defines the settings for an application classloader. + + Classloader + classloader + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines an administered object configuration. + + + Administered Object + + + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines an activation specification configuration. + + + Activation Specification + + + + + + Default authentication data for an activation specification. + + Authentication Data + + + + + + + + Default authentication data for an activation specification. + + Authentication data reference + authData + + + + + + The maximum number of endpoints to dispatch to. + + Maximum endpoints + + + + + + + + + + + + + + + Configures whether the message endpoints associated with this activation specification start automatically or need to be manually started using the resume command. + + Automatically start + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Customizes the configuration properties element for the activation specification, administered object, or connection factory with the specified interface and/or implementation class. + + Properties Customization + + + + + + + + + Fully qualified implementation class name for which the configuration properties element should be customized. + + Implementation class name + + + + + + Fully qualified interface class name for which the configuration properties element should be customized. + + Interface class name + + + + + + Overrides the default suffix for the configuration properties element. For example, "CustomConnectionFactory" in properties.rarModule1.CustomConnectionFactory. The suffix is useful to disambiguate when multiple types of connection factories, administered objects, or endpoint activations are provided by a resource adapter. If a configuration properties element customization omits the suffix or leaves it blank, no suffix is used. + + Suffix + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a connection factory configuration. + + + Connection Factory + + + + + + Connection manager for a connection factory. + + Connection Manager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container Managed Authentication Data + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS Login Context Entry + + + + + + Authentication data for transaction recovery. + + Recovery Authentication Data + + + + + + + + Connection manager for a connection factory. + + Connection manager reference + connectionManager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container managed authentication data reference + authData + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS login context entry reference + jaasLoginContextEntry + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + Authentication data for transaction recovery. + + Recovery authentication data reference + authData + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Customizes the configuration properties element for the activation specification, administered object, or connection factory with the specified interface and/or implementation class. + + Properties Customization + + + + + + + + + Fully qualified implementation class name for which the configuration properties element should be customized. + + Implementation class name + + + + + + Fully qualified interface class name for which the configuration properties element should be customized. + + Interface class name + + + + + + Overrides the default suffix for the configuration properties element. For example, "CustomConnectionFactory" in properties.rarModule1.CustomConnectionFactory. The suffix is useful to disambiguate when multiple types of connection factories, administered objects, or endpoint activations are provided by a resource adapter. If a configuration properties element customization omits the suffix or leaves it blank, no suffix is used. + + Suffix + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS activation specification configuration. + + JMS Activation Specification + + + + + + Default authentication data for an activation specification. + + Authentication Data + + + + + + + + + Default authentication data for an activation specification. + + Authentication data reference + authData + + + + + + The maximum number of endpoints to dispatch to. + + Maximum endpoints + + + + + + + + + + + + + + + Configures whether the message endpoints associated with this activation specification start automatically or need to be manually started using the resume command. + + Automatically start + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS topic connection factory configuration. + + JMS Topic Connection Factory + + + + + + Connection manager for a connection factory. + + Connection Manager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container Managed Authentication Data + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS Login Context Entry + + + + + + Authentication data for transaction recovery. + + Recovery Authentication Data + + + + + + + + + Connection manager for a connection factory. + + Connection manager reference + connectionManager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container managed authentication data reference + authData + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS login context entry reference + jaasLoginContextEntry + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + Authentication data for transaction recovery. + + Recovery authentication data reference + authData + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS queue configuration. + + JMS Queue + + + + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS queue connection factory configuration. + + JMS Queue Connection Factory + + + + + + Connection manager for a connection factory. + + Connection Manager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container Managed Authentication Data + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS Login Context Entry + + + + + + Authentication data for transaction recovery. + + Recovery Authentication Data + + + + + + + + + Connection manager for a connection factory. + + Connection manager reference + connectionManager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container managed authentication data reference + authData + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS login context entry reference + jaasLoginContextEntry + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + Authentication data for transaction recovery. + + Recovery authentication data reference + authData + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS topic configuration. + + JMS Topic + + + + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS destination configuration. + + JMS Destination + + + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a JMS connection factory configuration. + + JMS Connection Factory + + + + + + Connection manager for a connection factory. + + Connection Manager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container Managed Authentication Data + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS Login Context Entry + + + + + + Authentication data for transaction recovery. + + Recovery Authentication Data + + + + + + + + + Connection manager for a connection factory. + + Connection manager reference + connectionManager + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. + + Container managed authentication data reference + authData + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS login context entry reference + jaasLoginContextEntry + + + + + + JNDI name for a resource. + + JNDI name + jndiName + + + + + + Authentication data for transaction recovery. + + Recovery authentication data reference + authData + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for a Mail Session Instance. + + Mail Session Object + + + + + + + + The ID of the specific Mail Session Instance + + Mail session ID + + + + + + Name of the Mail Session reference that is used for JNDI look-up + + The JNDI look up name + jndiName + + + + + + Description of the Mail Session + + Description of the mailSession + + + + + + The Store Protocol used by the Mail Session instance. The default store protocol is IMAP + + The store protocol for javax.mail.Session + + + + + + The Transport Protocol used by the Mail Session instance. The default transport protocol is SMTP + + The transport protocol for javax.mail.Session + + + + + + The host of the Mail Session + + The mail server's host address + + + + + + The User's e-mail address used on the Host. + + The user account + + + + + + The User's password, usually needed in order to connect to the host. + + The user's password + + + + + + The E-Mail address used to send mail with the Mail Session instance. + + The from address + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Any additional properties that need to be added to the config + + Nested Property + + + + + + + + + The name of the extra property + + The name of the additional property + + + + + + The value of the property that matches the name + + The value of the addtional property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration of permissions for Java 2 Security. + + Java 2 Security + + + + + + + + + The name of the class implementing the permission being granted. For example, java.io.FilePermission. + + Permission class + + + + + + The codebase that is being granted the permission. + + Codebase + + + + + + The class name that would be matched for the given Principal Name. + + Principal class + + + + + + The principal to whom the permission is being granted. + + Principal name + + + + + + The target for which the permission applies to. For example, ALL FILES in the case of a java.io.FilePermission. + + Target name + + + + + + The actions that the permission grant allows on the target name. For example, read in the case of a java.io.FilePermission. + + Actions + + + + + + Declares whether the permission is being restricted versus granted. If restriction is set to "true" then this permission is denied as opposed to being granted. + + Restriction + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies binding properties for a web application. + + Web Application Bindings + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + Specifies the virtual host that is used for the web application. + + Virtual Host + + + + + + + The module name specifies the individual module that the binding or extension configuration applies to. + + Module name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A logical name used to locate a message destination. + + Message Destination + + + + + + + + + The name of the message destination. + + Name + + + + + + The binding name of the message destination. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines an environment entry. + + Environment Entry + + + + + + + + + The name of the environment entry. + + Name + + + + + + The value of the environment entry. + + Value + + + + + + The binding name for the environment entry. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Cache settings for an EJB. + + Bean Cache + + + + + + + + + Specifies the point at which an EJB is placed in the cache. + + Activation policy + + + + + + + + + TRANSACTION + + + + + ONCE + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies properties for the JCA adapter. A message driven bean must have a JCA adapter defined. + + JCA Adapter + + + + + + + + + Specifies the binding name for an activation specification. + + Activation specification binding name + + + + + + Specifies the authentication alias for an activation specification. + + Activation specification authentication alias + + + + + + Specifies the destination binding name for a JCA adapter. + + Destination binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines properties that apply to application bindings. + + Application Bindings + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + A role that is mapped to users and groups in a domain user registry. + + Security Role + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + An authentication alias for a resource reference. + + Authentication Alias + + + + + + The authentication alias name. + + Name + + + + + + + The authentication alias name. + + Name + authData + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Used to declare additional settings on a Java EE resource reference. + + Resource Reference + + + + + + The authentication alias for the resource reference. + + Authentication Alias + + + + + + Specifies custom login configuration properties. + + Custom Login + + + + + + + The name for the resource reference. + + Name + + + + + + The binding name for the resource reference. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a mime filter for a web application. + + Mime Filter + + + + + + + + + The target for the mime filter. + + Target + + + + + + The type for the mime filter. + + Mime type + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A role that is mapped to users and groups in a domain user registry. + + Security Role + + + + + + The user for a security role. + + User + + + + + + The group for a security role. + + Group + + + + + + Name of a special subject possessing a security role. + + Special Subject + + + + + + ID and password of a user that is required to access a bean from another bean. + + Run As + + + + + + + The name for a security role. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The user for the security role. + + User + + + + + + + + + The name for the subject. + + Name + + + + + + The access ID for a subject. + + Access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Reference bindings in an application client. + + Client Reference Bindings + + + + + + EJB References in an application client. + + Client EJB References + + + + + + Resource references in an application client. + + Client Resource References + + + + + + Specifies the binding for a resource environment reference. + + Client Resource Environment References + + + + + + Message destination reference in an application client. + + Client Message Destination References + + + + + + Defines a data source for an application client. + + Client Data Sources + + + + + + Defines an environment entry for an application client. + + Client Environment Entries + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a custom login configuration for a resource reference. + + Custom Login + + + + + + Defines a property for a custom login configuration. + + Properties + + + + + + + A name for the custom login configuration. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies properties for message driven beans. + + Message Driven Bean + + + + + + Cache settings for an EJB. + + Bean Cache + + + + + + Specifies local transactions for this enterprise bean. + + Local Transactions + + + + + + Specifies global transactions for this enterprise bean. + + Global Transactions + + + + + + Specifies resource references for this enterprise bean. + + Resource References + + + + + + Controls whether the bean starts at application start. + + Start At Application Start + + + + + + + The name for the enterprise bean. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines properties for a managed bean. + + Managed Bean + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + + Specifies the class name for a managed bean. + + Class + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Attributes consisting of a name value pair. + + Attributes + + + + + + + + + The attribute name. + + Name + + + + + + The attribute value. + + Value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines properties for reference bindings. + + Reference Bindings + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the bindings for a managed bean. + + Managed Bean Bindings + + + + + + Defines interceptors for the managed bean binding. + + Interceptors + + + + + + Specifies the managed bean for this binding. + + Managed Beans + + + + + + + The module name specifies the individual module that the binding or extension configuration applies to. + + Module name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a local transaction for a servlet or an EJB application. + + Location Transaction + + + + + + + + + Defines a resolver for the local transaction. The value can be either APPLICATION or CONTAINER_AT_BOUNDARY. + + Resolver + + + + + + + + + CONTAINER_AT_BOUNDARY + + + + + APPLICATION + + + + + + + + + + Defines the behavor for unresolved actions. The value can be either ROLLBACK or COMMIT. + + Unresolved action + + + + + + + + + COMMIT + + + + + ROLLBACK + + + + + + + + + + Defines whether the local transaction is shareable. + + Shareable + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Properties for a session bean in an EJB application. + + Session + + + + + + Cache settings for an EJB. + + Bean Cache + + + + + + Specifies local transactions for this enterprise bean. + + Local Transactions + + + + + + Specifies global transactions for this enterprise bean. + + Global Transactions + + + + + + Specifies resource references for this enterprise bean. + + Resource References + + + + + + Controls whether the bean starts at application start. + + Start At Application Start + + + + + + Specifies a time out value for the session bean. + + Time Out + + + + + + + The name for the enterprise bean. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Extension properties for EJB applications. + + EJB Jar Extensions + + + + + + Extension properties for session beans. + + Session Bean Extensions + + + + + + Extension properties for message driven beans. + + Message Driven Bean Extensions + + + + + + + The module name specifies the individual module that the binding or extension configuration applies to. + + Module name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Used to declare additional settings on a Java EE resource reference. + + Resource Reference + + + + + + + + + The name for the resource reference. + + Name + + + + + + Defines the transaction isolation level. + + Isolation level + + + + + + + + + TRANSACTION_READ_COMMITTED + + + + + TRANSACTION_SERIALIZABLE + + + + + TRANSACTION_REPEATABLE_READ + + + + + TRANSACTION_READ_UNCOMMITTED + + + + + TRANSACTION_NONE + + + + + + + + + + Defines the commit priority for the resource reference. + + Commit priority + + + + + + Specifies whether loose or tight coupling is used. + + Branch coupling + + + + + + + + + LOOSE + + + + + TIGHT + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a custom login configuration property. + + Property + + + + + + + + + The name of the property. + + Name + + + + + + The value of the property. + + Value + + + + + + A description of the property. + + Description + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines properties for a resource environment reference. + + Resource Environment Reference + + + + + + + + + The name for the resource environment reference. + + Name + + + + + + The binding name for the resource environment reference. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies properties for message driven beans. + + Message Driven Bean + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + Defines a JCA adapter for a message driven bean. + + JCA Adapter + + + + + + + The name for the enterprise bean. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Group that has the security role. + + Group + + + + + + + + + The name for the subject. + + Name + + + + + + The access ID for a subject. + + Access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Special subject that has the security role. + + Special Subject + + + + + + + + + One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. + + Type + + + + + + + + + ALL_AUTHENTICATED_USERS + + + + + EVERYONE + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies a session bean time out value. + + Time Out + + + + + + + + + The value for the time out. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the virtual host used by this web application. The virtual host must be defined in the configuration. + + Virtual Host + + + + + + + + + The name for the virtual host + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A logical name used to locate the home interface of an enterprise bean. + + EJB References + + + + + + + + + The name for the EJB reference. + + Name + + + + + + The binding name for the EJB reference. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The EJB binding descriptor defines binding information for an EJB module. + + EJB Jar Bindings + + + + + + Binding properties for session beans. + + Session Bean Bindings + + + + + + Binding properties for message driven beans. + + Message Driven Bean Bindings + + + + + + Binding properties for interceptors. + + Interceptor Bindings + + + + + + Binding properties for message destinations. + + Message Destination Bindings + + + + + + + The module name specifies the individual module that the binding or extension configuration applies to. + + Module name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A description of an enterprise bean in an EJB application. + + Enterprise Bean + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + + The name for the enterprise bean. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies properties for a global transaction. + + Global Transaction + + + + + + + + + Determines whether to send the web services atomic transaction on outgoing requests. + + Send WSAT context + + + + + + Specifies the timeout for the global transaction. + + Transaction timeout + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A logical name used to locate a message destination. + + Message Destination Reference + + + + + + + + + The name for the message destination reference. + + Name + + + + + + The binding name for the message destination reference. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Used to specify the method name, method signature, or method types to which a given setting might apply. + + Method + + + + + + + + + Specifies the name for the method. + + Name + + + + + + Specifies parameters for the method. + + Parameters + + + + + + Specifies the type of the method. + + Type + + + + + + + + + LOCAL_HOME + + + + + REMOTE + + + + + UNSPECIFIED + + + + + SERVICE_ENDPOINT + + + + + LOCAL + + + + + HOME + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines properties to extend applications. + + Application Extensions + + + + + + + + + Indicates whether the session context is shared between modules. + + Shared session context + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A description of an enterprise bean in an EJB application. + + Enterprise Bean + + + + + + Cache settings for an EJB. + + Bean Cache + + + + + + Specifies local transactions for this enterprise bean. + + Local Transactions + + + + + + Specifies global transactions for this enterprise bean. + + Global Transactions + + + + + + Specifies resource references for this enterprise bean. + + Resource References + + + + + + Controls whether the bean starts at application start. + + Start At Application Start + + + + + + + The name for the enterprise bean. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies a session interface. + + Interface + + + + + + + + + Specifies a binding name for an interface. + + Interface binding name + + + + + + The class name for the interface. + + Class name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Properties for a user or group. + + Subject + + + + + + + + + The name for the subject. + + Name + + + + + + The access ID for a subject. + + Access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines properties that apply to application clients. + + Application Clients + + + + + + EJB References in an application client. + + Client EJB References + + + + + + Resource references in an application client. + + Client Resource References + + + + + + Specifies the binding for a resource environment reference. + + Client Resource Environment References + + + + + + Message destination reference in an application client. + + Client Message Destination References + + + + + + Defines a data source for an application client. + + Client Data Sources + + + + + + Defines an environment entry for an application client. + + Client Environment Entries + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The definition of a data source. + + Data Sources + + + + + + + + + The data source name. + + Name + + + + + + The data source binding name. + + Binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Used to inform the EJB container that the specified EJB type can be initialized at the time the application is first started, rather than the time the EJB type is first used by the application. + + Start At Application Start + + + + + + + + + The value of the start at application start property. + + Value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The name for the interceptor. + + Name + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + + The class name for the interceptor. + + Class name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Extension properties for web applications. + + Web Application Extensions + + + + + + Specifies whether the web application allows files to be served. + + File Serving Properties + + + + + + Specifies attributes for an invoker. + + Invoker Properties + + + + + + Specifies attributes that affect JSP behavior. + + JSP Properties + + + + + + Properties for a MIME filter. + + Mime Filters + + + + + + Properties for a resource reference. + + Resource References + + + + + + + The module name specifies the individual module that the binding or extension configuration applies to. + + Module name + + + + + + Specifies a page to be used as the default error page for a web application. + + Default error page URI + + + + + + Defines the context root for a web application. + + Context root + + + + + + Determines whether filters are loaded automatially. + + Auto load filters + + + + + + Determines whether requests are automatically encoded. + + Auto encode requests + + + + + + Determines whether responses are automatically encoded. + + Auto encode responses + + + + + + Specifies whether directory browsing is enabled for this web application. + + Enable directory browsing + + + + + + Specifies whether file serving is enabled for this web application. + + Enable file serving + + + + + + Specifies whether JSP pages are compiled when the web application starts. + + Pre-compile JSPs + + + + + + Enables serving servlets by classname. + + Enable serving servlets by class names + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + ID and password of a user required to access a bean from another bean. + + Run As + + + + + + + + + ID of a user required to access a bean from another bean. + + User ID + + + + + + Password of a user required to access a bean from another bean. The value can be stored in clear text or encoded form. To encode the password, use the securityUtility tool with the encode option. + + Password + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Properties for a session bean in an EJB application. + + Session + + + + + + Specifies the binding for an EJB Reference. + + EJB References + + + + + + Specifies the binding for a resource reference. + + Resource References + + + + + + Specifies the binding for a resource environment reference. + + Resource Environment References + + + + + + Specifies the binding for a message destination reference. + + Message Destinations + + + + + + Specifies the binding for a data source. + + Data Sources + + + + + + Specifies the binding for an environment entry. + + Environment Entries + + + + + + Specifies a session interface. + + Interface + + + + + + + The name for the enterprise bean. + + Name + + + + + + Specifies the simple binding name for a session bean. + + Simple binding name + + + + + + The component ID for a session bean. + + Component ID + + + + + + The remote home binding name for a session bean. + + Remote home binding name + + + + + + The local home binding name for a session bean. + + Local home binding name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A port element defines port configurations associated with a web services reference. + + Port + + + + + + The properties element is used to define the properties for a web services endpoint or client. The attributes can have any name and any value. + + Properties + + + + + + + The port name is used to specify the name of the web services port. + + Name + + + + + + The namespace attribute is used to specify the namespace of the web services port. The binding is applied to the port that has the same name and namespace. Otherwise, the binding is applied to the port that has the same name. + + Namespace + + + + + + The address attribute is used to specify the address for the web services port and override the value of port-address attribute that is defined in the service-ref element. + + Address + + + + + + The user name attribute is used to specify the user name for basic authentication. + + User name + + + + + + The password attribute is used to specify the password for basic authentication. The password can be encoded. + + Password + + + + + + The SSL reference attribute refers to an ssl element defined in the server.xml file. If the attribute is not specified but the server supports transport level security the service client uses the default SSL configuration. + + SSL reference + + + + + + The key alias attribute is used to specify the alias of a client certificate. If the attribute is not specified and the web service provider supports the client certificate then the first certificate in the keystore is used as the value of this attribute. The attribute can also override the clientKeyAlias attribute that is defined in the ssl element of the server.xml file. + + Key alias + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Security constraint attributes are used to associate security constraints with one or more web resource collections. Security constraints only work as complementary configuration to the deployment descriptors or annotations in web applications. + + Security Constraint + + + + + + The web resource collection element is used to identify resources for a security constraint. + + Web Resource Collection + + + + + + The authorization constraint element is used to specify the user roles that should be permitted access a resource collection. + + Authorization Constraint + + + + + + The user data constraint element is used to define how data communicated between the client and a container should be protected. + + User Data Constraint + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The web service security element is used to configure role-based authorization for POJO web services and EJB-based web services. + + Web Service Security + + + + + + Security constraint attributes are used to associate security constraints with one or more web resource collections. Security constraints only work as complementary configuration to the deployment descriptors or annotations in web applications. + + Security Constraint + + + + + + A login configuration attribute is used to configure the authentication method and realm name, and takes effect only for the EJB-based web services in a JAR file. If the same attribute is specified in the deployment descriptor file, the value from the deployment descriptor is used. + + Login + + + + + + A security role attribute contains the definition of a security role. It only works as complementary configuration to the deployment descriptors or annotations in web applications. + + Security Role + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A security role attribute contains the definition of a security role. It only works as complementary configuration to the deployment descriptors or annotations in web applications. + + Security Role + + + + + + + + + The role name for an authorization constraint should correspond with the role name of a security role defined in the deployment descriptor. + + Role name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Web service endpoint properties are used to define the default properties for all the web services endpoints in the same module. + + Web Service Endpoint Properties + + + + + + + + + + [extraProperties.com.ibm.ws.javaee.ddmodel.wsbnd.WebserviceEndpointProperties.description, extraProperties.description] + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The properties element is used to define the properties for a web services endpoint or client. The attributes can have any name and any value. + + Properties + + + + + + + + + + Additional properties for a web services endpoint or client + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The user data constraint element is used to define how data communicated between the client and a container should be protected. + + User Data Constraint + + + + + + + + + The transport guarantee specifies how communication between the client and should take place. If the value is INTEGRAL, the application requires that the data should not change in transit. If the value is CONFIDENTIAL, data should be confidential in transit. The value of NONE indicates that there is not transport guarantee. + + Transport guarantee + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A login configuration attribute is used to configure the authentication method and realm name, and takes effect only for the EJB-based web services in a JAR file. If the same attribute is specified in the deployment descriptor file, the value from the deployment descriptor is used. + + Login + + + + + + The form login configuration element specifies the login and error pages that should be used in form based login. If form based authentication is not used, these elements are ignored. + + Form Login + + + + + + + The authorization method is used to configure the authentication mechanism for a web application. + + Authorization method + + + + + + The realm name element specifies the realm name to use in HTTP Basic authorization + + Realm name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + HTTP publishing is used to specify the publishing configurations when using HTTP protocol for all the web services endpoints. + + HTTP Publishing + + + + + + The web service security element is used to configure role-based authorization for POJO web services and EJB-based web services. + + Web Service Security + + + + + + + The context root attribute is used to specify the context root of the EJB module in an EJB-based JAX-WS application. + + Context root + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The authorization constraint element is used to specify the user roles that should be permitted access a resource collection. + + Authorization Constraint + + + + + + The role name for an authorization constraint should correspond with the role name of a security role defined in the deployment descriptor. + + Role name + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The form login configuration element specifies the login and error pages that should be used in form based login. If form based authentication is not used, these elements are ignored. + + Form Login + + + + + + + + + The form login page element defines the location in the web app where the page that can be used for login can be found. The path begins with a leading / and is interpreted relative to the root of the WAR. + + Form login page + + + + + + The form-error-page element defines the location in the web app where the error page that is displayed when login is not successful can be found. The path begins with a leading / and is interpreted relative to the root of the WAR. + + Form error page + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The web resource collection element is used to identify resources for a security constraint. + + Web Resource Collection + + + + + + A URL pattern is used to identify a set of resources in a web resource collection. + + URL pattern + + + + + + Specifies the HTTP method to which a security constraint applies + + HTTP method + + + + + + Specifies an HTTP method to which a security constraint should not apply + + HTTP method omission + + + + + + + The name of a web resource collection + + Web resource name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Web service bindings are used to customize web services endpoints and configure security settings for both web services providers and web service clients. + + Web Service Bindings + + + + + + A web service endpoint is used to specify the binding for a specified service instance. + + Web Service Endpoint + + + + + + Web service endpoint properties are used to define the default properties for all the web services endpoints in the same module. + + Web Service Endpoint Properties + + + + + + HTTP publishing is used to specify the publishing configurations when using HTTP protocol for all the web services endpoints. + + HTTP Publishing + + + + + + The service reference element is used to define the web services reference configurations for a web services client. + + Service Reference + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A web service endpoint is used to specify the binding for a specified service instance. + + Web Service Endpoint + + + + + + + + + The port component name is used to specify the name of a port component. + + Port component + + + + + + Address is used to specify the overridden address of a service endpoint. + + Address + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The service reference element is used to define the web services reference configurations for a web services client. + + Service Reference + + + + + + The port element is used to define port configurations that are associated with the web services reference. + + Port + + + + + + The properties element is used to define the properties for a web services endpoint or client. The attributes can have any name and any value. + + Properties + + + + + + + The port address attribute is used to specify the address of the web services port if the referenced web services has only one port. + + Port address + + + + + + The name attribute is used to specify the name of a web services reference. + + Name + + + + + + The component name attribute is used to specify the EJB bean name if the service reference is used in an EJB module. + + Component name + + + + + + The WSDL location attribute is used to specify the URL of a WSDL location to be overridden. + + WSDL location + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for the Informix JDBC driver. + + Informix JDBC Driver Properties + + Additional properties for more advanced usage. + Properties for the Informix JDBC driver's connection pool. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + JDBC driver property: ifxIFXHOST. + + Host name or IP + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: ifxCLIENT_LOCALE. + + Client locale + + + + + + + JDBC driver property: ifxCPMAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Age limit + + + + + + + JDBC driver property: ifxCPMInitPoolSize. + + Initial pool size + + + + + + + JDBC driver property: ifxCPMMaxConnections. + + Maximum connections + + + + + + + JDBC driver property: ifxCPMMaxPoolSize. + + Maximum pool size + + + + + + + JDBC driver property: ifxCPMMinAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Minimum age limit + + + + + + + JDBC driver property: ifxCPMMinPoolSize. + + Minimum pool size + + + + + + + JDBC driver property: ifxCPMServiceInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Service interval + + + + + + + JDBC driver property: ifxDBANSIWARN. + + Database ANSI warning + + + + + + + JDBC driver property: ifxDBCENTURY. + + Year expansion + + + + + + + JDBC driver property: ifxDBDATE. + + Date format + + + + + + + JDBC driver property: ifxDBSPACETEMP. + + Temporary table dbspace + + + + + + + JDBC driver property: ifxDBTEMP. + + Database temporary directory + + + + + + + JDBC driver property: ifxDBTIME. + + Database time + + + + + + + JDBC driver property: ifxDBUPSPACE. + + Update statistics sort space + + + + + + + JDBC driver property: ifxDB_LOCALE. + + Database locale + + + + + + + JDBC driver property: ifxDELIMIDENT. + + Delimited identifier + + + + + + + JDBC driver property: ifxENABLE_TYPE_CACHE. + + Enable type cache + + + + + + + JDBC driver property: ifxFET_BUF_SIZE. + + Fetch buffer size + + + + + + + JDBC driver property: ifxGL_DATE. + + DATE end-user formats + + + + + + + JDBC driver property: ifxGL_DATETIME. + + DATETIME end-user formats + + + + + + + JDBC driver property: ifxIFX_AUTOFREE. + + Enable automatic free feature + + + + + + + JDBC driver property: ifxIFX_DIRECTIVES. + + Allow directives + + + + + + + JDBC driver property: ifxIFX_LOCK_MODE_WAIT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Lock mode wait + + + + + + + JDBC driver property: ifxIFX_SOC_TIMEOUT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Socket timeout + + + + + + + JDBC driver property: ifxIFX_USEPUT. + + Enable bulk insert + + + + + + + JDBC driver property: ifxIFX_USE_STRENC. + + Use string encoding + + + + + + + JDBC driver property: ifxIFX_XASPEC. + + Tightly couple XA transactions + + + + + + + JDBC driver property: ifxINFORMIXCONRETRY. + + Maximum connection retries + + + + + + + JDBC driver property: ifxINFORMIXCONTIME. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connection retry timeout + + + + + + + JDBC driver property: ifxINFORMIXOPCACHE. + + Blobspace cache size + + + + + + + JDBC driver property: ifxINFORMIXSTACKSIZE. + + Client session stack size + + + + + + + JDBC driver property: ifxJDBCTEMP. + + LOB temporary file path + + + + + + + JDBC driver property: ifxLDAP_IFXBASE. + + Base domain name + + + + + + + JDBC driver property: ifxLDAP_PASSWD. + + LDAP password + + + + + + + JDBC driver property: ifxLDAP_URL. + + LDAP URL + + + + + + + JDBC driver property: ifxLDAP_USER. + + LDAP user + + + + + + + JDBC driver property: ifxLOBCACHE. + + Large object cache size + + + + + + + JDBC driver property: ifxNEWCODESET. + + New code set mapping + + + + + + + JDBC driver property: ifxNEWLOCALE. + + New locale mapping + + + + + + + JDBC driver property: ifxNODEFDAC. + + No default privileges + + + + + + + JDBC driver property: ifxOPTCOMPIND. + + Query optimizer method + + + + + + + JDBC driver property: ifxOPTOFC. + + Optimize ResultSet close + + + + + + + JDBC driver property: ifxOPT_GOAL. + + Optimization goal + + + + + + + JDBC driver property: ifxPATH. + + Executable program path + + + + + + + JDBC driver property: ifxPDQPRIORITY. + + Degree of parallelism + + + + + + + JDBC driver property: ifxPLCONFIG. + + Performance loader configuration file + + + + + + + JDBC driver property: ifxPLOAD_LO_PATH. + + Large object handle path + + + + + + + JDBC driver property: ifxPROTOCOLTRACE. + + Trace SQLI protocol + + + + + + + JDBC driver property: ifxPROTOCOLTRACEFILE. + + Protocol trace file path + + + + + + + JDBC driver property: ifxPROXY. + + HTTP proxy + + + + + + + JDBC driver property: ifxPSORT_DBTEMP. + + Temporary sort location + + + + + + + JDBC driver property: ifxPSORT_NPROCS. + + Sort threads + + + + + + + JDBC driver property: ifxSECURITY. + + Use 56 bit encryption + + + + + + + JDBC driver property: ifxSQLH_FILE. + + SQL host file path + + + + + + + JDBC driver property: ifxSQLH_LOC. + + SQL host location + + + + + + + JDBC driver property: ifxSQLH_TYPE. + + SQL host type + + + + + + + JDBC driver property: ifxSSLCONNECTION. + + Enable SSL + + + + + + + JDBC driver property: ifxSTMT_CACHE. + + Enable shared statement cache + + + + + + + JDBC driver property: ifxTRACE. + + JDBC trace level + + + + + + + JDBC driver property: ifxTRACEFILE. + + JDBC trace file path + + + + + + + JDBC driver property: ifxTRUSTED_CONTEXT. + + Enable trusted context + + + + + + + JDBC driver property: ifxUSEV5SERVER. + + Version five compatibility + + + + + + + JDBC driver property: ifxUSE_DTENV. + + Non-ANSI date-time support + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: roleName. + + Role name + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for the IBM DB2 for i Native JDBC driver. + + DB2 for i Native JDBC Driver Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + JDBC driver property: access. + + Access + + + + + + + + + + all + + + + + read call + + + + + read only + + + + + + + + + + JDBC driver property: autoCommit. + + Automatically commit + + + + + + + JDBC driver property: batchStyle. + + Batch style + + + + + + + + + + 2.0 + + + + + 2.1 + + + + + + + + + + JDBC driver property: behaviorOverride. + + Behavior override + + + + + + + JDBC driver property: blockSize. + + Block size + + + + + + + + + + 0 + + + + + 8 + + + + + 16 + + + + + 32 + + + + + 64 + + + + + 128 + + + + + 256 + + + + + 512 + + + + + + + + + + JDBC driver property: cursorHold. + + Cursor hold + + + + + + + JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). + + Cursor sensitivity + + + + + + + + + + asensitive + + + + + sensitive + + + + + + + + + + JDBC driver property: dataTruncation. + + Data truncation + + + + + + + JDBC driver property: dateFormat. + + Date format + + + + + + + + + + dmy + + + + + eur + + + + + mdy + + + + + iso + + + + + jis + + + + + julian + + + + + usa + + + + + ymd + + + + + + + + + + JDBC driver property: dateSeparator. + + Date separator + + + + + + + + + + The forward slash character (/). + + + + + The dash character (-). + + + + + The period character (.). + + + + + The comma character (,). + + + + + The character b + + + + + + + + + + JDBC driver property: decimalSeparator. + + Decimal separator + + + + + + + + + + The period character (.). + + + + + The comma character (,). + + + + + + + + + + JDBC driver property: directMap. + + Direct map + + + + + + + JDBC driver property: doEscapeProcessing. + + Do escape processing + + + + + + + JDBC driver property: fullErrors. + + Full errors + + + + + + + JDBC driver property: libraries. + + Libraries + + + + + + + JDBC driver property: lobThreshold. + + LOB threshold + + + + + + + + + + + + + + + + JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Lock timeout + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: maximumPrecision. + + Maximum precision + + + + + + + + + + 31 + + + + + 63 + + + + + + + + + + JDBC driver property: maximumScale. + + Maximum scale + + + + + + + + + + + + + + + + + JDBC driver property: minimumDivideScale. + + Minimum divide scale + + + + + + + + + + + + + + + + + JDBC driver property: networkProtocol. + + Network protocol + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + Port on which to obtain database connections. + + Port number + + + + + + + JDBC driver property: prefetch. + + Prefetch + + + + + + + JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO). + + Query optimize goal + + + + + + + + + + *FIRSTIO + + + + + *ALLIO + + + + + + + + + + JDBC driver property: reuseObjects. + + Reuse objects + + + + + + + Server where the database is running. + + Server name + + + + + + + JDBC driver property: serverTraceCategories. + + Server trace categories + + + + + + + JDBC driver property: systemNaming. + + System naming + + + + + + + JDBC driver property: timeFormat. + + Time format + + + + + + + + + + eur + + + + + hms + + + + + iso + + + + + jis + + + + + usa + + + + + + + + + + JDBC driver property: timeSeparator. + + Time separator + + + + + + + + + + The colon character (:). + + + + + The period character (.). + + + + + The comma character (,). + + + + + The character b + + + + + + + + + + JDBC driver property: trace. + + Trace + + + + + + + JDBC driver property: transactionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Transaction timeout + + + + + + + JDBC driver property: translateBinary. + + Translate binary + + + + + + + JDBC driver property: translateHex. + + Translate hexadecimal + + + + + + + + + + binary + + + + + character + + + + + + + + + + JDBC driver property: useBlockInsert. + + Use block insert + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for Oracle Universal Connection Pooling. + + Oracle UCP Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: connectionFactoryClassName. + + Connection factory class name + + + + + + + + + oracle.jdbc.pool.OracleDataSource + + + + + oracle.jdbc.pool.OracleConnectionPoolDataSource + + + + + oracle.jdbc.xa.client.OracleXADataSource + + + + + + + + + + JDBC driver property: connectionPoolName. + + Connection pool name + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: URL. URL for connecting to the database. If a URL is configured, the Oracle JDBC driver ignores individual connection properties such as serverName and driverType. Oracle JDBC driver updates might impact this behavior. Examples: jdbc:oracle:thin:@//localhost:1521/sample or jdbc:oracle:oci:@//localhost:1521/sample. + + URL + + + + + + JDBC driver property: abandonedConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Abandoned connection timeout + + + + + + + JDBC driver property: connectionFactoryProperties. + + Connection factory properties + + + + + + + JDBC driver property: connectionHarvestMaxCount. + + Connection harvest maximum count + + + + + + + JDBC driver property: connectionHarvestTriggerCount. + + Connection harvest trigger count + + + + + + + JDBC driver property: connectionProperties. Encrypted values can be configured for the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword SSL properties by using the same process that is used for other data source passwords. + + Connection properties + + + + + + + JDBC driver property: connectionWaitTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connection wait timeout + + + + + + + JDBC driver property: fastConnectionFailoverEnabled. + + Fast connection failover enabled + + + + + + + JDBC driver property: initialPoolSize. + + Initial pool size + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: maxConnectionReuseCount. + + Maximum connection reuse count + + + + + + + JDBC driver property: maxConnectionReuseTime. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Maximum connection reuse time + + + + + + + JDBC driver property: maxConnectionsPerShard. + + Maximum connections per shard + + + + + + + JDBC driver property: maxIdleTime. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Maximum idle time + + + + + + + JDBC driver property: maxPoolSize. + + Maximum pool size + + + + + + + JDBC driver property: maxStatements. + + Maximum statements + + + + + + + JDBC driver property: minPoolSize. + + Minimum pool size + + + + + + + JDBC driver property: networkProtocol. + + Network protocol + + + + + + + JDBC driver property: ONSConfiguration. + + ONS configuration + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: roleName. + + Role name + + + + + + + JDBC driver property: SQLForValidateConnection. + + SQL for validate connection + + + + + + + JDBC driver property: secondsToTrustIdleConnection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Seconds to trust idle connection + + + + + + + JDBC driver property: timeoutCheckInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Timeout check interval + + + + + + + JDBC driver property: timeToLiveConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Time to live connection timeout + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + JDBC driver property: validateConnectionOnBorrow. + + Validate connection on borrow + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for Derby Embedded JDBC driver. + + Derby Embedded Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: createDatabase. + + Create database + + + + + + + + + When the first connection is established, automatically create the database if it doesn't exist. + + + + + Do not automatically create the database. + + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + JDBC driver property: connectionAttributes. + + Connection attributes + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: shutdownDatabase. + + Shutdown database + + + + + + + + + + Shut down the database when a connection is attempted. + + + + + Do not shut down the database. + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Identify a specific SQL error code or SQL state on a SQLException. This enables the server to take appropriate action based on the error condition. For example, closing a stale connection instead of returning it to the connection pool. + + Identify Exception + + + + + + + + + Identifies the error condition that the SQL error code or SQL state represents. Allowed values are: None, StaleConnection, StaleStatement, Unsupported. None removes the identification of the exception. StaleConnection causes connections to be evicted from the connection pool per the purge policy. StaleStatement causes statements to be evicted from the statement cache. Unsupported indicates an operation that is not supported by the JDBC driver. + + Identify exception as + + + + + + A string that follows either the XOPEN SQL state conventions or the SQL:2003 conventions. + + SQL state + + + + + + An error code specific to the backend database. Normally, this is the actual error code that is returned by the underlying database. + + SQL error code + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + List of JDBC vendor properties for the data source. For example, databaseName="dbname" serverName="localhost" portNumber="50000". Use this generic properties list when no vendor-specific properties list type is available for your JDBC driver. Do not specify multiple properties elements under a data source. Instead, place all property name-value pairs on a single properties or properties.{JDBC_VENDOR_TYPE} element. + + Generic JDBC Driver Properties + + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + URL for connecting to the database. + + URL + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for Microsoft SQL Server JDBC Driver. + + Microsoft SQL Server JDBC Driver Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + JDBC driver property: instanceName. + + Instance name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: accessToken. + + Access token + + + + + + + JDBC driver property: applicationIntent. + + Application intent + + + + + + + + + + ReadOnly + + + + + ReadWrite + + + + + + + + + + JDBC driver property: applicationName. + + Application name + + + + + + + JDBC driver property: authentication. + + Authentication + + + + + + + + + + ActiveDirectoryMSI + + + + + ActiveDirectoryIntegrated + + + + + ActiveDirectoryPassword + + + + + SqlPassword + + + + + NotSpecified + + + + + + + + + + JDBC driver property: authenticationScheme. + + Authentication scheme + + + + + + + + + + JavaKerberos + + + + + NativeAuthentication + + + + + NTLM + + + + + + + + + + JDBC driver property: columnEncryptionSetting. + + Column encryption + + + + + + + + + + Disabled + + + + + Enabled + + + + + + + + + + JDBC driver property: encrypt. + + Encrypt + + + + + + + JDBC driver property: failoverPartner. + + Failover partner + + + + + + + JDBC driver property: hostNameInCertificate. + + Host name in certificate + + + + + + + JDBC driver property: integratedSecurity. + + Integrated security + + + + + + + JDBC driver property: keyStoreAuthentication. + + Key store authentication + + + + + + + + + + JavaKeyStorePassword + + + + + + + + + + JDBC driver property: keyStoreLocation. + + Key store location + + + + + + + JDBC driver property: keyStoreSecret. + + Key store secret + + + + + + + JDBC driver property: lastUpdateCount. + + Last update count + + + + + + + JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Lock timeout + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: multiSubnetFailover. + + Multiple subnet failover + + + + + + + JDBC driver property: packetSize. + + Packet size + + + + + + + + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: responseBuffering. + + Response buffering + + + + + + + + + + adaptive + + + + + full + + + + + + + + + + JDBC driver property: selectMethod. + + Select method + + + + + + + + + + cursor + + + + + direct + + + + + + + + + + JDBC driver property: sendStringParametersAsUnicode. + + Send string parameters as unicode + + + + + + + JDBC driver property: sendTimeAsDatetime. + + Send time as datetime + + + + + + + JDBC driver property: serverNameAsACE. + + Server name as ASCII compatible encoding + + + + + + + JDBC driver property: serverSpn. + + Server SPN + + + + + + + JDBC driver property: transparentNetworkIPResolution. + + Transparent network IP resolution + + + + + + + JDBC driver property: trustServerCertificate. + + Trust server certificate + + + + + + + JDBC driver property: trustStore. + + Trust store + + + + + + + JDBC driver property: trustStorePassword. + + Trust store password + + + + + + + URL for connecting to the database. Example: jdbc:sqlserver://localhost:1433;databaseName=myDB. + + URL + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + JDBC driver property: workstationID. + + Workstation ID + + + + + + + JDBC driver property: xopenStates. + + X/Open compliant SQL states + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for Oracle JDBC driver. + + Oracle Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: driverType. + + Driver type + + + + + + + + + thin + + + + + oci + + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: URL. URL for connecting to the database. If a URL is configured, the Oracle JDBC driver ignores individual connection properties such as serverName and driverType. Oracle JDBC driver updates might impact this behavior. Examples: jdbc:oracle:thin:@//localhost:1521/sample or jdbc:oracle:oci:@//localhost:1521/sample. + + URL + + + + + + JDBC driver property: connectionProperties. Encrypted values can be configured for the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword SSL properties by using the same process that is used for other data source passwords. + + Connection properties + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: networkProtocol. + + Network protocol + + + + + + + JDBC driver property: ONSConfiguration. + + ONS configuration + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: roleName. + + Role name + + + + + + + JDBC driver property: serviceName. + + Service name + + + + + + + JDBC driver property: TNSEntryName. + + TNS entry name + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for Derby Network Client JDBC driver. + + Derby Network Client Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: createDatabase. + + Create database + + + + + + + + + When the first connection is established, automatically create the database if it doesn't exist. + + + + + Do not automatically create the database. + + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: connectionAttributes. + + Connection attributes + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: retrieveMessageText. + + Retrieve message text + + + + + + + JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 8 (STRONG_PASSWORD_SUBSTITUTE_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). + + Security mechanism + + + + + + + + + + CLEAR_TEXT_PASSWORD_SECURITY + + + + + USER_ONLY_SECURITY + + + + + ENCRYPTED_PASSWORD_SECURITY + + + + + STRONG_PASSWORD_SUBSTITUTE_SECURITY + + + + + ENCRYPTED_USER_AND_PASSWORD_SECURITY + + + + + + + + + + JDBC driver property: shutdownDatabase. + + Shutdown database + + + + + + + + + + Shut down the database when a connection is attempted. + + + + + Do not shut down the database. + + + + + + + + + + JDBC driver property: ssl. + + SSL + + + + + + + + + + basic + + + + + peerAuthentication + + + + + off + + + + + + + + + + JDBC driver property: traceDirectory. + + Trace directory + + + + + + + JDBC driver property: traceFile. + + Trace file + + + + + + + JDBC driver property: traceFileAppend. + + Trace file append + + + + + + + Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_XA_CALLS=2048, TRACE_ALL=-1. + + Trace level + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for the DataDirect Connect for JDBC driver for Microsoft SQL Server. + + DataDirect Connect for JDBC (sqlserver) Properties + + Additional properties for more advanced usage. + Failover properties for the DataDirect Connect for JDBC driver. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: accountingInfo. + + Accounting information + + + + + + + JDBC driver property: alternateServers. + + Alternate servers + + + + + + + JDBC driver property: alwaysReportTriggerResults. + + Always report trigger results + + + + + + + JDBC driver property: applicationName. + + Application name + + + + + + + JDBC driver property: authenticationMethod. + + Authentication method + + + + + + + + + + auto + + + + + kerberos + + + + + ntlm + + + + + userIdPassword + + + + + + + + + + JDBC driver property: bulkLoadBatchSize. + + Bulk load batch size + + + + + + + JDBC driver property: bulkLoadOptions. + + Bulk load options + + + + + + + JDBC driver property: clientHostName. + + Client host name + + + + + + + JDBC driver property: clientUser. + + Client user + + + + + + + JDBC driver property: codePageOverride. + + Code page override + + + + + + + JDBC driver property: connectionRetryCount. + + Connection retry count + + + + + + + JDBC driver property: connectionRetryDelay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connection retry delay + + + + + + + JDBC driver property: convertNull. + + Convert null values + + + + + + + JDBC driver property: dateTimeInputParameterType. + + Date time input parameter type + + + + + + + + + + auto + + + + + dateTime + + + + + dateTimeOffset + + + + + + + + + + JDBC driver property: dateTimeOutputParameterType. + + Date time output parameter type + + + + + + + + + + auto + + + + + dateTime + + + + + dateTimeOffset + + + + + + + + + + JDBC driver property: describeInputParameters. + + Describe input parameters + + + + + + + + + + describeAll + + + + + describeIfDateTime + + + + + describeIfString + + + + + noDescribe + + + + + + + + + + JDBC driver property: describeOutputParameters. + + Describe output parameters + + + + + + + + + + describeAll + + + + + describeIfDateTime + + + + + describeIfString + + + + + noDescribe + + + + + + + + + + JDBC driver property: enableBulkLoad. + + Enable bulk load + + + + + + + JDBC driver property: enableCancelTimeout. + + Enable cancel timeout + + + + + + + JDBC driver property: encryptionMethod. + + Encryption method + + + + + + + + + + noEncryption + + + + + loginSSL + + + + + requestSSL + + + + + SSL + + + + + + + + + + JDBC driver property: failoverGranularity. + + Failover granularity + + + + + + + + + + atomic + + + + + atomicWithRepositioning + + + + + disableIntegrityCheck + + + + + nonAtomic + + + + + + + + + + JDBC driver property: failoverMode. + + Failover mode + + + + + + + + + + connect + + + + + extended + + + + + select + + + + + + + + + + JDBC driver property: failoverPreconnect. + + Failover preconnect + + + + + + + JDBC driver property: hostNameInCertificate. + + Host name in certificate + + + + + + + JDBC driver property: initializationString. + + Initialization string + + + + + + + JDBC driver property: insensitiveResultSetBufferSize. + + Insensitive result set buffer size + + + + + + + JDBC driver property: javaDoubleToString. + + Java double to string conversion algorithm + + + + + + + JDBC driver property: JDBCBehavior. Values are: 0 (JDBC 4.0) or 1 (JDBC 3.0). + + JDBC behavior + + + + + + + + + + JDBC 4.0 + + + + + JDBC 3.0 + + + + + + + + + + JDBC driver property: loadBalancing. + + Load balancing + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: longDataCacheSize. + + Long data cache size + + + + + + + + + + + + + + + + JDBC driver property: netAddress. + + Net address + + + + + + + JDBC driver property: packetSize. + + Packet size + + + + + + + + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: queryTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Query timeout + + + + + + + JDBC driver property: resultsetMetaDataOptions. + + Resultset meta data options + + + + + + + JDBC driver property: selectMethod. + + Select method + + + + + + + + + + cursor + + + + + direct + + + + + + + + + + JDBC driver property: snapshotSerializable. + + Snapshot serializable + + + + + + + JDBC driver property: spyAttributes. + + Spy attributes + + + + + + + JDBC driver property: stringInputParameterType. + + String input parameter type + + + + + + + + + + nvarchar + + + + + varchar + + + + + + + + + + JDBC driver property: stringOutputParameterType. + + String output parameter type + + + + + + + + + + nvarchar + + + + + varchar + + + + + + + + + + JDBC driver property: suppressConnectionWarnings. + + Suppress connection warnings + + + + + + + JDBC driver property: transactionMode. + + Transaction mode + + + + + + + + + + explicit + + + + + implicit + + + + + + + + + + JDBC driver property: truncateFractionalSeconds. + + Truncate fractional seconds + + + + + + + JDBC driver property: trustStore. + + Trust store + + + + + + + JDBC driver property: trustStorePassword. + + Trust store password + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + JDBC driver property: useServerSideUpdatableCursors. + + Use server side updatable cursors + + + + + + + JDBC driver property: validateServerCertificate. + + Validate server certificate + + + + + + + JDBC driver property: XATransactionGroup. + + XA transaction group + + + + + + + JDBC driver property: XMLDescribeType. + + XML describe type + + + + + + + + + + longvarbinary + + + + + longvarchar + + + + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Identifies a JDBC driver. + + JDBC Driver + Additional properties for more advanced usage. + + + + + + Identifies JDBC driver JARs and native files. + + Shared Library + + + + + + + Identifies JDBC driver JARs and native files. + + Shared library reference + library + + + + + + JDBC driver implementation of javax.sql.XADataSource. + + XADataSource class + + + + + + + JDBC driver implementation of javax.sql.ConnectionPoolDataSource. + + ConnectionPoolDataSource implementation class + + + + + + + JDBC driver implementation of javax.sql.DataSource. + + DataSource implementation class + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for the IBM Data Server Driver for JDBC and SQLJ for Informix. + + Informix JCC Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Current lock timeout + + + + + + + JDBC driver property: DBANSIWARN. + + Database ANSI warning + + + + + + + JDBC driver property: DBDATE. + + Database date + + + + + + + JDBC driver property: DBPATH. + + Database path + + + + + + + JDBC driver property: DBSPACETEMP. + + Database temporary space + + + + + + + JDBC driver property: DBTEMP. + + Database temporary directory + + + + + + + JDBC driver property: DBUPSPACE. + + Database update statistics space + + + + + + + JDBC driver property: DELIMIDENT. + + Delimited identifier + + + + + + + JDBC driver property: deferPrepares. + + Defer prepares + + + + + + + JDBC driver property: driverType. + + Driver type + + + + + + + JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO). + + Enable named parameter markers + + + + + + + JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO). + + Enable seamless failover + + + + + + + JDBC driver property: enableSysplexWLB. + + Enable sysplex WLB + + + + + + + JDBC driver property: fetchSize. + + Fetch size + + + + + + + JDBC driver property: fullyMaterializeLobData. + + Fully materialize LOB data + + + + + + + JDBC driver property: IFX_DIRECTIVES. + + Allow directives + + + + + + + + + + ON + + + + + OFF + + + + + + + + + + JDBC driver property: IFX_EXTDIRECTIVES. + + Allow external directives + + + + + + + + + + ON + + + + + OFF + + + + + + + + + + JDBC driver property: IFX_UPDDESC. + + Update describe + + + + + + + JDBC driver property: IFX_XASTDCOMPLIANCE_XAEND. + + Override XA compliance + + + + + + + + + + 0 + + + + + 1 + + + + + + + + + + JDBC driver property: INFORMIXOPCACHE. + + Blobspace cache size + + + + + + + JDBC driver property: INFORMIXSTACKSIZE. + + Client session stack size + + + + + + + JDBC driver property: keepDynamic. + + Keep dynamic + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: NODEFDAC. + + NODEFDAC + + + + + + + + + + yes + + + + + no + + + + + + + + + + JDBC driver property: OPTCOMPIND. + + OPTCOMPIND + + + + + + + + + + 0 + + + + + 1 + + + + + 2 + + + + + + + + + + JDBC driver property: OPTOFC. + + Optimize open-fetch-close + + + + + + + + + + 0 + + + + + 1 + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: PDQPRIORITY. + + PDQ priority + + + + + + + + + + HIGH + + + + + LOW + + + + + OFF + + + + + + + + + + JDBC driver property: progressiveStreaming. Values are: 1 (YES) or 2 (NO). + + Progressive streaming + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: PSORT_DBTEMP. + + Temporary sort location + + + + + + + JDBC driver property: PSORT_NPROCS. + + Number of sort threads + + + + + + + + + + + + + + + + JDBC driver property: queryDataSize. + + Query data size + + + + + + + + + + + + + + + + + JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). + + Result set holdability + + + + + + + + + + HOLD_CURSORS_OVER_COMMIT + + + + + CLOSE_CURSORS_AT_COMMIT + + + + + + + + + + JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). + + Result set holdability for catalog queries + + + + + + + + + + HOLD_CURSORS_OVER_COMMIT + + + + + CLOSE_CURSORS_AT_COMMIT + + + + + + + + + + JDBC driver property: retrieveMessagesFromServerOnGetMessage. + + Retrieve messages from server on get message + + + + + + + JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). + + Security mechanism + + + + + + + + + + CLEAR_TEXT_PASSWORD_SECURITY + + + + + USER_ONLY_SECURITY + + + + + ENCRYPTED_PASSWORD_SECURITY + + + + + ENCRYPTED_USER_AND_PASSWORD_SECURITY + + + + + + + + + + JDBC driver property: STMT_CACHE. + + Statement cache + + + + + + + + + + 0 + + + + + 1 + + + + + + + + + + JDBC driver property: traceDirectory. + + Trace directory + + + + + + + JDBC driver property: traceFile. + + Trace file + + + + + + + JDBC driver property: traceFileAppend. + + Trace file append + + + + + + + Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1. + + Trace level + + + + + + + JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO). + + Use JDBC 4 column name and label semantics + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for the IBM Data Server Driver for JDBC and SQLJ for DB2. + + DB2 JCC Properties + + Additional properties for more advanced usage. + Properties to enable and configure the Automatic Client Reroute feature for the DB2 JDBC driver's connection. + + + + + + + + + JDBC driver property: driverType. + + Driver type + + + + + + + + + Type 2 JDBC driver. + + + + + Type 4 JDBC driver. + + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: accessToken. + + Access token + + + + + + + JDBC driver property: accountingInterval. + + Accounting interval + + + + + + + JDBC driver property: activateDatabase. + + Activate database + + + + + + + JDBC driver property: affinityFailbackInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Affinity failback interval + + + + + + + JDBC driver property: allowNextOnExhaustedResultSet. + + Allow next on exhausted result + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: allowNullResultSetForExecuteQuery. + + Allow null result for executeQuery + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: alternateGroupDatabaseName. + + Alternate group database name + + + + + + + JDBC driver property: alternateGroupPortNumber. + + Alternate group port number + + + + + + + JDBC driver property: alternateGroupServerName. + + Alternate group server name + + + + + + + JDBC driver property: apiKey. + + API key + + + + + + + JDBC driver property: atomicMultiRowInsert. + + Atomic multi-row insert + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: blockingReadConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Blocking read connection timeout + + + + + + + JDBC driver property: charOutputSize. + + Character output size + + + + + + + JDBC driver property: clientApplcompat. + + Client application compatibility + + + + + + + JDBC driver property: clientAccountingInformation. + + Client accounting information + + + + + + + JDBC driver property: clientApplicationInformation. + + Client application information + + + + + + + JDBC driver property: clientBidiStringType. + + Client bidirectional string type + + + + + + + + + + BIDI_ST4 + + + + + BIDI_ST5 + + + + + BIDI_ST6 + + + + + BIDI_ST7 + + + + + BIDI_ST8 + + + + + BIDI_ST9 + + + + + BIDI_ST10 + + + + + BIDI_ST11 + + + + + + + + + + JDBC driver property: clientDebugInfo. + + Client debug information + + + + + + + + + + + + + + + + JDBC driver property: clientProgramId. + + Client program ID + + + + + + + + + + + + + + + + JDBC driver property: clientProgramName. + + Client program name + + + + + + + + + + + + + + + + JDBC driver property: clientRerouteAlternatePortNumber. + + Client reroute alternate port number + + + + + + + JDBC driver property: clientRerouteAlternateServerName. + + Client reroute alternate server name + + + + + + + JDBC driver property: clientUser. + + Client user + + + + + + + JDBC driver property: clientWorkstation. + + Client workstation + + + + + + + JDBC driver property: commandTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Command timeout + + + + + + + JDBC driver property: concurrentAccessResolution. + + Concurrent access resolution + + + + + + + + + + CONCURRENTACCESS_USE_CURRENTLY_COMMITTED + + + + + CONCURRENTACCESS_WAIT_FOR_OUTCOME + + + + + + + + + + JDBC driver property: connectionCloseWithInFlightTransaction. + + Connection close with in-flight transaction + + + + + + + + + + CONNECTION_CLOSE_WITH_EXCEPTION + + + + + CONNECTION_CLOSE_WITH_ROLLBACK + + + + + + + + + + JDBC driver property: connectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connection timeout + + + + + + + JDBC driver property: connectNode. + + Connect node + + + + + + + + + + + + + + + + + JDBC driver property: currentAlternateGroupEntry. + + Current alternate group entry + + + + + + + JDBC driver property: currentDegree. + + Current degree + + + + + + + JDBC driver property: currentExplainMode. + + Current explain mode + + + + + + + + + + + + + + + + JDBC driver property: currentExplainSnapshot. + + Current explain snapshot + + + + + + + + + + + + + + + + JDBC driver property: currentFunctionPath. + + Current function path + + + + + + + JDBC driver property: currentLocaleLcCtype. + + Current locale (LC_CTYPE) + + + + + + + JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Current lock timeout + + + + + + + JDBC driver property: currentMaintainedTableTypesForOptimization. + + Current maintained table types for optimization + + + + + + + + + + ALL + + + + + NONE + + + + + SYSTEM + + + + + USER + + + + + + + + + + JDBC driver property: currentPackagePath. + + Current package path + + + + + + + JDBC driver property: currentPackageSet. + + Current package set + + + + + + + JDBC driver property: currentQueryOptimization. + + Current query optimization + + + + + + + + + + 0 + + + + + 1 + + + + + 2 + + + + + 3 + + + + + 5 + + + + + 7 + + + + + 9 + + + + + + + + + + JDBC driver property: currentSQLID. + + Current SQLID + + + + + + + JDBC driver property: currentSchema. + + Current schema + + + + + + + JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). + + Cursor sensitivity + + + + + + + + + + TYPE_SCROLL_SENSITIVE_STATIC + + + + + TYPE_SCROLL_SENSITIVE_DYNAMIC + + + + + TYPE_SCROLL_ASENSITIVE + + + + + + + + + + JDBC driver property: dateFormat. + + Date format + + + + + + + + + + ISO + + + + + USA + + + + + EUR + + + + + JIS + + + + + + + + + + JDBC driver property: decimalRoundingMode. + + Decimal rounding mode + + + + + + + + + + ROUND_DOWN + + + + + ROUND_CEILING + + + + + ROUND_HALF_EVEN + + + + + ROUND_HALF_UP + + + + + ROUND_FLOOR + + + + + + + + + + JDBC driver property: decimalSeparator. + + Decimal separator + + + + + + + + + + DECIMAL_SEPARATOR_PERIOD + + + + + DECIMAL_SEPARATOR_COMMA + + + + + + + + + + JDBC driver property: decimalStringFormat. + + Decimal string format + + + + + + + + + + DECIMAL_STRING_FORMAT_TO_STRING + + + + + DECIMAL_STRING_FORMAT_TO_PLAIN_STRING + + + + + + + + + + JDBC driver property: deferPrepares. + + Defer prepares + + + + + + + JDBC driver property: downgradeHoldCursorsUnderXa. + + Downgrade cursor holdability under XA + + + + + + + JDBC driver property: enableAlternateGroupSeamlessACR. + + Enable alternate group seamless ACR + + + + + + + JDBC driver property: enableBidiLayoutTransformation. + + Enable bidirectional layout transformation + + + + + + + JDBC driver property: enableClientAffinitiesList. Values are: 1 (YES) or 2 (NO). + + Enable client affinities list + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableConnectionConcentrator. + + Enable connection concentrator + + + + + + + JDBC driver property: enableExtendedDescribe. + + Enable extended describe + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableExtendedIndicators. + + Enable extended indicators + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableMultiRowInsertSupport. + + Enable multi-row insert support + + + + + + + JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO). + + Enable named parameter markers + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableRowsetSupport. + + Enable rowset support + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO). + + Enable seamless failover + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableSysplexWLB. + + Enable sysplex WLB + + + + + + + JDBC driver property: enableT2zosLBF. + + Enable type 2 z/OS limited block fetch + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableT2zosLBFSPResultSets. + + Enable z/OS limited block fetch proc results + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: enableXACleanTransaction. + + Enable XA clean transaction + + + + + + + JDBC driver property: encryptionAlgorithm. + + Encryption algorithm + + + + + + + + + + 1 + + + + + 2 + + + + + + + + + + JDBC driver property: extendedTableInfo. + + Extended table information + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: fetchSize. + + Fetch size + + + + + + + JDBC driver property: fullyMaterializeInputStreams. + + Fully materialize input streams + + + + + + + JDBC driver property: fullyMaterializeInputStreamsOnBatchExecution. + + Fully read input streams on batch execution + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: fullyMaterializeLobData. + + Fully materialize LOB data + + + + + + + JDBC driver property: implicitRollbackOption. + + Implicit rollback option + + + + + + + + + + IMPLICIT_ROLLBACK_OPTION_NOT_SET + + + + + IMPLICIT_ROLLBACK_OPTION_NOT_CLOSE_CONNECTION + + + + + IMPLICIT_ROLLBACK_OPTION_CLOSE_CONNECTION + + + + + + + + + + JDBC driver property: interruptProcessingMode. + + Interrupt processing mode + + + + + + + + + + INTERRUPT_PROCESSING_MODE_DISABLED + + + + + INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL + + + + + INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET + + + + + + + + + + JDBC driver property: jdbcCollection. + + JDBC collection + + + + + + + JDBC driver property: keepAliveTimeOut. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Keep alive timeout + + + + + + + JDBC driver property: keepDynamic. + + Keep dynamic + + + + + + + JDBC driver property: kerberosServerPrincipal. + + Kerberos server principal + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: maxConnCachedParamBufferSize. + + Maximum connection cached parameters buffer size + + + + + + + JDBC driver property: maxRetriesForClientReroute. + + Maximum retries for client reroute + + + + + + + JDBC driver property: maxRowsetSize. + + Maximum rowset size + + + + + + + JDBC driver property: maxTransportObjects. + + Maximum transport objects + + + + + + + JDBC driver property: memberConnectTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Member connect timeout + + + + + + + JDBC driver property: optimizationProfile. + + Optimization profile + + + + + + + JDBC driver property: optimizationProfileToFlush. + + Optimization profile to flush + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: pkList. + + Package list + + + + + + + JDBC driver property: profileName. + + Profile name + + + + + + + JDBC driver property: progressiveStreaming. Values are: 1 (YES) or 2 (NO). + + Progressive streaming + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: queryCloseImplicit. Values are: 1 (QUERY_CLOSE_IMPLICIT_YES) or 2 (QUERY_CLOSE_IMPLICIT_NO). + + Query close implicit + + + + + + + + + + QUERY_CLOSE_IMPLICIT_YES + + + + + QUERY_CLOSE_IMPLICIT_NO + + + + + + + + + + JDBC driver property: queryDataSize. + + Query data size + + + + + + + + + + + + + + + + + JDBC driver property: queryTimeoutInterruptProcessingMode. + + Query timeout interrupt processing mode + + + + + + + + + + INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL + + + + + INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET + + + + + + + + + + JDBC driver property: readOnly. + + Read only + + + + + + + JDBC driver property: recordTemporalHistory. + + Record temporal history + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: reportLongTypes. + + Report long types + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). + + Result set holdability + + + + + + + + + + HOLD_CURSORS_OVER_COMMIT + + + + + CLOSE_CURSORS_AT_COMMIT + + + + + + + + + + JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). + + Result set holdability for catalog queries + + + + + + + + + + HOLD_CURSORS_OVER_COMMIT + + + + + CLOSE_CURSORS_AT_COMMIT + + + + + + + + + + JDBC driver property: retrieveMessagesFromServerOnGetMessage. + + Retrieve messages from server on get message + + + + + + + JDBC driver property: retryIntervalForClientReroute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Retry interval for client reroute + + + + + + + JDBC driver property: retryWithAlternativeSecurityMechanism. + + Retry with alternative security mechanism + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: returnAlias. + + Return alias + + + + + + + + + + 1 + + + + + 2 + + + + + + + + + + JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), 11 (KERBEROS_SECURITY), 12 (ENCRYPTED_USER_AND_DATA_SECURITY), 13 (ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY), 15 (PLUGIN_SECURITY), 16 (ENCRYPTED_USER_ONLY_SECURITY), 18 (TLS_CLIENT_CERTIFICATE_SECURITY). + + Security mechanism + + + + + + + + + + CLEAR_TEXT_PASSWORD_SECURITY + + + + + USER_ONLY_SECURITY + + + + + ENCRYPTED_PASSWORD_SECURITY + + + + + ENCRYPTED_USER_AND_PASSWORD_SECURITY + + + + + KERBEROS_SECURITY + + + + + ENCRYPTED_USER_AND_DATA_SECURITY + + + + + ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY + + + + + PLUGIN_SECURITY + + + + + ENCRYPTED_USER_ONLY_SECURITY + + + + + TLS_CLIENT_CERTIFICATE_SECURITY + + + + + + + + + + JDBC driver property: sendCharInputsUTF8. + + Send character input UTF-8 + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: sendDataAsIs. + + Send data as is + + + + + + + JDBC driver property: serverBidiStringType. + + Server bidirectional string type + + + + + + + + + + BIDI_ST4 + + + + + BIDI_ST5 + + + + + BIDI_ST6 + + + + + BIDI_ST7 + + + + + BIDI_ST8 + + + + + BIDI_ST9 + + + + + BIDI_ST10 + + + + + BIDI_ST11 + + + + + + + + + + JDBC driver property: sessionTimeZone. + + Session time zone + + + + + + + JDBC driver property: sqljCloseStmtsWithOpenResultSet. + + SQLJ close statements with open result set + + + + + + + JDBC driver property: sqljEnableClassLoaderSpecificProfiles. + + SQLJ enable class loader specific profiles + + + + + + + JDBC driver property: ssid. + + Subsystem ID + + + + + + + JDBC driver property: sslCertLocation. + + SSL certificate location + + + + + + + JDBC driver property: SSLCipherSuites. + + SSL cipher suites + + + + + + + JDBC driver property: sslConnection. + + SSL connection + + + + + + + JDBC driver property: sslTrustStoreLocation. + + SSL trust store location + + + + + + + JDBC driver property: sslTrustStorePassword. + + SSL trust store password + + + + + + + JDBC driver property: sslTrustStoreType. + + SSL trust store type + + + + + + + JDBC driver property: sslKeyStoreLocation. + + SSL key store location + + + + + + + JDBC driver property: sslKeyStorePassword. + + SSL key store password + + + + + + + JDBC driver property: sslKeyStoreType. + + SSL key store type + + + + + + + JDBC driver property: statementConcentrator. + + Statement concentrator + + + + + + + + + + STATEMENT_CONCENTRATOR_OFF + + + + + STATEMENT_CONCENTRATOR_WITH_LITERALS + + + + + + + + + + JDBC driver property: streamBufferSize. + + Stream buffer size + + + + + + + JDBC driver property: stripTrailingZerosForDecimalNumbers. + + Strip trailing zeros for decimal numbers + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: sysSchema. + + Sys schema + + + + + + + JDBC driver property: timeFormat. + + Time format + + + + + + + + + + ISO + + + + + USA + + + + + EUR + + + + + JIS + + + + + + + + + + JDBC driver property: timerLevelForQueryTimeOut. + + Timer level for query timeout + + + + + + + + + + QUERYTIMEOUT_DISABLED + + + + + QUERYTIMEOUT_STATEMENT_LEVEL + + + + + QUERYTIMEOUT_CONNECTION_LEVEL + + + + + + + + + + JDBC driver property: timestampFormat. + + Timestamp format + + + + + + + + + + ISO + + + + + JDBC + + + + + + + + + + JDBC driver property: timestampOutputType. + + Timestamp output type + + + + + + + + + + JDBC_TIMESTAMP + + + + + JCC_DBTIMESTAMP + + + + + + + + + + JDBC driver property: timestampPrecisionReporting. + + Timestamp precision reporting + + + + + + + + + + TIMESTAMP_JDBC_STANDARD + + + + + TIMESTAMP_ZERO_PADDING + + + + + + + + + + JDBC driver property: traceDirectory. + + Trace directory + + + + + + + JDBC driver property: traceFile. + + Trace file + + + + + + + JDBC driver property: traceFileAppend. + + Trace file append + + + + + + + JDBC driver property: traceFileCount. + + Trace file count + + + + + + + JDBC driver property: traceFileSize. + + Trace file size + + + + + + + Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1. + + Trace level + + + + + + + JDBC driver property: traceOption + + Trace option + + + + + + + + + + 0 + + + + + 1 + + + + + + + + + + JDBC driver property: translateForBitData. + + Translate for bit data + + + + + + + + + + HEX_REPRESENTATION + + + + + SERVER_ENCODING_REPRESENTATION + + + + + + + + + + JDBC driver property: updateCountForBatch. + + Update count for batch + + + + + + + + + + NO_UPDATE_COUNT + + + + + TOTAL_UPDATE_COUNT + + + + + + + + + + JDBC driver property: useCachedCursor. + + Use cached cursor + + + + + + + JDBC driver property: useIdentityValLocalForAutoGeneratedKeys. + + Use IDENTITY_VAL_LOCAL for auto generated keys + + + + + + + JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO). + + Use JDBC 4 column name and label semantics + + + + + + + + + + YES + + + + + NO + + + + + + + + + + JDBC driver property: useJDBC41DefinitionForGetColumns. + + Use JDBC 4.1 definition for get columns + + + + + + + + + + YES + + + + + NO + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + JDBC driver property: useRowsetCursor. + + Use rowset cursor + + + + + + + JDBC driver property: useTransactionRedirect. + + Use transaction redirect + + + + + + + JDBC driver property: xaNetworkOptimization. + + XA network optimization + + + + + + + JDBC driver property: xmlFormat. + + XML format + + + + + + + + + + XML_FORMAT_TEXTUAL + + + + + XML_FORMAT_BINARY + + + + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for the IBM DB2 for i Toolbox JDBC driver. + + DB2 for i Toolbox JDBC Driver Properties + + Additional properties for more advanced usage. + + + + + + + + + Server where the database is running. + + Server name + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + JDBC driver property: access. + + Access + + + + + + + + + + all + + + + + read call + + + + + read only + + + + + + + + + + JDBC driver property: behaviorOverride. + + Behavior override + + + + + + + JDBC driver property: bidiImplicitReordering. + + Bidirectional implicit reordering + + + + + + + JDBC driver property: bidiNumericOrdering. + + Bidirectional numeric ordering + + + + + + + JDBC driver property: bidiStringType. + + Bidirectional string type + + + + + + + JDBC driver property: bigDecimal. + + Big decimal + + + + + + + JDBC driver property: blockCriteria. Values are: 0 (no record blocking), 1 (block if FOR FETCH ONLY is specified), 2 (block if FOR UPDATE is specified). + + Block criteria + + + + + + + + + + 0 + + + + + 1 + + + + + 2 + + + + + + + + + + JDBC driver property: blockSize. + + Block size + + + + + + + + + + 0 + + + + + 8 + + + + + 16 + + + + + 32 + + + + + 64 + + + + + 128 + + + + + 256 + + + + + 512 + + + + + + + + + + JDBC driver property: CharacterTruncation. + + Character truncation + + + + + + + + + + default + + + + + warning + + + + + none + + + + + + + + + + JDBC driver property: concurrentAccessResolution. + + Concurrent access resolution + + + + + + + + + + + + + + + + + JDBC driver property: cursorHold. + + Cursor hold + + + + + + + JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). + + Cursor sensitivity + + + + + + + + + + asensitive + + + + + insensitive + + + + + sensitive + + + + + + + + + + JDBC driver property: dataCompression. + + Data compression + + + + + + + JDBC driver property: dataTruncation. + + Data truncation + + + + + + + JDBC driver property: dateFormat. + + Date format + + + + + + + + + + dmy + + + + + eur + + + + + mdy + + + + + iso + + + + + jis + + + + + julian + + + + + usa + + + + + ymd + + + + + + + + + + JDBC driver property: dateSeparator. + + Date separator + + + + + + + + + + The forward slash character (/). + + + + + The dash character (-). + + + + + The period character (.). + + + + + The comma character (,). + + + + + The space character ( ). + + + + + + + + + + JDBC driver property: decfloatRoundingMode. + + Decfloat rounding mode + + + + + + + + + + half even + + + + + half up + + + + + down + + + + + ceiling + + + + + floor + + + + + half down + + + + + up + + + + + + + + + + JDBC driver property: decimalDataErrors. + + Decimal data errors + + + + + + + JDBC driver property: decimalSeparator. + + Decimal separator + + + + + + + + + + The period character (.). + + + + + The comma character (,). + + + + + + + + + + JDBC driver property: describeOption. + + Describe option + + + + + + + JDBC driver property: driver. + + Driver + + + + + + + + + + native + + + + + toolbox + + + + + + + + + + JDBC driver property: errors. + + Errors + + + + + + + + + + basic + + + + + full + + + + + + + + + + JDBC driver property: extendedDynamic. + + Extended dynamic + + + + + + + JDBC driver property: extendedMetaData. + + Extended meta data + + + + + + + JDBC driver property: fullOpen. + + Full open + + + + + + + JDBC driver property: holdInputLocators. + + Hold input locators + + + + + + + JDBC driver property: holdStatements. + + Hold statements + + + + + + + JDBC driver property: ignoreWarnings. + + Ignore warnings + + + + + + + JDBC driver property: isolationLevelSwitchingSupport. + + Isolation level switching support + + + + + + + JDBC driver property: keepAlive. + + Keep alive + + + + + + + JDBC driver property: lazyClose. + + Lazy close + + + + + + + JDBC driver property: libraries. + + Libraries + + + + + + + JDBC driver property: lobThreshold. + + LOB threshold + + + + + + + + + + + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: maximumPrecision. + + Maximum precision + + + + + + + + + + 31 + + + + + 64 + + + + + + + + + + JDBC driver property: maximumBlockedInputRows. + + Maximum blocked input rows + + + + + + + + + + + + + + + + + JDBC driver property: maximumScale. + + Maximum scale + + + + + + + + + + + + + + + + + JDBC driver property: metaDataSource. + + Meta data source + + + + + + + + + + + + + + + + + JDBC driver property: minimumDivideScale. + + Minimum divide scale + + + + + + + + + + + + + + + + + JDBC driver property: naming. + + Naming + + + + + + + + + + sql + + + + + system + + + + + + + + + + JDBC driver property: numericRangeError. + + Numeric range error + + + + + + + + + + default + + + + + warning + + + + + none + + + + + + + + + + JDBC driver property: package. + + Package + + + + + + + JDBC driver property: packageAdd. + + Package add + + + + + + + JDBC driver property: packageCCSID. Values are: 1200 (UCS-2) or 13488 (UTF-16). + + Package CCSID + + + + + + + + + + 1200 (UCS-2) + + + + + 13488 (UTF-16) + + + + + + + + + + JDBC driver property: packageCache. + + Package cache + + + + + + + JDBC driver property: packageCriteria. + + Package criteria + + + + + + + + + + default + + + + + select + + + + + + + + + + JDBC driver property: packageError. + + Package error + + + + + + + + + + exception + + + + + warning + + + + + none + + + + + + + + + + JDBC driver property: packageLibrary. + + Package library + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: prefetch. + + Prefetch + + + + + + + JDBC driver property: prompt. + + Prompt + + + + + + + JDBC driver property: proxyServer. + + Proxy server + + + + + + + JDBC driver property: qaqqiniLibrary. + + QAQQINI library + + + + + + + JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO). + + Query optimize goal + + + + + + + + + + + + + + + + + JDBC driver property: queryReplaceTruncatedParameter. + + Query replace truncated parameter + + + + + + + JDBC driver property: queryTimeoutMechanism. + + Query timeout mechanism + + + + + + + + + + qqrytimlmt + + + + + cancel + + + + + + + + + + Query storage limit + + Query storage limit + + + + + + + + + + + + + + + + JDBC driver property: receiveBufferSize. + + Receive buffer size + + + + + + + + + + + + + + + + JDBC driver property: remarks. + + Remarks + + + + + + + + + + sql + + + + + system + + + + + + + + + + JDBC driver property: rollbackCursorHold. + + Rollback cursor hold + + + + + + + JDBC driver property: savePasswordWhenSerialized. + + Save password when serialized + + + + + + + JDBC driver property: secondaryUrl. + + Secondary URL + + + + + + + JDBC driver property: secure. + + Secure + + + + + + + JDBC driver property: secureCurrentUser. + + Secure current user + + + + + + + JDBC driver property: sendBufferSize. + + Send buffer size + + + + + + + + + + + + + + + + JDBC driver property: serverTraceCategories. + + Server trace categories + + + + + + + JDBC driver property: serverTrace. + + Server trace + + + + + + + JDBC driver property: soLinger. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Socket linger + + + + + + + JDBC driver property: soTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Socket timeout + + + + + + + JDBC driver property: sort. + + Sort + + + + + + + + + + hex + + + + + language + + + + + table + + + + + + + + + + JDBC driver property: sortLanguage. + + Sort language + + + + + + + JDBC driver property: sortTable. + + Sort table + + + + + + + JDBC driver property: sortWeight. + + Sort weight + + + + + + + + + + shared + + + + + unique + + + + + + + + + + JDBC driver property: tcpNoDelay. + + TCP no delay + + + + + + + JDBC driver property: threadUsed. + + Thread used + + + + + + + JDBC driver property: timeFormat. + + Time format + + + + + + + + + + eur + + + + + hms + + + + + iso + + + + + jis + + + + + usa + + + + + + + + + + JDBC driver property: timeSeparator. + + Time separator + + + + + + + + + + The colon character (:). + + + + + The period character (.). + + + + + The comma character (,). + + + + + The space character ( ). + + + + + + + + + + JDBC driver property: timestampFormat. + + Timestamp format + + + + + + + + + + iso + + + + + ibmsql + + + + + + + + + + JDBC driver property: toolboxTrace. + + Toolbox trace + + + + + + + + + + none + + + + + datastream + + + + + diagnostic + + + + + error + + + + + information + + + + + warning + + + + + conversion + + + + + proxy + + + + + pcml + + + + + jdbc + + + + + all + + + + + thread + + + + + + + + + + JDBC driver property: trace. + + Trace + + + + + + + JDBC driver property: translateBinary. + + Translate binary + + + + + + + JDBC driver property: translateBoolean. + + Translate boolean + + + + + + + JDBC driver property: translateHex. + + Translate hexadecimal + + + + + + + + + + binary + + + + + character + + + + + + + + + + JDBC driver property: trueAutoCommit. + + True auto commit + + + + + + + JDBC driver property: useBlockUpdate. + + Use block update + + + + + + + JDBC driver property: useDrdaMetadataVersion. + + Use DRDA metadata version + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + JDBC driver property: variableFieldCompression. + + Variable field compression + + + + + + + + + + true + + + + + false + + + + + insert + + + + + all + + + + + + + + + + JDBC driver property: xaLooselyCoupledSupport. + + XA loosely coupled support + + + + + + + + + + + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines a data source configuration. + + Data Source + Additional properties for more advanced usage. + + + + + + JDBC driver for a data source. If updated while the server is running, existing connections are destroyed. + + JDBC Driver + + + + + + Connection manager for a data source. If updated while the server is running, existing connections are destroyed. + + Connection Manager + + + + + + + + + + + + + + + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. If updated while the server is running, the change is applied with new connection requests; in-use connections are not impacted. + + Default Container Managed Authentication Data + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS Login Context Entry + + + + + + Identify a specific SQL error code or SQL state on a SQLException. This enables the server to take appropriate action based on the error condition. For example, closing a stale connection instead of returning it to the connection pool. + + Identify Exception + + + + + + + SQL command to execute once on each new connection that is established to the database. The SQL statement applies only to newly created connections, not to existing connections that are reused from the connection pool. If updated while the server is running, existing connections are destroyed. + + On connect + + + + + + + Authentication data for transaction recovery. + + Recovery Authentication Data + + + + + + + + Indicates that connections obtained from the data source should be castable to interface classes that the JDBC vendor connection implementation implements. Enabling this option incurs additional overhead on each getConnection operation. If vendor JDBC interfaces are needed less frequently, it might be more efficient to leave this option disabled and use Connection.unwrap(interface) only where it is needed. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + Enable connection casting + + + + + + + JNDI name for a data source. If updated while the server is running, existing connections are destroyed. + + JNDI name + + + + + + JDBC driver for a data source. If updated while the server is running, existing connections are destroyed. + + JDBC driver reference + jdbcDriver + + + + + + Connection manager for a data source. If updated while the server is running, existing connections are destroyed. + + Connection manager reference + connectionManager + + + + + + Type of data source. If updated while the server is running, existing connections are destroyed. + + Type + + + + + + + + + javax.sql.XADataSource + + + + + javax.sql.ConnectionPoolDataSource + + + + + javax.sql.DataSource + + + + + java.sql.Driver + + + + + + + + + + Specifies how connections are matched for sharing. + + Connection matching + + + + + + + + + When sharing connections, match based on the original connection request. + + + + + When sharing connections, match based on the current state of the connection. If updated while the server is running, the update is applied with each first connection handle in a transaction. + + + + + + + + + + Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER. If updated while the server is running, the change is applied with new connection requests; in-use connections are not impacted. + + Default container managed authentication data + authData + + + + + + JAAS login context entry for authentication. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + JAAS login context entry reference + jaasLoginContextEntry + + + + + + Default transaction isolation level. If unspecified and the database is identified as DB2, Derby, Informix, Microsoft SQL Server or Sybase, TRANSACTION_REPEATABLE_READ is used. If unspecified for other databases, TRANSACTION_READ_COMMITTED is used. If updated while the server is running, the update is applied with new connection requests; in-use connections are not impacted. + + Transaction isolation level + + + + + + + + + Dirty reads, non-repeatable reads and phantom reads can occur. + + + + + Dirty reads are prevented; non-repeatable reads and phantom reads can occur. + + + + + Dirty reads and non-repeatable reads are prevented; phantom reads can occur. + + + + + Dirty reads, non-repeatable reads and phantom reads are prevented. + + + + + Snapshot isolation for Microsoft SQL Server JDBC Driver and DataDirect Connect for JDBC driver. + + + + + Indicates that the JDBC driver does not support transactions. + + + + + + + + + + Maximum number of cached statements per connection. If updated while the server is running, the statement cache is resized upon next use. To set this option, complete the following prerequisites: Review either the application code or an SQL trace that you gather from the database or database driver for all unique prepared statements. Ensure that the cache size is larger than the number of statements. + + Cached statements per connection + + + + + + + + + + + + + + + Enable participation in transactions that are managed by the application server. If updated while the server is running, existing connections are destroyed. + + Participate in transactions + + + + + + Attempt transaction enlistment when result set scrolling interfaces are used. + + Enlist scrolling APIs + + + + + + + Attempt transaction enlistment when vendor interfaces are used. + + Enlist vendor APIs + + + + + + + Determines how to clean up connections that might be in a database unit of work (AutoCommit=false) when the connection is closed or returned to the pool. + + Commit or roll back on cleanup + + + + + + + + + + Clean up the connection by committing. + + + + + Clean up the connection by rolling back. + + + + + + + + + + Default query timeout for SQL statements. In a JTA transaction, syncQueryTimeoutWithTransactionTimeout can override this default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Query timeout + + + + + + + Authentication data for transaction recovery. + + Recovery authentication data reference + + authData + + + + + + Use the time remaining (if any) in a JTA transaction as the default query timeout for SQL statements. + + Synchronize query and transaction timeouts + + + + + + + Supplements the JDBC driver trace that is logged when JDBC driver trace is enabled in bootstrap.properties. JDBC driver trace specifications include: com.ibm.ws.database.logwriter, com.ibm.ws.db2.logwriter, com.ibm.ws.derby.logwriter, com.ibm.ws.informix.logwriter, com.ibm.ws.oracle.logwriter, com.ibm.ws.sqlserver.logwriter, com.ibm.ws.sybase.logwriter. If updated while the server is running, existing connections are destroyed. + + Supplemental JDBC trace + + + + + + + When specified, pooled connections are validated before being reused from the connection pool. The validation timeout is also used when the connection manager validates connections in response to a stale connection for PurgePolicy=ValidateAllConnections. The full amount of the validation timeout applies to each connection that is validated, which is done via the Connection.isValid(timeout) JDBC API operation. A value of 0 means that connections are validated without applying any timeout. Validation timeout requires a JDBC driver that complies with the JDBC 4.0 specification or higher. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Validation timeout + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for Sybase JDBC driver. + + Sybase Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: connectionProperties. Encrypted values can be configured for the javax.net.ssl.keyStorePassword and javax.net.ssl.trustStorePassword SSL properties by using the same process that is used for other data source passwords. + + Connection properties + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + JDBC driver property: networkProtocol. + + Network protocol + + + + + + + + + + socket + + + + + SSL + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: resourceManagerName. + + Resource manager name + + + + + + + JDBC driver property: SERVER_INITIATED_TRANSACTIONS. + + Server initiated transactions + + + + + + + + + + true + + + + + false + + + + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + JDBC driver property: version. + + Version + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Data source properties for PostgreSQL JDBC driver. + + PostgreSQL Properties + + Additional properties for more advanced usage. + + + + + + + + + JDBC driver property: databaseName. + + Database name + + + + + + Server where the database is running. + + Server name + + + + + + Port on which to obtain database connections. + + Port number + + + + + + JDBC driver property: applicationName. + + Application name + + + + + + + JDBC driver property: cancelSignalTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Cancel signal timeout + + + + + + + JDBC driver property: connectTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connect timeout + + + + + + + JDBC driver property: currentSchema. + + Current schema + + + + + + + JDBC driver property: defaultRowFetchSize. + + Default row fetch size + + + + + + + + + + + + + + + + JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Login timeout + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + + JDBC driver property: preparedStatementCacheQueries. + + Prepared statement cache queries + + + + + + + + + + + + + + + + JDBC driver property: readOnly. + + Read only + + + + + + + JDBC driver property: ssl. + + SSL + + + + + + + JDBC driver property: sslCert. + + SSL certificate location + + + + + + + JDBC driver property: sslfactory. + + SSL factory class name + + + + + + + JDBC driver property: sslKey. + + SSL key location + + + + + + + JDBC driver property: sslMode. + + SSL mode + + + + + + + + + + disable + + + + + allow + + + + + prefer + + + + + require + + + + + verify-ca + + + + + verify-full + + + + + + + + + + JDBC driver property: sslPassword. + + SSL password + + + + + + + JDBC driver property: sslRootCert. + + SSL root certificate location + + + + + + + JDBC driver property: socketTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Socket timeout + + + + + + + JDBC driver property: targetServerType. + + Target server type + + + + + + + JDBC driver property: tcpKeepAlive. + + TCP keep alive + + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User + + + + + + + URL for connecting to the database. + + URL + + + + + + + Additional JDBC vendor properties for the data source. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A single entry in the JNDI default namespace. + + JNDI Entry + + + + + + + + + The JNDI name to use for this entry. + + JNDI entry name + jndiName + + + + + + The JNDI value to associate with the name. + + JNDI entry value + + + + + + True if value needs to be decoded on lookup. + + JNDI decode value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A single entry in the JNDI default namespace that is used for binding java.net.URL entries. + + JNDI URL Entry + + + + + + + + + The JNDI name to use for this entry. + + JNDI URL entry name + jndiName + + + + + + The JNDI URL value to associate with the name. + + JNDI URL entry value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The properties for the reference entry. + + Properties + + + + + + + + + + Additional properties for the reference entry. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + ObjectFactory to be used by a JNDI Reference entry. + + JNDI Object Factory + + + + + + Library containing the factory implementation class. + + Shared Library + + + + + + + ObjectFactory implementation class name. + + Factory class name + + + + + + Type of object returned from the factory. + + Object class name + + + + + + Library containing the factory implementation class. + + Shared library reference + library + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Reference entry in the JNDI default namespace. + + JNDI Reference Entry + + + + + + Object factory for the reference entry. + + Object Factory + + + + + + The properties for the reference entry. + + Properties + + + + + + + JNDI name for the reference entry. + + JNDI name + jndiName + + + + + + Object factory for the reference entry. + + Object factory reference + jndiObjectFactory + + + + + + True if value needs to be decoded on lookup. + + JNDI decode value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for the Java Persistence API container. + + JPA Container + + + + + + + An application to be excluded from JPA processing. + + Excluded application + + + + + + Default integration-level persistence properties for use by the persistence provider when a container-managed entity manager factory is created. Specified default persistence properties are included when the PersistenceProvider.createContainerEntityManagerFactory method is called. If the same default persistence property name is specified within a persistence.xml file, this configuration overrides that property value in the persistence.xml file. + + Default Persistence Properties + + + + + + + + Default Java™ Transaction API (JTA) data source JNDI name to be used by applications running in this server. By default, data sources are JTA. Only data sources that are transactional are allowed in this field. + + Default JTA data source JNDI name + + + + + + Default non-transactional data source JNDI name to be used by applications running in this server. Only data sources that have been marked as non-transactional are allowed in this field. + + Default non-JTA data source JNDI name + + + + + + Default persistence provider class name. If this property is not specified, the default provider is dependent on which JPA feature is enabled. + + Default persistence provider + + + + + + EntityManager pool capacity per PersistenceContext reference. The minimum is 0 and the maximum is 500. + + EntityManager pool capacity + + + + + + If true, errors that occur while attempting to lookup a data source that is specified by the jta-data-source or non-jta-data-source elements in the persistence.xml file are reported and ignored, which allows the persistence provider to determine a default data source. If false, the errors are propagated to the persistence provider so that the errors can be diagnosed more easily, but misconfigured applications might not work. By default, this property is true if JPA 2.0 is enabled and false otherwise. + + Ignore data source errors + + + + + + + Default integration-level persistence properties for use by the persistence provider when a container-managed entity manager factory is created. Specified default persistence properties are included when the PersistenceProvider.createContainerEntityManagerFactory method is called. If the same default persistence property name is specified within a persistence.xml file, this configuration overrides that property value in the persistence.xml file. + + Default Persistence Properties + + + + + + Provides a specific persistence property to all container-managed entity manager factories. + + Name/value Pair Describing A Persistence Property + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Provides a specific persistence property to all container-managed entity manager factories. + + Name/value Pair Describing A Persistence Property + + + + + + + + + Provides the name of the integration-level persistence property. + + Persistence property name + + + + + + Provides the value of the integration-level persistence property. + + Persistence property value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + JSP configuration + + JSP Engine + + + + + + + + + Disable compilation of JSPs at runtime. + + Disable JSP runtime compilation + + + + + + Directory that the JSP engine will search for additional JSP files to serve. + + Extended document root + + + + + + Default Java source level for JSPs compiled by the JSP engine. + + JDK source level + + + + + + + + + 13 + + + + + 14 + + + + + 15 + + + + + 16 + + + + + 17 + + + + + 18 + + + + + + + + + + Keep Java source files generated for JSPs. + + Keep generated Java source + + + + + + Generate Java source and classes in memory (without writing to disk). + + Store compiled JSPs in memory only + + + + + + Recompile JSPs after an application is restarted. JSPs are recompiled on first access. + + Recompile JSPs on restart + + + + + + Allow JSPs to use jsx and tsx tag libs. + + Use implicit tag libs + + + + + + Disable injection of resources into JSPs. + + Disable resource injection + + + + + + When this attribute is present, all JSPs larger than the value (in kilobytes) are compiled at application server startup. Set this to 0 to compile all JSPs. + + Translate and compile JSPs on startup + + + + + + When this attribute is set, the JSPs are compiled to the specified directory instead of the server workarea directory. + + Directory where generated class files are created + + + + + + When this attribute is set, the JSPs are compiled by using the Java SDK compiler. + + Compile JSPs with the Java SDK compiler + + + + + + When prepareJSPs is enabled, this configuration specifies the number of threads used. + + Number of threads used if prepareJSPs is enabled + + + + + + + Defines how the server processes configuration information. + + Configuration Management + + + + + + + + + Action to take after a incurring a configuration error. + + On error + onError + + + + + + + + + Server will issue warning and error messages when it incurs a configuration error. + + + + + Server will issue a warning or error message on the first error occurrence and then stop the server. + + + + + Server will not issue any warning and error messages when it incurs a configuration error. + + + + + + + + + + Rate at which the server checks for configuration updates. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Update polling rate + + + + + + Configuration update method or trigger. + + Update trigger + + + + + + + + + Server will scan for changes at the polling interval on all the configuration files and update the runtime configuration with the changes detected. + + + + + Server will only update the configuration when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application. + + + + + Disables all update monitoring. Configuration changes will not be applied while the server is running. + + + + + + + + + + + Specifies a set of files starting from a base directory and matching a set of patterns. + + Fileset + + + + + + + + + The base directory to search for files. + + Base directory + + + + + + Boolean to indicate whether or not the search should be case sensitive (default: true). + + Case sensitive + + + + + + The comma or space separated list of file name patterns to include in the search results (default: *). + + Includes pattern + + + + + + The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded. + + Excludes pattern + + + + + + The scanning interval to determine whether files are added or removed from the fileset. The individual files are not scanned. The suffix for the interval of time is h-hour, m-minute, s-second, and ms-millisecond, for example, 2ms or 5s. The scanning interval is disabled by default and is disabled manually by setting the scan interval, scanInterval, to 0. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Scan interval + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines settings for the Liberty kernel default executor. Note that there is always one and exactly one default executor, for use by the Liberty runtime only and not directly accessible by applications. Applications that need to configure and utilize executors should instead use Managed Executors. + + Executor Management + + + + + + + + + The name of the Liberty kernel default executor. + + Name + + + + + + Maximum number of threads that can be associated with the executor. If greater than 0, maxThreads can be a minimum of 4, and should be at least as large as coreThreads; if maxThreads is set less than coreThreads, Liberty will reduce coreThreads to the maxThreads value. If the value of maxThreads is less than or equal to 0, the maximum number of threads is unbounded, which lets the Liberty kernel decide how many threads to associate with the executor without having a defined upper boundary. + + Maximum threads + + + + + + Baseline or minimum number of threads to associate with the executor. The number of threads associated with the executor will quickly grow to this number. If this value is less than 0, a default value is used, calculated based on the number of hardware threads on the system. If the value is a positive number less than 4, then a default value of 4 is used. + + Core threads + + + + + + + Defines how the server loads features. + + Feature Manager + + + + + + Specifies a feature to be used when the server runs. + + Feature + + + + + + + Action to take after a failure to load a feature. + + On error + onError + + + + + + + + + Server will issue warning and error messages when it incurs a configuration error. + + + + + Server will issue a warning or error message on the first error occurrence and then stop the server. + + + + + Server will not issue any warning and error messages when it incurs a configuration error. + + + + + + + + + + + Specifies the list of IBM SecureWay Directory Server LDAP filters. + + IBM SecureWay Directory Server LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for the LDAP user registry. + + LDAP User Registry + + + + + + List of LDAP failover servers. + + LDAP Failover Servers + + + + + + Specifies the list of Microsoft Active Directory LDAP filters. + + Microsoft Active Directory LDAP Filters + + + + + + Specifies the list of Custom LDAP filters. + + Custom LDAP Filters + + + + + + Specifies the list of IBM Lotus Domino LDAP filters. + + IBM Lotus Domino LDAP Filters + + + + + + Specifies the list of Novell eDirectory LDAP filters. + + Novell eDirectory LDAP Filters + + + + + + Specifies the list of IBM Tivoli Directory Server LDAP filters. + + IBM Tivoli Directory Server LDAP Filters + + + + + + Specifies the list of Sun Java System Directory Server LDAP filters. + + Sun Java System Directory Server LDAP Filters + + + + + + Specifies the list of Netscape Directory Server LDAP filters. + + Netscape Directory Server LDAP Filters + + + + + + Specifies the list of IBM SecureWay Directory Server LDAP filters. + + IBM SecureWay Directory Server LDAP Filters + + + + + + A WIM PersonAccount property that is used to generate the LDAP filter for user searches. The first instance of this attribute is returned as the principal name for the user. The mapping of WIM properties to LDAP attributes can be modified by using the attributeConfiguration attribute. Setting this attribute will override userFilter if it is defined. This attribute is case-sensitive. + + Login Property + + + + + + Configure the LDAP object class, search filters, search bases and LDAP relative distinguished name (RDN) for Person, Group and Organizational Unit. For example, the Group entity type can have a search filter such as (&(ObjectCategory=Groupofnames)(ObjectClass=Groupofnames)) and the object class as Groupofnames with search base ou=iGroups,o=ibm,c=us. + + LDAP Entity Types + + + + + + The configuration for group membership properties (for example; memberAttribute or membershipAttribute). + + Configure the LDAP Group Properties + + + + + + The configuration that maps the LDAP attributes with the user registry schema (for example; Person, PersonAccount or Group) field names. + + LDAP Attributes Mapping + + + + + + Properties of the context pool. + + Context Pool Properties + + + + + + Configure the attributes of the cache. + + Cache Properties + + + + + + + Address of the LDAP server in the form of an IP address or a domain name service (DNS) name. + + Host + + + + + + Port number of the LDAP server. + + Port + + + + + + Base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches in the directory service. + + Base distinguished name (DN) + + + + + + Type of LDAP server to which a connection is established. + + LDAP server type + + + + + + + + + Configure the LDAP registry to use Microsoft Active Directory. + + + + + Configure the LDAP registry to use a custom LDAP server. + + + + + Configure the LDAP registry to use IBM Lotus Domino. + + + + + Configure the LDAP registry to use Novell eDirectory. + + + + + Configure the LDAP registry to use IBM Tivoli Directory Server. + + + + + Configure the LDAP registry to use Sun Java System Directory Server. + + + + + Configure the LDAP registry to use Netscape Directory Server. + + + + + Configure the LDAP registry to use IBM SecureWay Directory Server. + + + + + + + + + + The realm name that represents the user registry. + + Realm name + + + + + + Distinguished name (DN) for the application server, which is used to bind to the directory service. + + Bind distinguished name (DN) + + + + + + Password for the bind DN. The value can be stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option. + + Bind password + + + + + + Perform a case-insensitive authentication check. + + Ignore case for authorization + + + + + + Performs a nested group search. Select this option only if the LDAP server does not support recursive server-side searches. + + Perform a nested group search + + + + + + Requests the application server to reuse the LDAP server connection. + + Reuse connection + + + + + + Indicates whether an SSL connection should be made to the LDAP server. + + Ldap ssl enabled + + + + + + ID of the SSL configuration to be used to connect to the SSL-enabled LDAP server. + + SSL reference + ssl + + + + + + Maximum time for an LDAP server to respond before a request is canceled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Search timeout + + + + + + Maximum time for establishing a connection to the LDAP server. A value of 0 indicates that the TCP protocol's timeout value should be used. The program logs an error message if the specified time expires. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Timeout for establishing an LDAP connection + + + + + + Maximum time to wait for read operations for LDAP operations. A value of 0 indicates that no timeout exists and the read waits indefinitely. The program logs an error message if the specified time expires. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Timeout for reading from an LDAP connection + + + + + + Specifies the X.509 certificate authentication mapping mode for the LDAP registry: CUSTOM, EXACT_DN, CERTIFICATE_FILTER, or NOT_SUPPORTED. + + Certificate map mode + + + + + + + + + The LDAP registry attempts X.509 certificate authentication by mapping the PrincipalName value in the X.509 certificate to the exact distinguished name (DN) in the repository. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. + + + + + The LDAP registry attempts X.509 certificate authentication by using the certificate filter mapping property for the LDAP filter. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. + + + + + The LDAP registry attempts X.509 certificate authentication by using the custom CertificateMapper implementation specified by the certificateMapperId attribute. If a single matching entity is found, the authentication is successful. If a matching entity is not found or more than a single matching entity is found, authentication fails and the program returns an error. + + + + + The LDAP registry does not support X.509 certificate authentication. Attempts to authenticate with an X.509 certificate fail, and a CertificateMapNotSupportedException is thrown. + + + + + + + + + + Specifies the filter certificate mapping property for the LDAP filter when the X.509 certificate authentication mapping mode is CERTIFICATE_FILTER. The filter is used to map attributes in the client certificate to entries in the LDAP registry. For example, the filter can be specified as: uid=${SubjectCN}. + + Certificate map filter + + + + + + Specifies the X509CertificateMapper to use when the X.509 certificate authentication mapping mode is CUSTOM. The value must match the value of the 'x509.certificate.mapper.id' property that is specified for the X509CertificateMapper implementation. + + Certificate mapper ID + + + + + + Specifies the list of Microsoft Active Directory LDAP filters. + + Microsoft active directory ldap filters reference + activedLdapFilterProperties + + + + + + Specifies the list of Custom LDAP filters. + + Custom ldap filters reference + customLdapFilterProperties + + + + + + Specifies the list of IBM Lotus Domino LDAP filters. + + IBM lotus domino ldap filters reference + domino50LdapFilterProperties + + + + + + Specifies the list of Novell eDirectory LDAP filters. + + Novell eDirectory ldap filters reference + edirectoryLdapFilterProperties + + + + + + Specifies the list of IBM Tivoli Directory Server LDAP filters. + + IBM tivoli directory ldap filters reference + idsLdapFilterProperties + + + + + + Specifies the list of Sun Java System Directory Server LDAP filters. + + Sun java system directory ldap filters reference + iplanetLdapFilterProperties + + + + + + Specifies the list of Netscape Directory Server LDAP filters. + + Netscape directory server ldap filters reference + netscapeLdapFilterProperties + + + + + + Specifies the list of IBM SecureWay Directory Server LDAP filters. + + IBM secureWay directory ldap filters reference + securewayLdapFilterProperties + + + + + + Specify the behavior for LDAP referrals. The default behavior is to ignore referrals. + + LDAP referral handling + + + + + + + + + Ignore LDAP referrals. + + + + + Follow LDAP referrals. + + + + + + + + + + When an alias entry is encountered, specifies whether the alias is dereferenced so that the object that is returned is the object that is pointed to by the alias DN. + + Alias dereferencing handling + + + + + + + + + Always dereference aliases. + + + + + Never dereference aliases. + + + + + + + + + + The interval, in minutes, at which the virtual member manager tests the primary server for availability. + + Primary server query time interval + + + + + + A boolean value that indicates if the search should be done against the Primary Server. + + Return to primary server + + + + + + A string value that provides a SimpleDateFormat pattern that is used to parse timestamp attribute values. For example, you can use 'yyyyMMddHHmmss.SSSZ' to parse '20181120214852.869-0000Z'. If this attribute is not defined, a default will be provided based on ldapType. + + Timestamp format + + + + + + Allow create, update, and delete operations on failover servers. + + Allow write to secondary servers + + + + + + The authentication mechanism for binding to the LDAP server when searching or modifying an LDAP entry. + + Bind authentication mechanism + + + + + + + + + Anonymous bind to the directory service. No additional login attributes are required. + + + + + Use the bindDN and bindPassword to bind to the directory service. The bindDN and bindPassword attributes are required. + + + + + GSS-API Kerberos v5 (krb5) support to bind to the directory service. The krb5Principal attribute is required + + + + + + + + + + The name of the Kerberos principal name or Kerberos service name to be used. + + Kerberos principal name + + + + + + The file location where Kerberos credentials for the Kerberos principal name or service name will be stored. Also known as the Kerberos credential cache (ccache) + + Kerberos ticket cache + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration of the registry base entry. The sub-tree under this node will also be part of the repository. + + Registry Base Entry + + + + + + + + + Base distinguished name (DN) of the directory service, which indicates the starting point for LDAP searches in the directory service. + + Base distinguished name (DN) + + + + + + The base name of the registry base entry. + + Base name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The attribute cache properties. + + LDAP Attribute Cache + + + + + + + + + A Boolean value to indicate that the property is enabled. + + Enabled + + + + + + Defines the number of entities that can be stored in the cache. You can increase the size of the cache based on the number of entities that are required to be stored in the cache. + + Size + + + + + + Defines the maximum time that the contents of the LDAP attribute cache are available. When the specified time has elapsed, the LDAP attribute cache is cleared. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Timeout + + + + + + The maximum number of attributes per LDAP entity that will be cached. + + Maximum entity attributes cached + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of Novell eDirectory LDAP filters. + + Novell eDirectory LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of Microsoft Active Directory LDAP filters. + + Microsoft Active Directory LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration that defines the mapping of LDAP attributes with the user registry schema field names. + + LDAP Attributes Mapping Definition + + + + + + Define the user registry schema field names to be mapped to the LDAP attribute. + + LDAP Attribute Properties + + + + + + Define the name of the LDAP attribute and its properties that needs to be mapped to the user registry externalId attribute. + + ExternalId Attribute Mapping Properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration for the LDAP attribute. + + LDAP Attribute + + + + + + + + + The name of the LDAP attribute. + + LDAP attribute name + + + + + + The user registry schema field name that needs to be mapped with the LDAP attribute. + + User registry property name + + + + + + The default value of the attribute. + + Default value + + + + + + The attribute syntax. + + Syntax + + + + + + The entity type of the attribute. + + Entity type + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The attributes of the LDAP group configuration. + + LDAP Group Properties + + + + + + The LDAP member attribute. + + Member Attribute + + + + + + The configuration for the membership attribute. + + Membership Attribute + + + + + + The configuration for the dynamic member attribute. + + Dynamic Member Attribute + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A WIM PersonAccount property that is used to generate the LDAP filter for user searches. The first instance of this attribute is returned as the principal name for the user. The mapping of WIM properties to LDAP attributes can be modified by using the attributeConfiguration attribute. Setting this attribute will override userFilter if it is defined. This attribute is case-sensitive. + + Login Property + + + + + + + + + A WIM PersonAccount property that is used to generate the LDAP filter for user searches. The first instance of this attribute is returned as the principal name for the user. The mapping of WIM properties to LDAP attributes can be modified by using the attributeConfiguration attribute. Setting this attribute will override userFilter if it is defined. This attribute is case-sensitive. + + Login property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration for the LDAP dynamic member attribute. + + LDAP Dynamic Member Attribute + + + + + + + + + The name of the member. + + Member name + + + + + + The name of the object class. + + Object class + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of IBM Tivoli Directory Server LDAP filters. + + IBM Tivoli Directory Server LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration for the LDAP externalId attribute mapping. + + LDAP ExternalId Attribute + + + + + + + + + The name of the LDAP attribute to be used for the user registry externalId attribute. + + Name in LDAP + + + + + + The attribute syntax. + + Syntax + + + + + + The entity type of the attribute. + + Entity type + + + + + + When enabled, the externalId attribute value is generated automatically by the user registry instead of using the value that is stored in LDAP. By default it is disabled. + + Auto generate + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration for the LDAP member attributes. + + LDAP Member Attributes + + + + + + + + + The name of the member. + + Member name + + + + + + The object class of the member attribute. + + Object class + + + + + + The scope of the member attribute. + + Scope + + + + + + + + + The specified member attribute only includes direct members. + + + + + The specified member attribute includes direct and nested members. + + + + + The specified member attribute includes direct, nested, and dynamic members. + + + + + + + + + + The name of the dummy member. + + Dummy member + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for LDAP failover server. + + LDAP Failover Server Properties + + + + + + + + + LDAP server host name, which can be either an IP address or a domain name service (DNS) name. + + LDAP failover host + + + + + + LDAP failover server port. + + LDAP failover port + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + List of LDAP failover servers. + + LDAP Failover Servers + + + + + + Configuration properties for LDAP failover server. + + LDAP Failover Server Properties + + + + + + + Configuration properties for LDAP failover servers. Specify it as a backup server for the primary LDAP servers. For example, <failoverServers name="failoverLdapServers"><server host="myfullyqualifiedhostname1" port="389"/><server host="myfullyqualifiedhostname2" port="389"/></failoverServers>. + + LDAP failover servers name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration for the supported LDAP entity type. + + Supported LDAP Entity Type + + + + + + The object class defined for the given LDAP entity type in the LDAP server. For example, the object class for the group LDAP entity type can be Groupofnames. + + Object class + + + + + + Specify the sub tree of the LDAP server for the search call for the given entity type which will override the base DN in search operations. For example, if the base DN is o=ibm,c=us and the search base for the PersonAccount entity type is defined to be ou=iUsers,o=ibm,c=us, then all search calls for PersonAccout will be made under subtree ou=iUsers,o=ibm,c=us. Multiple search bases can be configured for the same entity type. + + Search base + + + + + + + The name of the LDAP entity type. + + Name + + + + + + A custom LDAP search expression used while searching for entity types. For example, searchFilter="(|(ObjectCategory=User)(ObjectClass=User))". + + Search filter + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of Sun Java System Directory Server LDAP filters. + + Sun Java System Directory Server LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of IBM Lotus Domino LDAP filters. + + IBM Lotus Domino LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configure the attributes of the cache. + + Cache + + + + + + The attribute cache properties configuration. + + Attribute Cache Properties + + + + + + The configuration for the search results cache. + + Search Results Cache Properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configure the attributes of the context pool. + + Context Pool + + + + + + + + + A boolean value that determines if the context pool is enabled. Disabling it can cause performance degradation. + + Context pool enabled + + + + + + An integer value that determines the initial size of the context pool. Set this based on the load on the repository. + + Initial size + + + + + + An integer value that defines the maximum context pool size. Set this based on the maximum load on the repository. + + Maximum size + + + + + + The duration after which the context pool times out. An integer that represents the time that an idle context instance can remain in the pool without being closed and removed from the pool. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s) or milliseconds (ms). For example, specify 1 second as 1s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 1.5 minutes. The minimum timeout allowed is 1 second. Millisecond entries are rounded to the nearest second. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Timeout + + + + + + The duration after which the context pool times out. The time interval that the request waits until the context pool checks again if an idle context instance is available in the pool when the number of context instances reaches the maximum pool size. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Wait time + + + + + + The preferred size of the context pool. Set this based on the load on the repository. + + Preferred size + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of Custom LDAP filters. + + Custom LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The cache for the search results. + + Search Results Cache + + + + + + + + + A Boolean value to indicate that the property is enabled. + + Enabled + + + + + + The size of the cache. The number of search results that are stored in the cache. This needs to be configured based on the number of search queries executed on the system and the hardware system resources available. + + Size + + + + + + Defines the maximum time that the contents of the search results cache are available. When the specified time has elapsed, the search results cache is cleared. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Timeout + + + + + + The maximum number of results that can be cached for a single LDAP search. + + Maximum search results cached + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The RDN property to be used for each configured object class. + + Relative Distinguished Name Property + + + + + + The name of the object class. + + Object class + + + + + + + The name of the property. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of Netscape Directory Server LDAP filters. + + Netscape Directory Server LDAP Filters + + + + + + + + + An LDAP filter clause for searching the user registry for users. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, uid=%v. During searches, the %v in the AVA is replaced with the user or user pattern being searched for. + + User filter + + + + + + An LDAP filter clause for searching the user registry for groups. When defined, this filter requires an Attribute Value Assertion (AVA) containing a %v. For example, cn=%v. During searches, the %v in the AVA is replaced with the group or group pattern being searched for. + + Group filter + + + + + + An LDAP filter that maps the name of a user to an LDAP entry. + + User ID map + + + + + + An LDAP filter that maps the name of a group to an LDAP entry. + + Group ID map + + + + + + An LDAP filter that identifies user to group memberships. + + Group member ID map + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration for the LDAP membership attribute. + + LDAP Membership Attribute + + + + + + + + + The name of the membership attribute. + + Membership attribute name + + + + + + The scope of the membership attribute. + + Scope + + + + + + + + + The specified group membership attribute only includes direct groups. + + + + + The specified group membership attribute includes direct and nested groups. + + + + + The specified group membership attribute includes direct, nested, and dynamic groups. + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Controls the capture and output of log and trace messages. + + Logging + + + + + + + + + The maximum size (in MB) that a log file can reach before it is rolled. The Liberty runtime does only size-based log rolling. To disable this attribute, set the value to 0. The maximum file size is approximate. By default, the value is 20. Note: maxFileSize does not apply to the console.log file. + + Maximum log file size + com.ibm.ws.logging.max.file.size + + + + + + + + + + + + + + + Maximum number of log files that are kept before the oldest file is removed; a value of 0 means no limit. If an enforced maximum file size exists, this setting is used to determine how many of each of the log files are kept. This setting also applies to the number of exception logs that summarize exceptions that occurred on a particular day. So if this number is 10, you might have 10 message logs, 10 trace logs, and 10 exception summaries in the ffdc/directory. By default, the value is 2. Note: maxFiles does not apply to the console.log file. + + Maximum log files + com.ibm.ws.logging.max.files + + + + + + + + + + + + + + + You can use this attribute to set a directory for all log files, excluding the console.log file, but including FFDC. By default, logDirectory is set to the LOG_DIR environment variable. The default LOG_DIR environment variable path is WLP_OUTPUT_DIR/serverName/logs. Avoid trouble: Use the LOG_DIR environment variable or the com.ibm.ws.logging.log.directory property, except in cases where you are trying to change the configuration dynamically after startup. + + Log directory + com.ibm.ws.logging.log.directory + + + + + + Name of the file to which message output is written relative to the configured log directory. The default value is messages.log. This file always exists and contains INFO and other (AUDIT, WARNING, ERROR, FAILURE) messages, in addition to System.out and System.err. This log also contains time stamps and the issuing thread ID. If the log file is rolled over, the names of earlier log files have the format messages_timestamp.log. Avoid trouble: Use the com.ibm.ws.logging.message.file.name property, except in cases where you are trying to change the configuration dynamically after startup. + + Message file name + com.ibm.ws.logging.message.file.name + + + + + + Name of the file to which trace output is written relative to the configured log directory. The default value is trace.log. The trace.log file is only created if a traceSpecification is set including log levels below INFO. stdout is recognized as a special value and causes trace to be directed to the original standard out stream. Avoid trouble: Use the com.ibm.ws.logging.trace.file.name property, except in cases where you are trying to change the configuration dynamically after startup. + + Trace file name + com.ibm.ws.logging.trace.file.name + + + + + + A trace specification that conforms to the trace specification grammar and specifies the initial state for various trace components. The trace specification is used to selectively enable trace. An empty value is allowed and treated as 'disable all trace'. Any component that is not specified is initialized to a default state of *=info. + + Trace specification + com.ibm.ws.logging.trace.specification + + + + + + The list of messages, which are separated by a comma, that are configured to be hidden from the console.log and messages.log files. If the messages are configured to be hidden, then they are redirected to the trace.log file. Avoid trouble: Use the com.ibm.ws.logging.hideMessage property, except in cases where you are trying to change the configuration dynamically after startup. + + Messages to be hidden + com.ibm.ws.logging.hideMessage + + + + + + The list of comma-separated sources that route to the messages.log file. This property applies only when messageFormat=json. Valid values are message, trace, accessLog, ffdc, and audit. By default, messageSource is set to the environment variable WLP_LOGGING_MESSAGE_SOURCE (if set), or message. Note: To use the audit source, enable the Liberty audit feature. Enable access logs by setting an accessLogging element for your httpEndpoint. Avoid trouble: Use the WLP_LOGGING_MESSAGE_SOURCE environment variable or the com.ibm.ws.logging.message.source property, except in cases where you are trying to change the configuration dynamically after startup. + + Message source + com.ibm.ws.logging.message.source + + + + + + The required format for the messages.log file. Valid values are SIMPLE or JSON format. By default, messageFormat is set to the environment variable WLP_LOGGING_MESSAGE_FORMAT (if set), or SIMPLE. Avoid trouble: Use the WLP_LOGGING_MESSAGE_FORMAT environment variable or the com.ibm.ws.logging.message.format property, except in cases where you are trying to change the configuration dynamically after startup. + + Message format + com.ibm.ws.logging.message.format + + + + + + + + + Use the simple logging format. + + + + + Use the tbasic logging format. + + + + + Use the JSON logging format. + + + + + + + + + + The list of comma-separated sources that route to the console/console.log. This property applies only when consoleFormat=json. Valid values are message, trace, accessLog, ffdc, and audit. By default, consoleSource is set to the environment variable WLP_LOGGING_CONSOLE_SOURCE (if set), or message. Note: To use the audit source, enable the Liberty audit feature. Enable access logs by setting an accessLogging element for your httpEndpoint. Avoid trouble: Use the WLP_LOGGING_CONSOLE_SOURCE environment variable or the com.ibm.ws.logging.console.source property, except in cases where you are trying to change the configuration dynamically after startup. + + Console source + com.ibm.ws.logging.console.source + + + + + + The required format for the console. Valid values are DEV, SIMPLE, or JSON format. By default, consoleFormat is set to the environment variable WLP_LOGGING_CONSOLE_FORMAT (if set), or DEV. Avoid trouble: Use the WLP_LOGGING_CONSOLE_FORMAT environment variable or the com.ibm.ws.logging.console.format property, except in cases where you are trying to change the configuration dynamically after startup. + + Console format + com.ibm.ws.logging.console.format + + + + + + + + + Use the dev logging format. + + + + + Use the simple logging format. + + + + + Use the tbasic logging format. + + + + + Use the JSON logging format. + + + + + + + + + + This format is used for the trace log. Avoid trouble: Use the com.ibm.ws.logging.trace.format property, except in cases where you are trying to change the configuration dynamically after startup. + + Trace format + com.ibm.ws.logging.trace.format + + + + + + + + + Use the basic trace format. + + + + + Alias for the basic trace format. + + + + + Use the enhanced basic trace format. + + + + + Use the advanced trace format. + + + + + + + + + + The date and time use a locale-specific format or the ISO-8601 format. You can specify true or false for the value of the attribute or the value of the equivalent property. The default value is false. Avoid trouble: Use the com.ibm.ws.logging.isoDateFormat property, except in cases where you are trying to change the configuration dynamically after startup. If you specify a value of true, the ISO-8601 format is used in the messages.log file, the trace.log file, and the FFDC logs. The format is yyyy-MM-dd'T'HH:mm:ss.SSSZ. If you specify a value of false, the date and time are formatted according to the default locale set in the system. If the default locale is not found, the format is dd/MMM/yyyy HH:mm:ss:SSS z. + + Use the ISO 8601 date format + com.ibm.ws.logging.isoDateFormat + + + + + + Handle stack traces written to System.out/System.err as a single event in the logs. + + Format stack traces as a single event in logs + com.ibm.ws.logging.stackTraceSingleEntry + + + + + + The logging level used to filter messages written to system streams. The valid values are INFO, AUDIT, WARNING, ERROR, and OFF. By default, the consoleLogLevel is set to the WLP_LOGGING_CONSOLE_LOGLEVEL environment variable (if set), or AUDIT. Note: Before you change this value, consider the information in the section "Unable to interact with the Liberty server after modifying the console log level settings" in the topic Developer Tools known restrictions. Avoid trouble: Use the WLP_LOGGING_CONSOLE_LOGLEVEL environment variable or the com.ibm.ws.logging.console.level property, except in cases where you are trying to change the configuration dynamically after startup. + + Console log level + com.ibm.ws.logging.console.log.level + + + + + + + + + Info, audit, and warning messages will be written to the system output stream. Error messages will be written to the system error stream. + + + + + Audit and warning messages will be written to the system output stream. Error messages will be written to the system error stream. + + + + + Warning messages will be written to the system output stream. Error messages will be written to the system error stream. + + + + + Error messages will be written to the system error stream. + + + + + No server output is written to system streams. Only JVM output is written to system streams. + + + + + + + + + + If true, messages that are written to the System.out and System.err streams are copied to console.log. If false, those messages are written to configured logs such as messages.log or trace.log, but they are not copied to console.log. The default value is true. Avoid trouble: Use the com.ibm.ws.logging.copy.system.streams property, except in cases where you are trying to change the configuration dynamically after startup. + + Copy System.out and System.err to system streams + com.ibm.ws.logging.copy.system.streams + + + + + + When this attribute is set to true, it prevents potentially sensitive information from being exposed in log and trace files. The default value is false. Avoid trouble: Use the com.ibm.ws.logging.suppress.sensitive.trace property, except in cases where you are trying to change the configuration dynamically after startup. + + Suppress sensitive trace + com.ibm.ws.logging.suppress.sensitive.trace + + + + + + When logs are in JSON format, use this attribute to replace default field names with new field names or to omit fields from the logs. To replace a field name, configure the new field name by using the following format: defaultFieldName:newFieldName?. For field names that are associated with logs of a specified source, use the following format: [source:]?defaultFieldName:newFieldName?, where [source] is the source you want to specify, such as message, trace, or accessLog. To omit a field from the logs, specify the field name without a replacement, as shown in the following example: defaultFieldName:. To rename or omit multiple fields, specify a comma-separated list of field name mappings. + + JSON field names that are being replaced + com.ibm.ws.logging.json.field.mappings + + + + + + When logs are in JSON format, use this attribute to choose between using access log fields specified in the accessLogging logFormat property or the default access log fields. + + JSON fields to use from access logs + com.ibm.ws.logging.json.access.log.fields + + + + + + + + + Use the default set of access log fields. + + + + + Use the set of access log fields that match logFormat. + + + + + + + + + + When message log or console log is in JSON format, allow applications to write JSON-formatted messages to those destinations, without modification. + + Allow apps to write JSON + com.ibm.ws.logging.apps.write.json + + + + + + The scheduled time of day for logs to first roll over. The rollover interval duration begins at rollover start time. Valid values follow a 24-hour ISO-8601 datetime format of HH:MM, where 00:00 represents midnight. Padding zeros are required. If rolloverInterval is specified, the default value of rolloverStartTime is 00:00, midnight. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Note: rolloverStartTime does not apply to the console.log file. + + Rollover start time for time based log rollover + com.ibm.ws.logging.rollover.start.time + + + + + + The time interval in between log rollovers, in minutes if a unit of time is not specified. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 5 hours as 5h. You can include multiple values in a single entry. For example, 1d5h is equivalent to 1 day and 5 hours. If rolloverStartTime is specified, the default value of rolloverInterval is 1 day. If both rolloverInterval and rolloverStartTime are unspecified, time based log rollover is disabled. Note: rolloverInterval does not apply to the console.log file. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + Rollover interval for time based log rollover + com.ibm.ws.logging.rollover.interval + + + + + + The maximum wanted age before an FFDC file is deleted. Specify a positive integer followed by a unit of time, which can be days (d), hours (h), or minutes (m). For example, specify 2 days as 2d. You can include multiple values in a single entry. For example, 2d6h is equivalent to 2 days and 6 hours. Everyday at midnight, any FFDC file that reaches the maximum age is deleted. By default, FFDC files are not deleted based on file age. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + Maximum age before an FFDC file is deleted + com.ibm.ws.logging.max.ffdc.age + + + + + + + Logstash collector gathers data from various sources and forwards the data to a logstash server using Lumberjack protocol. + + Logstash Collector + + + + + + Specifies a list of comma-separated sources that are used by the logstash collector. Valid values are message, trace, accessLog, ffdc, garbageCollection, and audit. To use the audit source, enable the Liberty audit feature. Enable access logs by setting an accessLogging element for your httpEndpoint. + + Source + + + + + + Specifies the tags that are associated with the events from various sources. + + Tag + + + + + + + Host name of the logstash server. + + Host name + + + + + + Port number of the logstash server. + + Port + + + + + + + + + + + + + + + + Specifies maximum number of characters for the message field associated with the events for various sources. If you specify a value of 0 or -1, the maximum number of characters is unlimited. + + Maximum field length + + + + + + + + + + + + + + + Specifies the maximum number of events to be sent per second. If you specify a value greater than zero, then it will be used for throttling the events. + + Maximum events per second + + + + + + + + + + + + + + + + Specifies an ID of the SSL repertoire that is used to connect to the logstash server. + + SSL reference + ssl + + + + + + Use this attribute to choose between using access log fields specified in the accessLogging logFormat property or the default access log fields. + + Fields to use from access logs + + + + + + + + + Use the default set of access log fields. + + + + + Use the set of access log fields that match logFormat. + + + + + + + + + + + Lightweight Third Party Authentication (LTPA) token configuration. + + LTPA Token + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + Path of the file containing the token keys. + + LTPA token keys file + + + + + + Password for the token keys. The value can be stored in clear text or encoded form. It is recommended to encode the password, use the securityUtility tool with the encode option. + + LTPA token keys password + + + + + + Amount of time after which a token expires in minutes. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + LTPA token expiration + + + + + + Rate at which the server checks for updates to the LTPA token keys file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + LTPA token keys file polling rate + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + + Defines the behavior of the EJB container. + + EJB Container + + + + + + + Defines the behavior of EJB asynchronous methods. + + EJB Asynchronous Methods + + + + + + Defines the behavior of the EJB timer service. + + EJB Timer Service + + + + + + + The interval between removing unused bean instances. This setting only applies to stateless session and message-driven beans. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Pool cleanup interval + + + + + + The number of stateful session bean instances that should be cached in memory. + + Cache size + + + + + + + + + + + + + + + The interval between passivating unused stateful session bean instances when the size is exceeded. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Cache cleanup interval + + + + + + Specifies when EJB types will be initialized. If this property is set to true, EJB types will be initialized at the time applications are first started. If this property is set to false, EJB types will be initialized at the time the EJB type is first used by an application. If this property is not set, the behavior is determined on a bean-by-bean basis from the start-at-app-start attribute in the ibm-ejb-jar-ext.xml file. This setting does not apply to either message-driven or startup singleton beans. Message-driven and startup singleton beans will always be initialized at the time applications are started. + + Start EJBs at application start + + + + + + + This property configures whether enterprise beans are available for lookup in the server root, ejblocal:, and local: namespaces. Default JNDI names are used unless custom JNDI names are configured in an ibm-ejb-jar-bnd.xml, ibm-ejb-jar-bnd.xmi, or server.xml file. + + Bind enterprise beans to the server root + + + + + + + This property configures whether enterprise beans are available for lookup in the java:global, java:app, and java:module namespaces. The JNDI names that are defined in the enterprise bean specification are used. + + Bind enterprise beans to the java: namespaces + + + + + + + This property configures whether enterprise beans are available for lookup in the server root and ejblocal: namespaces by using the short form default JNDI names. The short form default JNDI name is the enterprise bean interface name. The value is either a ':' separated list of applications to disable short default bindings for enterprise beans in that application or a '*' to disable for all enterprise beans. + + Disable short default binding of enterprise beans + + + + + + + This property determines the action to take in response to configuration errors. For example, if multiple enterprise beans are configured with the same custom JNDI name, then the customBindingsOnError property determines whether to fail, raise a warning, or ignore the duplicate bindings. + + Action to take on custom bindings error + + onError + + + + + + + + + Server will issue warning and error messages when it incurs a configuration error. + + + + + Server will issue a warning or error message on the first error occurrence and then stop the server. + + + + + Server will not issue any warning and error messages when it incurs a configuration error. + + + + + + + + + + + Configuration for a Mongo instance. + + Mongo + Configuration for a MongoClientOptions instance. + + + + + + List of host names. The ordering of this list must be consistent with the list of ports, such that the first element in the list of host names corresponds to the first element in the list of ports, and so forth. + + Host names + + + + + + Specifies a library that contains the MongoDB Java Driver. + + MongoDB Java Driver Library + + + + + + List of port numbers. The ordering of this list must be consistent with the list of host names, such that the first element in the list of host names corresponds to the first element in the list of ports, and so forth. + + Port numbers + + + + + + + + + + + + + + + ID of the SSL configuration to be used to connect to the SSL-enabled server. + + Secure Socket Layer Reference + + + + + + + + + Specifies a library that contains the MongoDB Java Driver. + + MongoDB Java driver library reference + library + + + + + + Determines the action to take in response to configuration errors. + + Action to take for configuration errors + onError + + + + + + + + + Server will issue warning and error messages when it incurs a configuration error. + + + + + Server will issue a warning or error message on the first error occurrence and then stop the server. + + + + + Server will not issue any warning and error messages when it incurs a configuration error. + + + + + + + + + + Password for database user. + + Password + + + + + + Database user name. + + User + + + + + + Use provided certificate from key store to authenticate user to MongoDB. + + Use certificate for authentication + + + + + + Retry connections to a server, for an interval up to the maxAutoConnectRetryTime, if the socket cannot be opened. + + Auto connect retry + + + + + + + Limits the number of open connections to each host. Connections are pooled when not in use. + + Connection per host + + + + + + + + + + + + + + + + Connection timeout for new connections. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Connect timeout + + + + + + + Attempts to clean up DBCursors that are not closed. + + Cursor finalizer enabled + + + + + + + Description of a Mongo instance. + + Description + + + + + + + Interval during which to retry attempts to open a connection to a server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Maximum auto connect retry time + + + + + + + Maximum amount of time to wait for an available connection. If negative, the connection request never times out. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Maximum wait time + + + + + + + Configures whether or not to keep sockets alive. + + Socket keep alive + + + + + + + The socket timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Socket timeout + + + + + + + Configures whether or not to enable SSL. + + Secure socket layer enabled + + + + + + + ID of the SSL configuration to be used to connect to the SSL-enabled server. + + Secure socket layer reference + + + ssl + + + + + + This value, multiplied by connectionsPerHost, establishes an upper limit on threads that are allowed to wait for an available connection. + + Max blocking threads multiplier + + + + + + + + + + + + + + + + Configures the read preference. + + Read preference + + + + + + + + + + nearest + + + + + primary + + + + + primaryPreferred + + + + + secondary + + + + + secondaryPreferred + + + + + + + + + + The reliability of a write operation to the mongo server. + + Write concern + + + + + + + + + + ACKNOWLEDGED + + + + + ERRORS_IGNORED + + + + + FSYNC_SAFE + + + + + FSYNCED + + + + + JOURNAL_SAFE + + + + + JOURNALED + + + + + MAJORITY + + + + + NONE + + + + + NORMAL + + + + + REPLICA_ACKNOWLEDGED + + + + + REPLICAS_SAFE + + + + + SAFE + + + + + UNACKNOWLEDGED + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for a MongoDB DB instance. + + MongoDB DB + + + + + + Specifies the Mongo instance that this DB instance belongs to. + + Mongo Instance + + + + + + + Name of the database. + + Database name + + + + + + Specifies the Mongo instance that this DB instance belongs to. + + Mongo instance reference + mongo + + + + + + JNDI name for a MongoDB DB instance + + JNDI name + jndiName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for Monitoring Feature which includes enabled traditional PMI ,FineGrained and any future configurations updates. + + Monitor + + + + + + + + + Property to enable or disable Traditional PMI way of reporting. + + Enable traditional PMI + + + + + + Allows user to enable/disable monitors based on group name such as WebContainer,JVM,ThreadPool,Session,ConnectionPool and so on. + + Filtered (monitored) groups + + + + + + + Provides a specific custom property to an application. + + A Name/value Pair Describing A Property + + + + + + + + + Provides name of the application scoped property. + + Application scoped property name + + + + + + Provides value of the application scoped property. + + Application scoped property value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Provides custom properties to an application. + + Application Scoped Properties + + + + + + Provides a specific custom property to an application. + + A Name/value Pair Describing A Property + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration to process the MicroProfile JWT token. + + MicroProfile JWT + + + + + + The trusted audience list to be included in the aud claim in the JSON web token. + + Trusted audiences + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + The unique ID. + + Unique ID + uniqueId + + + + + + Specifies a JSON Web Key service URL. + + JWK endpoint url + + + + + + The value of the claim will be used as user principal to authenticate. + + User principal claim + + + + + + Specifies an ID of the SSL configuration that is used for SSL connections. + + SSL reference + ssl + + + + + + Specifies a trusted key alias for using the public key to verify the signature of the token. + + Verification key name + + + + + + The url of the issuer. + + Issuer + + + + + + The value of the claim will be used as the user group membership. + + Group claim + + + + + + Specifies whether to map userIdentifier to a registry user. + + Map user identifier + + + + + + Specifies whether the token can be re-used. + + Re-use the token + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + The expected authentication scheme in the Authorization header that contains the JSON Web Token. + + Authorization header scheme + + + + + + This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + The time difference allowed between systems + + + + + + Specifies the allowed token age in seconds when validating the JSON web token. This attribute is used only in versions 2.1 and later of the MP-JWT feature. The issued at (iat) claim must be present in the JWT token. The configured number of seconds since iat must not have elapsed. If it has elapsed, then the request is rejected with an unauthorized response. The specified token age overrides the mp.jwt.verify.token.age MicroProfile Config property if it is configured. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Time allowed since the JWT token was issued + + + + + + Specifies the decryption algorithm that is used to decrypt the Content Encryption Key. This attribute is used only in versions 2.1 and later of the MP-JWT feature. The specified decryption algorithm overrides the mp.jwt.decrypt.key.algorithm MicroProfile Config property if it is configured. + + Key management key algorithm + + + + + + Ignore the configured authentication method in the application. Allow legacy applications that do not configure MP-JWT as their authentication method to use MicroProfile JWT token if one is included in the request. + + Ignore authentication method + + + + + + Specifies the string that will be used to generate the shared keys for HS256 signatures. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. + + Shared secret + + + + + + Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + The HTTP request header that is expected to contain a MicroProfile JWT. This attribute is only used by versions 1.2 and beyond of the MP-JWT feature. This value overrides the mp.jwt.token.header MicroProfile Config property if one is configured. + + Token header + + + + + + + + + Authorization + + + + + Cookie + + + + + + + + + + The name of the cookie that is expected to contain a MicroProfile JWT. The default value is Bearer. This attribute is only used by versions 1.2 and beyond of the MP-JWT feature. This value overrides the mp.jwt.token.cookie MicroProfile Config property if one is configured. This value will be ignored unless tokenHeader or the mp.jwt.token.header MicroProfile Config property is set to Cookie. + + Cookie name + + + + + + Private key alias of the key management key that is used to decrypt the Content Encryption Key. This private key must correspond to the public key that is used to encrypt the Content Encryption Key. This attribute is only used by versions 1.2 and beyond of the MP-JWT feature. This value overrides the mp.jwt.decrypt.key.location MicroProfile Config property if one is configured. + + Key management key alias + + + + + + Specifies the signature algorithm that will be used to sign the JWT token. + + JWT token signature algorithm + + + + + + + + + %tokenSignAlgorithm.RS256 + + + + + %tokenSignAlgorithm.RS384 + + + + + %tokenSignAlgorithm.RS512 + + + + + %tokenSignAlgorithm.HS256 + + + + + %tokenSignAlgorithm.HS384 + + + + + %tokenSignAlgorithm.HS512 + + + + + %tokenSignAlgorithm.ES256 + + + + + %tokenSignAlgorithm.ES384 + + + + + %tokenSignAlgorithm.ES512 + + + + + + + + + + + + + + + + Configuration for MicroProfile Metrics. + + MicroProfile Metrics + + + + + + Identifies User provided Micrometer binaries and dependencies + + Shared Library + + + + + + + Indicates whether or not users should provide user name and password when accessing metrics endpoint. + + Enable authentication + + + + + + Identifies User provided Micrometer binaries and dependencies + + Shared library reference + library + + + + + + + OpenId authentication. + + OpenId Authentication + + + + + + Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response. + + User Information Reference + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + Specifies whether to use the client OpenID identity to create a user subject. If set to true, only the OpenID client identity is used. If set to false and the first element of userInfoRef is found, we use it to create a user subject. Otherwise, we use the OpenID identity to create a user subject. + + Use client identity + + + + + + Specifies whether to map identity to registry user. The user registry is not used to create the user subject. + + Map identity to registry user + + + + + + Specifies an ID of the SSL configuration is used to connect to the OpenID provider. + + SSL reference + ssl + + + + + + Require SSL communication between the OpenID relying party and provider service. + + Require SSL communication + + + + + + Specifies the hash algorithm that is used to sign and encrypt the OpenID provider response parameters. + + Hash algorithm + + + + + + + + + Secure hash algorithm SHA1 + + + + + Secure hash algorithm SHA256 + + + + + + + + + + Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response. + + User information reference + userInfo + + + + + + Specifies the OpenID provider authentication mode either checkid_immediate or checkid_setup. checkid_setup is the default authentication mode. + + OpenID provider authentication mode + + + + + + + + + The checkid_setup enables the openID provider to interact with the user, to request authentication or self-registration before returning a result to the openId relying party. + + + + + The checkid_immediate disables the browser interact with the user. + + + + + + + + + + Specifies whether enable host name verification or not. + + Host name verification enabled + + + + + + Specifies the attribute for the OpenID provider name. + + OpenID provider realm identifier + + + + + + Specifies a default OpenID provider URL where users get the Open IDs. + + OpenID provider URL + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + + Specifies the user information that is included in the response of the openID provider. + + User Information + + + + + + + + + Specifies an alias name. + + Alias name + + + + + + Specifies a URI type. + + URI type + + + + + + Specifies how much userInfo is included in the response of the openID provider. + + Count + + + + + + + + + + + + + + + Specifies whether user information is required or not. + + Required + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Schedules and runs persistent tasks. + + Persistent Scheduled Executor + + + + + + Configures how context is captured and propagated to threads. + + Thread Context Propagation + + + + + + + Determines whether or not this instance may run tasks. + + Enable task execution + + + + + + Duration of time to wait before this instance might poll the persistent store for tasks to run. A value of -1 delays polling until it is started programmatically. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Initial poll delay + + + + + + The amount of time after the expected start of a task run to reserve for running the task. Other members are prevented from running the task before the expiration of this interval. If the interval elapses without the task running successfully, or the task rolls back, then the task run is considered missed, enabling another member to attempt to run it. Missed task threshold values within the supported range of 100 seconds to 9000 seconds (2.5 hours) enable failover. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Missed task threshold for fail over + + + + + + Limit of consecutive retries for a task that has failed or rolled back, after which the task is considered permanently failed and does not attempt further retries. A value of -1 allows for unlimited retries. + + Retry limit + + + + + + + + + + + + + + + + Persistent store for scheduled tasks. + + Persistent task store reference + databaseStore + + + + + + Configures how context is captured and propagated to threads. + + Thread context propagation reference + contextService + + + + + + Interval at which the executor looks for tasks in the persistent store to run. If unspecified and fail over is enabled, a poll interval is automatically computed. If fail over is not enabled, the default is -1, which disables all polling after the initial poll. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Poll interval + + + + + + The maximum number of task entries to find when polling the persistent store for tasks to run. If unspecified, there is no limit. + + Poll size + + + + + + + + + + + + + + + The amount of time that must pass between consecutive retries of a failed task. The retry interval applies only when failover is disabled. When failover is enabled, servers retry at their next poll. When failover is not enabled, the first retry occurs immediately on the same server, and at the retry interval thereafter. The default retry interval is 1 minute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Retry interval + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Provides warnings and diagnostic information for the slow or hung requests. + + Request Timing + + + + + + + + + Duration of time that a request can run before being considered slow. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Slow request threshold + + + + + + Duration of time that a request can run before being considered hung. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Hung request threshold + + + + + + Indicates whether thread dumps are created when a hung request is detected. When this value is set to true (default), thread dumps are created. When set to false, thread dumps are not created. + + Enable thread dumps + + + + + + Rate at which the sampling should happen for the slow request tracking. To sample one out of every n requests, set sampleRate to n. To sample all requests, set sampleRate to 1. + + Sampling rate + + + + + + + + + + + + + + + Indicates if the context information details are included in the log output. + + Include context information + + + + + + Indicates whether a request that is hung is to be interrupted. A value of true causes the requestTiming-1.0 feature to attempt to interrupt the hung request. A value of false allows the request to continue to run. + + Interrupt hung requests + + + + + + + This element contains artifacts that control the level of file access exposed for remote connections. + + Remote File Access + + + + + + A directory that remote clients are allowed to read from. There can be multiple readDir elements, and each represents a single directory that may refer to variables or absolute paths. Default is ${wlp.install.dir}, ${wlp.user.dir} and ${server.output.dir} + + Read access directory + + + + + + A directory that remote clients are allowed to read from and write to. There can be multiple writeDir elements, and each represents a single directory that may refer to variables or absolute paths. Default is an empty set of directories. + + Write access directory + + + + + + + + A collection of users, groups, or both that are assigned the server reader role. + + Reader Role + + + + + + User assigned a role. + + User name + + + + + + A user access ID in the general form user:realmName/userUniqueId. + + User access ID + + + + + + Group assigned a role. + + Group name + + + + + + A group access ID in the general form group:realmName/groupUniqueId. + + Group access ID + + + + + + + + A collection of users, groups, or both that are assigned the server administrator role. + + Administrator Role + + + + + + User assigned a role. + + User name + + + + + + A user access ID in the general form user:realmName/userUniqueId. + + User access ID + + + + + + Group assigned a role. + + Group name + + + + + + A group access ID in the general form group:realmName/groupUniqueId. + + Group access ID + + + + + + + + Simple administrative security configuration. + + Quick Start Security + + + + + + + + + Single user defined as part of the quick start security configuration. This user is granted the Administrator role. + + User name + + + + + + Password for the single user defined as part of the quick start security configuration. It is recommended that you encode or hash this password. To do so, use the securityUtility tool with the encode option. + + User password + + + + + + + When specified, the security context of the work initiator is propagated to the unit of work. + + Security Context + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for HTTP session management. + + HTTP Session + + Specifies a mechanism for HTTP session management. + Controls how unused sessions are cleaned up. + Controls how cookies are used. + Controls how URL rewriting is used. + Controls how sessions are secured. + Controls how sessions are passivated and activated between servers. + The default values of these options work for most environments. + + + + + + + + + Maximum number of sessions to maintain in memory for each web module. + + Maximum in-memory session count + + + + + + Allows the number of sessions in memory to exceed the value of the Max in-memory session count property. + + Allow session overflow + + + + + + Specifies that session tracking uses Secure Sockets Layer (SSL) information as a session identifier. + + Enable SSL identifier tracking + + + + + + + Specifies that session tracking uses cookies to carry session identifiers. + + Enable cookies + + + + + + + Specifies that the session management facility uses rewritten URLs to carry the session identifiers. + + Enable URL rewriting + + + + + + + Amount of time a session can go unused before it is no longer valid, in seconds if unit of time isn't specified. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Session timeout + + + + + + + The wake-up interval, in seconds, for the process that removes invalid sessions. The minimum value is 30 seconds. If a value less than the minimum is entered, an appropriate value is automatically determined and used. This value overrides the default installation value, which is between 30 and 360 seconds, based off the session timeout value. Because the default session timeout is 30 minutes, the reaper interval is usually between 2 and 3 minutes. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Reaper poll interval + + + + + + + If your requests normally are not bound by a response time limit, specify 0 to indicate that the session manager should wait indefinitely until a request is complete before attempting to invalidate the session. Otherwise, set this property to a positive integer to delay the invalidation of active sessions. Active timed out sessions will not be invalidated by the first invalidation interval pass, but will be invalidated by the interval pass based on this value. For example, a value of 2 would invalidate an active session on the second invalidation interval pass after the session timeout has expired. + + Force invalidation multiple + + + + + + + A unique name for a session management cookie. + + Cookie name + + + + + + + Domain field of a session tracking cookie. + + Cookie domain + + + + + + + Maximum amount of time that a cookie can reside on the client browser. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Cookie maximum age + + + + + + + A cookie is sent to the URL designated in the path. + + Cookie path + + + + + + + Specifies that the cookie path equals the context root of the web module instead of / + + Use context root as cookie path + + + + + + + Specifies that the session cookies include the secure field. + + Restrict cookies to HTTPS sessions + + + + + + + Specifies that session cookies include the HttpOnly field. Browsers that support the HttpOnly field do not enable cookies to be accessed by client-side scripts. Using the HttpOnly field will help prevent cross-site scripting attacks. + + Include HttpOnly field in session cookies + + + + + + + Specifies a SameSite attribute value to use for session cookies. + + Include a SameSite attribute in session cookies + + + + + + + + + Do not set a SameSite attribute value on the session cookies + + + + + Set the session cookie SameSite attribute value to Lax + + + + + Set the session cookie SameSite attribute value to None + + + + + Set the session cookie SameSite attribute value to Strict + + + + + + + + + + Use this property to change the key used with URL rewriting. + + Rewrite identifier + + + + + + + Adds the session identifier to a URL when the URL requires a switch from HTTP to HTTPS or from HTTPS to HTTP. + + Enable protocol switch rewriting + + + + + + + The Servlet 2.5 specification specifies to not encode the URL on a response.encodeURL call if it is not necessary. To support backward compatibility when URL encoding is enabled, set this property to true to call the encodeURL method. The URL is always encoded, even if the browser supports cookies. + + Always encode URL + + + + + + + Enables security integration, which causes the session management facility to associate the identity of users with their HTTP sessions. + + Associate identity of users with HTTP sessions + + + + + + + Indicates that the session security identity and the client security identity should be considered a match even if their cases are different. For example, when this property is set to true, the session security identity USER1 matches the client security identities User1 and user1. + + Security user ignore case + + + + + + + Set this property to true if, in response to an unauthorized request, you want the session manager to invalidate a session instead of issuing an UnauthorizedSessionRequestException. When a session is invalidated, the requester can create a new session, but does not have access to any of the previously saved session data. This allows a single user to continue processing requests to other applications after a logout while still protecting session data. + + Invalidate sessions requested by invalid users + + + + + + + The clone identifier of the cluster member. Within a cluster, this identifier must be unique to maintain session affinity. When set, this name overwrites the default name generated by the server. + + Clone identifier + + + + + + + The single character used to separate the session identifier from the clone identifier in session cookies. The default value should usually be used. On some Wireless Application Protocol (WAP) devices, a colon (:) is not allowed, so a plus sign (+) should be used instead. Different values should rarely be used. You should understand the clone character requirements of other products running on your system before using this property to change the clone separator character. The fact that any character can be specified as the value for this property does not imply that the character you specify will function correctly. This fact also does not imply that IBM is responsible for fixing any problem that might arise from using an alternative character. + + Clone separator + + + + + + + Length of the session identifier. + + Session identifier length + + + + + + + In a multi-JVM environment that is not configured for session persistence, setting this property to "true" enables the session manager to use the same session information for all of a user's requests even if the web applications that are handling these requests are governed by different JVMs. The default value for this property is false. Set this property to true if you want to enable the session manager to use the session identifier sent from a browser to preserve session data across web applications that are running in an environment that is not configured for session persistence. + + Reuse identifier + + + + + + + Forces removal of information that is not needed in session identifiers. + + No additional info + + + + + + + Enable this option to perform additional checks to verify that only the session associated with the request is accessed or referenced, and log messages if any discrepancies are detected. Disable this option to skip the additional checks. + + Debug crossover + + + + + + + Httpsession activeCount metric might become inaccurate when the session is accessed by multiple applications. Set the property to "false" to resolve the issue. + + Modify active count on invalidated session + + + + + + + Enable this option to allow serialized access to session data. + + Allow serialized access + + + + + + + The amount of time, in seconds, a servlet waits on a session before it continues execution. + + Max wait time + + + + + + + This property gives the servlet access to the session, which allows normal execution even if the session is still locked by another servlet. Set this property to false to stop the servlet execution when the session requests a timeout. The default value is true. + + Access on timeout + + + + + + + Additional properties related to session management. + + Additional properties + + + + + + + + Properties used when generating the web server plugin configuration file + + Web Server Plugin + + + + + + Specify the identifier of the http endpoint to include in the generated plugin-cfg.xml file. The endpoint defines the server in the cluster. The default value is 'defaultHttpEndpoint'. + + Http Endpoint + + + + + + Additional properties to be added to the Config element in the generated plug-in configuration file. These properties can be specified by IBM support to modify behavior of the web server plug-in. For more information, see https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/rwsv_plugin_propstable.html + + Additional Properties + + + + + + + Web server plugin installation location in file system of web server host + + Plugin install location + + + + + + Name of the web server where this configuration will be used. Used to generate the plugin log file location if that is not specified explicitly by Log file name or directory. + + Web server name + + + + + + Web server HTTP port + + Web server HTTP port + + + + + + + + + + + + + + + + Web server HTTPS port + + Web server HTTPS port + + + + + + + + + + + + + + + + The fully qualified path to the SSL keyring file on the web server host + + Location of SSL keyring + + + + + + The fully qualified path to the SSL stashfile on the web server host + + Location of SSL stashfile + + + + + + Specifies the label of the certificate within the keyring that the plug-in is to use when the web container requests a client certificate from the plug-in. + + SSL cert label + + + + + + Used when resolving an application server host name of {null} or {0}, to prefer the type of address when possible + + IPv6 is preferred + + + + + + Specify the identifier of the http endpoint to include in the generated plugin-cfg.xml file. The endpoint defines the server in the cluster. The default value is 'defaultHttpEndpoint'. + + Http endpoint + httpEndpoint + + + + + + Identifies the maximum amount of time that the application server should maintain a connection with the web server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connection timeout + + + + + + Identifies the maximum amount of time that the web server plugin waits to send a request or receive a response from the application server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Use read/write timeout + + + + + + Identifies the maximum amount of time that the web server plugin waits to send a request or receive a websocket response from the application server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Use read/write timeout for websockets + + + + + + Identifies the maximum amount of time that the web server plugin waits to terminate an idle websocket connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Websocket idle connection timeout + + + + + + If true, the web server plugin uses an extended handshake to determine if the application server is running. + + Use extended handshake + + + + + + If false (the default value), the web server plugin sends the "Expect: 100-continue" header with HTTP requests that have a message body. When set to true, the web server plugin sends the "Expect: 100-continue" header with every HTTP request. Consider setting this value to true if you have a firewall between the web server and the application server, and are sensitive to requests retries with no request body. + + Always use "Expect: 100-continue" headers + + + + + + A fully qualified path to to the web server plug-in log file. Directory component must already exist. For Apache-based web servers, a path that begins with a pipe character is interpreted as an external piped logger. If specified, the path overrides logDirLocation. + + Log file name + + + + + + Deprecated: Identifies the directory where the http_plugin.log file is located. See Log file name. + + Directory of the http_plugin.log file + + + + + + Limits the number of request retries after a read or write timeout. The default value, {-1}, applies no additional limits, so retries are limited by the number of available servers in the cluster. A {0} value indicates there should be no retries. This value is scoped to the server cluster and does not apply to connection failures or timeouts due to the HTTP plug-in Connection timeout, or to web socket timeouts. + + Maximum retries after read or write timeout + + + + + + + + + + + + + + + + This value is dynamically changed during run time. The weight of a server is lowered each time a request is assigned to that server. When all weights for all servers drop to 0 or a lesser value, the web server plug-in readjusts all the weights so that they are greater than 0. + + Starting weight of the server + + + + + + The server role identifies a server as primary or backup. When primary servers are available, the web server plug-in uses them for load balance and failover. However, if none of the primary servers are available, the web server plug-in uses only backup servers for load balance and failover. + + Designation of the server role + + + + + + + + + Primary + + + + + Backup + + + + + + + + + + ESIEnable property enables Edge Side Include processing to cache the responses. This property provides the option to disable ESI in the web server plugin configuration file. + + Override the ESIEnable property + + + + + + ESIMaxCacheSize is the maximum size of the cache which defaults to 1MB. This property provides the option to override the value in the web server plugin configuration file. + + Override the ESIMaxCacheSize property + + + + + + ESIInvalidationMonitor specifies if the ESI processor should receive invalidations from the application server. This property provides the option to override the value in the web server plugin configuration file. + + Override the ESIInvalidationMonitor property + + + + + + ESIEnableToPassCookies allows forwarding of session cookies to WebSphere Application Server. This property provides the option to override the value in the web server plugin configuration file. + + Override the ESIEnableToPassCookies property + + + + + + Enables trusted proxies to be used. When specified, this property overrides the value in the web server plug-in configuration file. + + Override the TrustedProxyEnable property + + + + + + A comma-separated list of trusted proxies. When specified, this property overrides the value in the web server plug-in configuration file. + + Override the TrustedProxyGroup property + + + + + + Indicates whether the webserver plug-in ignores affinity requests when it is tracking runtime weight for round-robin load balancing. + + Ignore affinity requests + + + + + + + Configuration for the web container. + + Web Container + + + + + + + + + A comma separated list of listener classes. + + Listeners + + + + + + Decode URLs using an encoding setting of UTF-8. + + Decode URLs using UTF-8 encoding + + + + + + Enable file serving if this setting was not explicitly specified for the application. + + Enable file serving + + + + + + Disables all file serving by applications. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.disallowAllFileServing. + + Disallow all file serving + + + + + + Enable directory browsing of an application. + + Enable directory browsing + + + + + + Enable servlets to be accessed in a web application using a class name if not explicitly specified. + + Serve servlets by class name + + + + + + Disallows the use of serveServletsByClassnameEnabled on the application server level. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.disallowserveservletsbyclassname. + + Disallow serve servlet by class name + + + + + + A semi-colon delimited list of classes to be completely disallowed from being served by classname. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.donotservebyclassname. + + Do not serve by class name + + + + + + For SSL offloading, set to the name of the HTTP header variable inserted by the SSL accelerator/proxy/load balancer. + + HTTPS indicator header + + + + + + When this property is set to true, a servlet can access static files in the WEB-INF directory. When this property is set to false, which is the default, a servlet cannot access static files in the WEB-INF directory. + + Expose web info on dispatch + + + + + + Decode the plus sign when it is part of the URL. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.decodeurlplussign. For servlet-5.0 and newer Servlet features, the default value is false. + + Decode url plus sign + + + + + + Web container will generate SMF and PMI data when serving the static files. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.fileWrapperEvents. + + File wrapper events + + + + + + Restore HTTP TRACE processing. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.DefaultTraceRequestBehavior. + + Allow the HTTP TRACE request method to be invoked + + + + + + Restore the behavior where the HEAD request is not subject to the security constraint defined for the GET method. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.DefaultHeadRequestBehavior. + + Allow the HTTP HEAD request method to be invoked + + + + + + Enables the web container to support the use of symbolic links. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.TolerateSymbolicLinks. + + Tolerate symbolic links + + + + + + Initial size of the symbolic link cache. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.SymbolicLinksCacheSize. + + Symbolic link cache size + + + + + + Web container is updated to search and use the exception-type before the error-code. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst. + + Enable error exception type first + + + + + + Retain post data for multiple read accesses. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.enablemultireadofpostdata. + + Enable multiple reads of post data + + + + + + Web container will return an enumeration of a copy of the list of attributes to the servlet to avoid a concurrent access error by the servlet. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.copyattributeskeyset. + + Copy the request attributes list + + + + + + Web container will re-throw errors allowing interested resources to process them. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.dispatcherRethrowser. + + Rethrow error + + + + + + Improves performance by preventing the web container from accessing a session for static file requests involving filters. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.IgnoreSessiononStaticFileRequest. + + Ignore session for static file requests + + + + + + Web container will call the filter's init() method at application startup. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.invokeFilterInitAtStartup. + + Invoke filter init at startup + + + + + + Allow the JSP mapping to be overridden so that the application can serve the JSP contents itself. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.enablejspmappingoverride. + + JSP mapping override + + + + + + Always evaluate whether to ignore EL expressions in tag files. If parent JSP files have different isELIgnored settings, the setting will be re-evaluated in the tag file. The equivalent custom property in the full profile application server is com.ibm.ws.jsp.enabledefaultiselignoredintag. + + Evaluate isELIgnored behavior in JSP tag files + + + + + + Web container will detect non URL encoded UTF-8 post data and include it in the parameter values. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.parseutf8postdata. + + Parse UTF-8 post data + + + + + + Log servlet container class loading errors as warnings rather than logging them only when debug is enabled. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.logservletcontainerinitializerclassloadingerrors. + + Warn on ServletContainerIntializer errors + + + + + + Allow RequestDispatch to send errors on Include methods. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.allowincludesenderror. + + Allow include send errors + + + + + + Do not search the meta-inf directory for application resources. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.skipmetainfresourcesprocessing. + + Skip meta-inf resources processing + + + + + + Initial size (number of entries) of the meta-inf resource cache. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.metainfresourcescachesize.name. + + Meta-inf resources cache size + + + + + + Alternative string for the X-Powered-By header setting. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.xpoweredby. There is no default value for this property. If the property is not set, the value of the X-Powered-By header is set to Servlet/<servlet spec version>, as defined by the Servlet specification. + + X-Powered-By + + + + + + When this property is set to true, the X-Powered-By header is not set. In servlet-5.0 and later, the default value is true. In servlet-4.0 and earlier, the X-Powered-By header is set by default. This property is configurable only in servlet-5.0 and earlier. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.disablexpoweredby. + + Disable the X-Powered-By header + + + + + + Defer servlet loading from application server startup. + + Defer servlet load + + + + + + Maximum size of tasks in the Async task pool before automatically purging canceled tasks. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asyncmaxsizetaskpool. + + Async servlet maximum pool size + + + + + + Time interval to wait between each required purge of the cancelled task pool. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asyncpurgeinterval. + + Async servlet purge interval + + + + + + Async servlet timeout value used when a timeout value has not been explcitly specified. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asynctimeoutdefault. + + Default async timeout + + + + + + Maximum number of threads to use for async servlet timeout processing. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.asynctimerthreads. + + Async timer threads + + + + + + Toggle to set content length when an application explicitly closes the response. The default value is true; however, set this value to false if an application response contains double-byte characters. + + Set content length on close + + + + + + Toggle if you want to return an empty collection, instead of null, when no servlet mappings are added. The default value is false. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.emptyservletmappings. + + Return empty servlet mappings + + + + + + Toggle if you want to defer ServletRequestListener destroy when there is an error serving the request. The default value is false, but is true for servlet 5.0 and later. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.deferServletRequestListenerDestroyOnError. + + Defer servlet request listener destroy + + + + + + Toggle to load the ExpressionFactory that is set by the application. Enable this custom property if you are using a custom EL implementation (for example, JUEL) that needs to set its own ExpressionFactory. + + Allow expression factory per application + + + + + + Toggle to ignore the trailing semicolon when redirecting to the welcome page. The default value is false. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.ignoreSemiColonOnRedirectToWelcomePage. + + Ignore semicolon on redirect to welcome page + + + + + + Toggle to use the semicolon as a delimiter in the request URI. The default value is false. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.useSemiColonAsDelimiterInURI. + + Use semicolon as delimiter in URI + + + + + + Wait time in seconds for an active request to complete when the owning application is stopped. The default value is 60 seconds. The equivalent custom property in the full application server profile is com.ibm.ws.webcontainer.servletDestroyWaitTime. + + Wait for an active request to complete + + + + + + Set the servlet path value to the request URI minus the context path. The path information is null when a servlet is used as a default mapping. The default value is true for version 4.0 or later of the servlet feature. It is false for other servlet features. When mapping is to the /* pattern, the servlet path is empty and the path information starts with a leading slash (/). + + Set the servlet path value for a default mapping + + + + + + Throw an illegal state exception when an asynchronous request cannot be completed or dispatched. The default is true. If the asynchronous request must complete or the dispatch method must return, even if the call does not succeed, set the property to false. + + Throw exception for not complete or dispatch asyn + + + + + + Return non-null paths from the ServletContext.getRealPath(String) method, even if no resource exists at the given path. The default is true. If applications expect the getRealPath method to return null when given a path for which no resource exists, set the property to false. + + Always return a non-null path from getRealPath + + + + + + Some web applications depend on context listeners for setup before the web application starts. When this property is set to true, the application stops starting up when an unhandled exception is thrown from the context listeners. For servlet-5.0 and newer Servlet features, the default value is true. + + Stop application for unhandled listener exception + + + + + + Send redirect response to a relative URL location without processing it. Set this property to true to send redirect response without converting the URL to an absolute location. + + Send redirect response to a relative URL location + + + + + + Enables the HTTP Strict Transport Security (HSTS) header for HTTPS responses and allows a value to be set for that header, for example: "max-age=31536000;includeSubDomains". HSTS can also be configured in the web.xml file by setting the "com.ibm.ws.webcontainer.ADD_STS_HEADER_WEBAPP" context parameter. + + Add the HTTP strict transport security header + + + + + + When this property is set to true, if the query parameter in a URL contains only the string name, the server returns an empty string as the value for the request.getParameter(name) query. When this property is set to false, the server returns null as the value for the request.getParameter(name) query. The default value is false, but is true for servlet 5.0 and higher. + + Allow query parameters with no value + + + + + + When this property is false, the webcontainer will not set the response's content type header during the error handling process. An application is responsible to set the response's content type. The default value (true) sets the content type to "text/html". + + Disable text/html content type on error responses + + + + + + When this property is set to true, during startup, ServletContainerInitializer implementors that use the HandlesTypes annotation do not receive classes that are specified as HandlesTypes parameters. + + Disable returning handlesTypes parameters + + + + + + A request is rejected if the request URI contains the %23, %2E, %2F, or %5C encoded characters. When this property is set to true, the request URI is not checked for these encoded characters. This property is available starting in servlet 6.0, and default value is false. + + Skip verification of encoded characters in URI + + + + + + The maximum number of files that can be uploaded by a multipart/form-data request. The default value is 5000. For unlimited file upload, set the value to -1. + + The maximum uploaded files in a single request + + + + + + + Additional properties to be added to the Config element in the generated plug-in configuration file. These properties can be specified by IBM support to modify behavior of the web server plug-in. For more information, see https://www.ibm.com/support/knowledgecenter/en/SSAW57_9.0.0/com.ibm.websphere.nd.multiplatform.doc/ae/rwsv_plugin_propstable.html + + Additional Properties + + + + + + + + + + [extraProperties.com.ibm.ws.generatePluginConfig.properties.description, extraProperties.description] + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for the Cross-Origin Resource Sharing (CORS). + + Cross-Origin Resource Sharing + + + + + + + + + The domain name represents the URL being setup with these CORS settings. + + Domain name + + + + + + A comma-separated list of origins that are allowed to access the configured domain. If this is set to "*", it indicates the resource is publicly accessible, with no access control checks. Also, the value of "null" indicates the domain must not be accessible. + + Allowed origins + + + + + + A comma-separated list of HTTP methods allowed to be used by the origin domain when making requests to the configured domain. + + Allowed methods + + + + + + A comma-separated list of HTTP headers that are allowed to be used by the origin domain when making requests to the configured domain. If this is set to "*", it indicates the request can include any HTTP headers. + + Allowed headers + + + + + + A comma-separated list of HTTP headers that are safe to expose to the calling API. + + Expose headers + + + + + + A long that indicates how many seconds a response to a preflight request can be cached in the browser. + + Max age + + + + + + A boolean that indicates if the user credentials can be included in the request. + + Allow credentials + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for the SIP stack + + SIP Stack + Override RFC3261 SIP Timers default values + + + + + + A comma-separated list of headers that is not output to the SIP container logs. + + Hide message headers + + + + + + A list of header fields that should be comma-separated. If there are multiple values of the same header, the headers are not duplicated and the value will be in the same header separated by a comma. + + Comma separated headers + + + + + + A list of header parameters with values that are quoted. + + SIP quoted parameters + + + + + + + Hide message content in the SIP container logs. + + Hide message body + + + + + + Hide the message request URI in the SIP container logs. + + Hide message request URI + + + + + + The SIP container automatically sends a 100 response code when an INVITE request is received. + + Automatic 100 on invite + + + + + + The SIP container automatically sends a 482 response code when a merged request is received. This behavior is defined in the SIP RFC 3261 Section 8.2.2.2. + + Automatic 482 on merged requests + + + + + + Connections are reused in subsequent requests even if the alias parameter exists in the via header. + + Force connection reuse + + + + + + Accept byte sequences that are not encoded in UTF-8. + + Accept non-UTF-8 bytes + + + + + + The amount of time that the SIP container keeps a cached InetAddress entry and does not resolve it again. + + Network address cache TTL + + + + + + The round-trip time (RTT) estimate, in milliseconds, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + T1 + + + + + + + The maximum retransmit interval, in milliseconds, for non-INVITE requests and INVITE responses, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + T2 + + + + + + + The maximum duration that a message remains in the network in milliseconds, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + T4 + + + + + + + The initial INVITE request retransmit interval for UDP only, in milliseconds, as defined in RFC 3261. The default value equals T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + A + + + + + + + The INVITE client transaction timeout timer, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + B + + + + + + + The wait time for INVITE response retransmits, in milliseconds, as defined in RFC 3261. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + D + + + + + + + The initial non-INVITE request retransmit interval for UDP only, in milliseconds, as defined in RFC 3261. The default value equals T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + E + + + + + + + The non-INVITE transaction timeout timer, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + F + + + + + + + The wait time for ACK retransmits, in milliseconds, as defined in RFC 3261. The default value equals T4. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + I + + + + + + + The wait time for non-INVITE request retransmits, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + J + + + + + + + The wait time for non-INVITE response retransmits, in milliseconds, as defined in RFC 3261. The default value equals T4. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + K + + + + + + + The maximum transmission unit (MTU) for outbound UDP requests, as defined in RFC 3261-18.1.1. + + Path maximum transmission unit + + + + + + Defines when the SIP stack uses compact headers when encoding a message. + + Compact headers + + + + + + + + + Headers are never sent in compact form + + + + + Headers are sent in compact form only when MTU is exceeded + + + + + Headers are sent according to JSR289 javax.servlet.sip.SipServletMessage.setHeaderForm(javax.servlet.sip.SipServletMessage.HeaderForm) + + + + + Headers are always sent in compact form + + + + + + + + + + The custom property should be set to true to mandate the SIP Container to send a request from the SipProvider instance that is selected by the application using SipProvider.sendRequest(). By default, a request is sent using any provider. + + Strict outbound local port + + + + + + The custom property should be set to true to mandate the SIP Container to send a request from the SipProvider instance that is selected by the application using SipProvider.sendRequest(). By default, a request is sent using any provider. + + Use listening point from outbound + + + + + + Indicates whether to clone an ACK request for 2xx retransmissions. By default, the same ACK instance is sent on every retransmission causing issues when the ACK request is modified by the next element upstream. When set to true, the original ACK request is cloned and the copy of the original request is sent on every retransmission.. + + Clone ACK on 2xx retransmission + + + + + + The initial INVITE response retransmit interval, in milliseconds, as defined in RFC 3261. The default value equals T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + G + + + + + + + The wait time for ACK receipts, in milliseconds, as defined in RFC 3261. The default value equals 64*T1. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + H + + + + + + + + Configuration for the SIP application router + + SIP Application Router + + + + + + + + + The location of the default application router (DAR) properties file. This value is mapped to JSR 289 javax.servlet.sip.ar.dar.configuration. The DAR must be configured as specified in JSR 289. + + SIP application router DAR file location + + + + + + The error response code that is sent by the SIP container when no active servlet can be mapped to an incoming initial request. + + SIP response error code when no route found + + + + + + The fully qualified domain name (FQDN) of the custom application router provider. Set to an asterisk (*) to use an arbitrary available provider. + + Custom application router provider + + + + + + Applications are routed using the available custom application router; otherwise, the default application router is used. + + Enable custom application router loading + + + + + + + Configuration for the SIP domain resolver + + SIP Domain Resolver + + + + + + Allows a SIP URI to be resolved through DNS into the IP address, port, and transport protocol. The value is a String that contains exactly one or two address and port tuples, where two tuples are separated by a space. + + DNS servers + + + + + + + Resolve domain names automatically. + + DNS auto resolve + + + + + + Defines the transport protocol for DNS lookup to resolve RFC 3263 SIP URIs. If set to Y, UDP is used. If set to N, TCP is used. + + DNS UDP lookup method + + + + + + + + + Y + + + + + N + + + + + + + + + + The UDP payload size in bytes for the DNS resolver service. + + DNS UDP payload size + + + + + + + + + + + + + + + + The number of seconds after which a single query times out for the DNS failover mechanism. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + DNS single query timeout + + + + + + The number of allowed DNS lookup failures for the DNS failover mechanism. + + DNS allowed failures + + + + + + The minimum window size for the DNS failover mechanism. + + DNS minimum window size + + + + + + The resolver service window size interval for the DNS failover mechanism. + + DNS window size interval + + + + + + The minimum time in minutes after which cached DNS queries time out. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + DNS request cache timeout minimum + + + + + + Add an IBMTTL parameter to the SIP URI. + + Add TTL + + + + + + + Configuration for the SIP servlets container + + SIP Container + + + + + + Configuration for the SIP introspect + + SIP Introspect + + + + + + Configuration for the executor of parallel SIP tasks + + SIP Performance + + + + + + + When the SIP container shuts down, the sessions are no longer valid. By default, sessions remain active until they expire. + + Invalidate sessions on shutdown + + + + + + Save the message arrival time as an attribute of the message. + + Save message arrival time + + + + + + Mark internally generated responses by setting the com.ibm.websphere.sip.container.internal.message attribute on the response. + + Add mark internally generated response header + + + + + + On a multi-homed host, the custom property should be set to true to mandate the use of a particular outbound interface. In case the custom property is not applied or set to false, the container shall apply default behavior of interface selection. + + Enable setting outbound interface + + + + + + On a multi-homed host, when a loopback adapter is used as an outbound interface, the custom property should be set to true to mandate the use of the selected outbound interface. In case the custom property is not applied or set to false, the container shall apply default behavior of interface selection. + + Enable setting outbound interface for loopback + + + + + + By default, the IBM-PO header is set in any request. The header field is used internally and defines the outbound interface that should be used when sending a message to the destination. Setting the custom property to false avoids setting the header field when a request is sent over a loopback adapter. + + Add IBM-PO header + + + + + + The burst factor for the message queue size. The message queue size is set to (dispatcher message queue size) * (message queue burst factor). Setting a burst factor handles bursts in traffic by providing additional space in the queue before new messages are dropped. + + Message queue burst factor + + + + + + The maximum number of SIP application sessions allowed at once. + + Max application sessions + + + + + + The maximum number of messages allowed per averaging period. + + Max message rate + + + + + + The maximum number of tasks that a SIP container queue can contain before it declares an overload state. + + Dispatcher message queue size + + + + + + The maximum response time allowed in milliseconds. When set to 0, the response time is unlimited. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Max response time + + + + + + + Configuration for the executor of parallel SIP tasks + + SIP Performance + + + + + + + + + The maximum number of concurrent SIP tasks that can be dispatched to the executor. + + Concurrent SIP tasks + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for the SIP endpoint + + SIP Endpoint + + + + + + Defines TCP protocol settings + + TCP Endpoint Options + + + + + + Defines SSL protocol settings + + SSL Endpoint Options + + + + + + + Defines TCP protocol settings + + TCP options reference + tcpOptions + + + + + + Defines SSL protocol settings + + SSL options reference + sslOptions + + + + + + The TCP port used by the SIP endpoint. Use -1 to disable this port. + + SIP TCP port + + + + + + The UDP port used by the SIP endpoint. Use -1 to disable this port. + + SIP UDP port + + + + + + The TLS port used by the SIP endpoint. Use -1 to disable this port. + + SIP secure TLS port + + + + + + The number of retries that are attempted when port binding is unsuccessful. + + Retries + + + + + + The delay between retries in milliseconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Retries delay + + + + + + The IP of the endpoint host + + Host + defaultHostName + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for the SIP introspect + + SIP Introspect + + + + + + + + + The level of SIP state details to include when generating server dump. + + Dump verbosity + + + + + + + + + Server dumps include only the SIP application sessions and SIP sessions IDs + + + + + Includes the detailed state of the SIP application sessions and the SIP sessions in the server dump. + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Defines the properties of a Spring Boot application. + + Spring Boot Application + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start After + + + + + + Defines the settings for an application classloader. + + Classloader + + + + + + Defines an application argument which is passed to the main method of the start class for a Spring Boot application. + + Application argument + + + + + + + Location of an application expressed as an absolute path or a path relative to the server-level apps directory. + + Location + + + + + + Name of an application. + + Name + + + + + + Indicates whether or not the server automatically starts the application. + + Automatically start + + + + + + Specifies applications that are required to start before this application can begin starting. + + Start after + application + webApplication + enterpriseApplication + ejbApplication + resourceAdapter + springBootApplication + + + + + + Defines the settings for an application classloader. + + Classloader + classloader + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The default repertoire for SSL services. + + SSL Default Repertoire + + + + + + + + + The name of the SSL repertoire that will be used as the default. The default SSL repertoire called defaultSSLConfig is used if none is specified. + + Default SSL repertoire + ssl + + + + + + The name of the SSL repertoire that will be used as the default for outbound SSL connections. The default SSL repertoire will be used if no SSL repertoire is specified. This attribute is ignored if the transportSecurity-1.0 feature is not specified. + + Outbound default SSL repertoire + ssl + + + + + + Specifies whether SSL outbound host name verification is enabled. The default is false. If set to true, then during the outbound SSL handshake requests, the JDK will verify that the returned certificate contains a host name that matches the outbound HTTP request. + + Perform outbound host name verification + + + + + + + An SSL repertoire with an ID, a defined keystore, and an optional truststore. + + SSL Repertoire + + + + + + A keystore containing key entries for the SSL repertoire. This attribute is required. + + Keystore + + + + + + A keystore containing trusted certificate entries used by the SSL repertoire for signing verification. This attribute is optional. If unspecified, the same keystore is used for both key and trusted certificate entries. + + Truststore + + + + + + + + A keystore containing key entries for the SSL repertoire. This attribute is required. + + Keystore + keyStore + + + + + + A keystore containing trusted certificate entries used by the SSL repertoire for signing verification. This attribute is optional. If unspecified, the same keystore is used for both key and trusted certificate entries. + + Truststore + keyStore + + + + + + The SSL handshake protocol. The protocol can be set to a single value found in the documentation for the underlying JRE's Java Secure Socket Extension (JSSE) provider. When using the IBM JRE the default value is SSL_TLSv2 and when using the Oracle JRE the default value is SSL. The protocol can also be a comma-separated list of any of the following values: TLSv1, TLSv1.1, TLSv1.2, or TLSv1.3. + + SSL protocol + + + + + + Specifies whether client authentication is enabled. If set to true then client authentication is required and the client must provide a certificate for the server trusts. + + Client authentication + + + + + + Specifies whether a client authentication is supported. If set to true then the client authentication support means the server will check trust from a client if the client presents a certificate. + + Client authentication is supported + + + + + + Specifies the cipher suite group used by the SSL handshake. HIGH are 3DES and 128 bit and higher ciphers, MEDIUM are DES and 40 bit ciphers, LOW are ciphers without encryption. If the enabledCiphers attribute is used the securityLevel list is ignored. + + Security level + + + + + + + + + Cipher suites 3DES and 128 bit and higher + + + + + Cipher suites DES and 40 bit + + + + + Cipher suites without encryption + + + + + Custom list of cipher suites + + + + + + + + + + Specifies the alias of the certificate in the keystore that is used as the key to send to a server that has client authentication enabled. This attribute is only needed if the keystore has more than one key entry. + + Client key alias + + + + + + Specifies the alias of the certificate in the keystore used as the server's key. This attribute is only needed if the keystore has more then one key entry. + + Server key alias + + + + + + Specifies a custom list of ciphers. Separate each cipher in the list with a space. The supported cipher will depend on the underlying JRE used. Please check the JRE for valid ciphers. + + Enabled ciphers + + + + + + Specifies whether host name verification for outbound connections using a specific SSL configuration is enabled. If set to true, then all outbound SSL connections that use the specified SSL configuration undergo verification of the target server host name against that server's certificate. The attribute is set to false by default. + + Host name verification + + + + + + Specifies whether the trust manager can establish trust by using the default certificates. If set to true, then the default certificates are used in addition to the configured truststore file to establish trust. The attribute is set to false by default. + + Trust the default certificates + + + + + + Specify on the server socket whether to enforce the cipher order. If set to true, the server socket is enabled to enforce the cipher order. The attribute is set to false by default. + + Enforce cipher order on the server side + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A repository of security certificates used for SSL encryption. + + Keystore + + + + + + + + A unique configuration ID. + + ID + + + + + + The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password. + + Password + + + + + + An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12. + + Location + + + + + + A keystore type supported by the target SDK. + + Type + + + + + + Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type. + + File based keystore + + + + + + Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore. + + Read only keystore + + + + + + Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Keystore file polling rate + + + + + + Keystore file update method or trigger. + + Keystore file update trigger + + + + + + + + + Server will scan for keystore file changes at the polling interval and update if the keystore file has detectable changes. Polled does not apply to non file-based keystores such as SAF keyrings. + + + + + Server will only update the keystore when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application. + + + + + Disables all update monitoring. Changes to the keystore file will not be applied while the server is running. + + + + + + + + + + + + + + + + Dynamic outbound connection information tells the server which SSL connection to use based on host and port filters. This element is ignored if the transportSecurity-1.0 feature is not specified. + + Dynamic Outbound Connection Information + + + + + + + + + The server uses this SSL configuration when it accesses the specified host name. + + Remote host name + + + + + + The server uses this SSL configuration when it accesses the remote host name at the specified port. + + Remote port + + + + + + The client uses this certificate alias if you make a connection to a server that supports or requires client authentication. + + Client certificate alias + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Information about a private key entry specified in the keystore. + + Key Entry Information + + + + + + + + + Name of the private key entry in the keystore. + + Key entry name + + + + + + Password of the private key entry in the keystore. + + Key entry password + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The SSL protocol configuration for a transport. + + SSL Options + + + + + + + + + Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Session timeout + + + + + + Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly. If disabled, the message and console logs do not record handshake errors, and the trace log records handshake errors when SSL Channel tracing is on. + + Suppress SSL handshake errors + + + + + + The default SSL configuration repertoire. The default value is defaultSSLConfig. + + Default SSL repertoire + ssl + + + + + + The timeout limit for an SSL session that is established by the SSL Channel. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + SSL session timeout + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for the Transaction Manager service + + Transaction Manager + + + + + + This is an optional property. By default the transaction service stores its recovery logs in a file. As an alternative it is possible to store the logs in an RDBMS. This is achieved by setting this property which defines a non-transactional data source where the transaction logs will be stored. + + Non-transactional Data Source + + + + + + + Specifies whether the transaction manager optimizes when all resources but one vote read only. + + Enable 1PC optimization + + + + + + Specifies whether the server should begin transaction recovery at server startup. + + Recover on startup + + + + + + Specifies whether the server should wait for transaction recovery to complete before accepting new transactional work. + + Wait for recovery + + + + + + Specifies whether all applications on this server accept the possibility of a heuristic hazard occurring in a two-phase transaction that contains a one-phase resource. + + Accept heuristic hazard + + + + + + Maximum duration between transactional requests from a remote client. Any period of client inactivity that exceeds this timeout results in the transaction being rolled back in this application server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Client inactivity timeout + + + + + + Amount of time that the application server waits before retrying a completion signal, such as commit or rollback, after a transient exception from a resource manager or remote partner. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Heuristic retry wait + + + + + + Amount of time that the application server waits before retrying a completion signal, such as commit or rollback, after a transient exception from a resource manager or remote partner. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Heuristic retry wait + + + + + + The number of times that the application server retries a completion signal, such as commit or rollback. Retries occur after a transient exception from a resource manager or remote partner. + + Heuristic retry limit + + + + + + Upper limit of the transaction timeout for transactions that run in this server. This value should be greater than or equal to the value specified for the total transaction timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Maximum transaction timeout + + + + + + Default maximum time allowed for transactions started on this server to complete. Any such transactions that do not complete before this timeout occurs are rolled back. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Total transaction lifetime timeout + + + + + + A directory for this server where the transaction service stores log files for recovery. + + Transaction log directory + + + + + + The interval after which the lease check strategy is implemented. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Lease check interval + + + + + + The percentage of the duration of the recovery log lease that passes before the lease is renewed + + Lease renewal threshold + + + + + + + + + + + + + + + + The length of time before a recovery log lease expires. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Lease length + + + + + + Specifies the size of transaction log files in Kilobytes. + + Transaction log size + + + + + + Unique identity of this server for transaction peer recovery. + + Identity of server for tran peer recovery + + + + + + Name of the recovery group that this server belongs too. Members of a recovery group can recover the transaction logs of other servers in the group. + + Name of the recovery group + + + + + + Specifies whether the transaction manager will stop an application server that is part of a recoveryGroup if an unrecoverable error occurs accessing its own transaction service logs. + + Shutdown server on transaction log failure + + + + + + Specifies the interval in seconds between attempts to recover from a transient error accessing the transaction service logs. + + Interval between tran log retries on failure + + + + + + Specifies the maximum number of attempts to recover from a transient error accessing the transaction service logs for an unrecoverable error condition. + + Max number of tran log retries on failure + + + + + + When recovery logs are stored in an RDBMS table, this property allows SQL operations that fail to be retried. + + Enable retries on database transaction logs + + + + + + Specifies whether the application server logs about-to-commit-one-phase-resource events from transactions that involve both a one-phase commit resource and two-phase commit resources. + + Enable logging for heuristic reporting + + + + + + When recovery logs are stored in an RDBMS table, this property allows the table name to be post-pended with a string to make it unique for this Server. + + Transaction log database table suffix + + + + + + Specifies whether there is a delay between a transaction timeout and the abnormal ending of the servant region that was running the transaction. + + Enable transaction timeout grace period + + + + + + Specifies the direction that is used to complete a transaction that has a heuristic outcome; either the application server commits or rolls back the transaction, or depends on manual completion by the administrator. Allowed values are: COMMIT, ROLLBACK and MANUAL + + Heuristic completion direction + + + + + + + + + Rollback + + + + + Commit + + + + + Manual + + + + + + + + + + Default maximum shutdown delay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Default maximum shutdown delay + + + + + + This is an optional property. By default the transaction service stores its recovery logs in a file. As an alternative it is possible to store the logs in an RDBMS. This is achieved by setting this property which defines a non-transactional data source where the transaction logs will be stored. + + Non-transactional data source reference + dataSource + + + + + + + The name of the queue that this JMS queue is assigned to. + + Embedded Messaging + + + + + + + + + The delivery mode for messages sent to this destination. This controls the persistence of messages on this destination. + + Delivery mode + + + + + + + + + Application + + + + + Persistent + + + + + NonPersistent + + + + + + + + + + The name of the associated Queue + + Queue name + + + + + + Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. + + Read ahead + + + + + + + + + AsConnection + + + + + AlwaysOn + + + + + AlwaysOff + + + + + + + + + + The default time in milliseconds from its dispatch time that the system must keep the messages live in the destination. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Time to live + + + + + + The relative priority for messages sent to this destination, in the range 0 to 9, with 0 as the lowest priority and 9 as the highest priority. + + Priority + + + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A JMS topic connection factory is used to create connections to the associated JMS provider of JMS destinations, for publish/subscribe messaging. + + Embedded Messaging + + + + + + + + + The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. + + Bus name + + + + + + The JMS client identifier needed for durable(and for shared non-durable) topic subscriptions on all connections. This identifier is required if the application is doing durable(and for shared non-durable) publish/subscribe messaging. + + Client id + + + + + + Durable subscription home defines ME name to which connection needs to be established. + + Durable subscription home + + + + + + The reliability applied to Non-persistent JMS messages sent using this connection factory. + + Non-persistent reliability + + + + + + + + + BestEffortNonPersistent + + + + + ExpressNonPersistent + + + + + ReliableNonPersistent + + + + + + + + + + The reliability applied to persistent JMS messages sent using this connection factory. + + Persistent reliability + + + + + + + + + ReliablePersistent + + + + + AssuredPersistent + + + + + + + + + + Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. + + Read ahead + + + + + + + + + Default + + + + + AlwaysOn + + + + + AlwaysOff + + + + + + + + + + The prefix of up to twelve characters used for the temporary topics created by applications that use this topic connection factory. + + Temporary topic name prefix + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. + + Remote server address + + + + + + Controls whether or not durable subscription can be shared across connections. + + Share durable subscription + + + + + + Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. + + Transport chain + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A JMS connection factory is used to create connections to the associated JMS provider of JMS destinations, for both point-to-point and publish/subscribe messaging. + + Embedded Messaging + + + + + + + + + The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. + + Bus name + + + + + + The JMS client identifier needed for durable(and for shared non-durable) topic subscriptions on all connections. This identifier is required if the application is doing durable(and for shared non-durable) publish/subscribe messaging. + + Client id + + + + + + Durable subscription home defines ME name to which connection needs to be established. + + Durable subscription home + + + + + + The reliability applied to Non-persistent JMS messages sent using this connection factory. + + Non-persistent reliability + + + + + + + + + BestEffortNonPersistent + + + + + ExpressNonPersistent + + + + + ReliableNonPersistent + + + + + + + + + + The reliability applied to persistent JMS messages sent using this connection factory. + + Persistent reliability + + + + + + + + + ReliablePersistent + + + + + AssuredPersistent + + + + + + + + + + Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. + + Read ahead + + + + + + + + + Default + + + + + AlwaysOn + + + + + AlwaysOff + + + + + + + + + + The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. + + Remote server address + + + + + + The prefix of up to twelve characters used for the temporary queues created by applications that use this queue connection factory. + + Temporary queue name prefix + + + + + + The prefix of up to twelve characters used for the temporary topics created by applications that use this topic connection factory. + + Temporary topic name prefix + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + Controls whether or not durable subscription can be shared across connections. + + Share durable subscription + + + + + + Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. + + Transport chain + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The name of the topic that this JMS topic is assigned to, in the topic space defined by the Topic space property. + + Embedded Messaging + + + + + + + + + The delivery mode for messages sent to this destination. This controls the persistence of messages on this destination. + + Delivery mode + + + + + + + + + Application + + + + + Persistent + + + + + NonPersistent + + + + + + + + + + Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. + + Read ahead + + + + + + + + + AsConnection + + + + + AlwaysOn + + + + + AlwaysOff + + + + + + + + + + The default time in milliseconds from its dispatch time that the system must keep the messages live in the destination. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Time to live + + + + + + The name of the topic that this JMS topic is assigned to, in the topic space defined by the Topic space property. + + Topic name + + + + + + A topic space is a location for publish/subscribe messaging. + + Topic space + + + + + + The relative priority for messages sent to this destination, in the range 0 to 9, with 0 as the lowest priority and 9 as the highest priority. + + Priority + + + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A JMS queue connection factory is used to create connections to the associated JMS provider of JMS queues, for point-to-point messaging. + + Embedded Messaging + + + + + + + + + The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. + + Bus name + + + + + + The reliability applied to Non-persistent JMS messages sent using this connection factory. + + Non-persistent reliability + + + + + + + + + BestEffortNonPersistent + + + + + ExpressNonPersistent + + + + + ReliableNonPersistent + + + + + + + + + + The reliability applied to persistent JMS messages sent using this connection factory. + + Persistent reliability + + + + + + + + + ReliablePersistent + + + + + AssuredPersistent + + + + + + + + + + Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. + + Read ahead + + + + + + + + + Default + + + + + AlwaysOn + + + + + AlwaysOff + + + + + + + + + + The prefix of up to twelve characters used for the temporary queues created by applications that use this queue connection factory. + + Temporary queue name prefix + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + Password + + + + + + The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. + + Remote server address + + + + + + Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. + + Transport chain + + + + + + It is recommended to use a container managed authentication alias instead of configuring this property. + + User name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A JMS activation specification is associated with one or more message-driven beans and provides the configuration necessary for them to receive messages. + + Embedded Messaging + + + + + + + + + The acknowledge mode indicates how a message received by a message-driven bean should be acknowledged. + + Acknowledge mode + + + + + + + + + Auto-acknowledge + + + + + Dups-ok-acknowledge + + + + + + + + + + The name of a bus when connecting to the service integration bus in WebSphere Application Server traditional. + + Bus name + + + + + + The type of the destination, which is javax.jms.Queue or javax.jms.Topic. + + Destination type + + + + + + + + + javax.jms.Queue + + + + + javax.jms.Topic + + + + + + + + + + The maximum number of endpoints to which the messages are delivered concurrently. The increase in the number can improve the performance, but it also increases the number of threads that are in use at the specified time. If the message order must be retained for all the failed deliveries, set the maximum concurrent endpoints value to 1. + + Maximum concurrent MDB + + + + + + + + + + + + + + + + Read ahead is an optimization that preemptively assigns messages to consumers. This processes the consumer requests faster. + + Read ahead + + + + + + + + + Default + + + + + AlwaysOn + + + + + AlwaysOff + + + + + + + + + + The delay (in seconds) between attempts to connect to a messaging engine, both for the initial connection, and any subsequent attempts to establish a better connection. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Retry interval + + + + + + Type of MS topic subscription. The value can be any of following values: Durable DurableShared NonDurable NonDurableShared + + Subscription durability + + + + + + + + + NonDurable + + + + + NonDurableShared + + + + + Durable + + + + + DurableShared + + + + + + + + + + Transport chains specify the communication protocols that can be used to communicate with the service integration bus in WebSphere Application Server traditional. + + Transport chain + + + + + + + + + InboundBasicMessaging + + + + + InboundSecureMessaging + + + + + + + + + + The JMS client identifier needed for durable(and for shared non-durable) topic subscriptions on all connections. This identifier is required if the application is doing durable(and for shared non-durable) publish/subscribe messaging. + + Client id + + + + + + This property can be used to specify the lookup name of an administratively-defined javax.jms.ConnectionFactory, javax.jms.QueueConnectionFactory or javax.jms.TopicConnectionFactory object that is used to connect to the JMS provider from which the endpoint (message-driven bean) can receive messages. + + Connection factory jndi name + + + + + + Reference to a JMS destination + + Destination reference + + + + + + This property can be used to specify the lookup name of the administratively-defined javax.jms.Queue or javax.jms.Topic objects that define the JMS queue or topic from which the endpoint (message-driven bean) can receive messages. + + Destination jndi name + + + + + + Reference to a JMS destination + + Destination reference + adminObject + jmsQueue + jmsTopic + jmsDestination + + + + + + The maximum number of messages received from the messaging engine in a single batch. + + Maximum batch size + + + + + + + + + + + + + + + + The JMS message selector used to determine which messages the message-driven bean receives. The value is a string that is used to select a subset of the available messages. + + Message selector + + + + + + The remote server address that has triplets separated by a comma, with the syntax hostName:portNumber:chainName, used to connect to a bootstrap server. For example, Merlin:7276:BootstrapBasicMessaging. If hostName is not specified, the default is localhost. If portNumber is not specified, the default is 7276. If chainName is not specified, the default is BootstrapBasicMessaging. Refer to the information center for more information. + + Remote server address + + + + + + Controls whether or not durable subscription can be shared across connections. + + Share durable subscription + + + + + + The subscription name needed for durable(and for shared non-durable). Required field when using a durable(and for shared non-durable) topic subscription.This subscription name must be unique within a given client identifier. + + Subscription name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for WAS JMS outgoing connection requests. + + WAS JMS Outbound + + + + + + TCP protocol options for WAS JMS outbound + + TCP Options + + + + + + SSL protocol options for WAS JMS outbound + + SSL Options + + + + + + + The name of the WAS JMS outbound. + + WAS JMS outbound name + + + + + + Set the value to true to enable the secure communication channel + + Enable SSL + + + + + + TCP protocol options for WAS JMS outbound + + TCP options reference + tcpOptions + + + + + + SSL protocol options for WAS JMS outbound + + SSL options reference + sslOptions + + + + + + + + + + + + Security for the wasJmsServer-1.0 feature + + Messaging Security + + + + + + A set of permissions that are mapped to the users and groups + + Role + + + + + + + + Users that are assigned to the particular role + + User + + + + + + + + + The user that is defined as part of the registry + + User name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Groups that are assigned to the role + + Group + + + + + + + + + The group that is defined as part of the user registry + + Group name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Permission that is defined on a topic for a set of users and groups + + Topic Permission + + + + + + Operations that are allowed on the destination + + Action + + + + + + + + + SEND + + + + + RECEIVE + + + + + ALL + + + + + + + + + + + Name of the Topic inside the TopicSpace + + Topic name + + + + + + Reference to the TopicSpace defined in the Messaging Engine + + TopicSpace reference + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A set of permissions that are mapped to the users and groups + + Role + + + + + + Permission that is defined on a queue for a set of users and groups + + Queue Permission + + + + + + Permission that is defined on a temporary destination for a set of users and groups + + Temporary Destination Permission + + + + + + Permission that is defined on a topic for a set of users and groups + + Topic Permission + + + + + + Users that are assigned to the particular role + + User + + + + + + Groups that are assigned to the role + + Group + + + + + + + The name of the role + + Role name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Permission that is defined on a queue for a set of users and groups + + Queue Permission + + + + + + Operations that are allowed on the destination + + Action + + + + + + + + + SEND + + + + + RECEIVE + + + + + BROWSE + + + + + ALL + + + + + + + + + + + Reference to the Queue defined in the Messaging Engine + + Queue reference + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Permission that is defined on a temporary destination for a set of users and groups + + Temporary Destination Permission + + + + + + Operations that are allowed on the destination + + Action + + + + + + + + + SEND + + + + + RECEIVE + + + + + CREATE + + + + + ALL + + + + + + + + + + + Prefix defined for a temporary destination + + Prefix + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for WAS JMS incoming connection requests. + + WAS JMS Endpoint + + + + + + TCP protocol options for the WAS JMS endpoint. + + TCP Options + + + + + + SSL protocol options for the WAS JMS endpoint. + + SSL Options + + + + + + + Toggle the availability of WAS JMS Endpoint. + + Enabled + + + + + + IP address, domain name server (DNS) host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for all available network interfaces. + + Host + + + + + + The port used for WAS JMS client messaging application connection requests. Use -1 to disable this port. + + Port + + + + + + + + + + + + + + + + The port used for WAS JMS client messaging application connection requests secured with SSL. Use -1 to disable this port. + + Secure port + + + + + + + + + + + + + + + + TCP protocol options for the WAS JMS endpoint. + + TCP options reference + tcpOptions + + + + + + SSL protocol options for the WAS JMS endpoint. + + SSL options reference + sslOptions + + + + + + + A messaging engine is a component, running inside a server, that manages messaging resources. Applications are connected to a messaging engine when they send and receive messages. + + Messaging Engine + + + + + + Messaging file store. Important: Do not delete any of the file store files. Deleting them can lead to corruption of the message store. If any of these files are deleted accidentally, then delete the remaining files and restart the messaging engine. The messaging engine restarts in a clean state, but all messages are lost. + + File Store + + + + + + A queue destination represents a message queue and is used for point-to-point messaging. + + Queue + + + + + + A topic space destination represents a set of "publish and subscribe" topics and is used for publish/subscribe messaging. + + Topic Space + + + + + + An alias destination maps an alternative name for a bus destination. You can use an alias destination for point-to-point messaging or publish/subscribe messaging. + + Alias + + + + + + Security for the wasJmsServer-1.0 feature. + + Messaging Security + + + + + + + + Messaging file store. Important: Do not delete any of the file store files. Deleting them can lead to corruption of the message store. If any of these files are deleted accidentally, then delete the remaining files and restart the messaging engine. The messaging engine restarts in a clean state, but all messages are lost. + + File Store + + + + + + + + + Path to the file store. + + File store path + + + + + + Size in megabytes of the log file. The log file size cannot exceed half the size of the file store size. For a file store size set to 400 MB, the log file size cannot exceed 200 MB. The maximum recommended log file size is 25% of the file store size. For a file store size set to 400 MB, the maximum recommended setting for log file size would be 100 MB. + + Log size + + + + + + + + + + + + + + + The combined size in megabytes for both permanent and temporary store. The file store size is equally divided between permanent and temporary store. For example, if you specify 400 MB as file store size then 200 MB is used for permanent store and 200 MB is used for temporary store. + + File store size + + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A topic space destination represents a set of "publish and subscribe" topics and is used for publish/subscribe messaging. + + Topic Space + + + + + + + + + The name of the topic space. + + Topic space name + + + + + + The reliability assigned to a message produced to this destination when an explicit reliability has not been set by the producer. + + Force reliability + + + + + + + + + BestEffortNonPersistent + + + + + ExpressNonPersistent + + + + + ReliableNonPersistent + + + + + ReliablePersistent + + + + + AssuredPersistent + + + + + + + + + + The destination to which a message is forwarded by the system when it cannot be delivered to this destination. + + Exception destination name + + + + + + Lists the actions that the messaging engine must take when the maxredeliverycount is reached for a message. + + Failed delivery policy + + + + + + + + + SEND_TO_EXCEPTION_DESTINATION + + + + + DISCARD + + + + + KEEP_TRYING + + + + + + + + + + When no exception destination is configured, the time interval to apply between retry attempts, after the maximum failed deliveries limit is reached, for this destination. + + Redelivery interval + + + + + + The maximum number of failed attempts to process a message. After this number of failed attempts, if an exception destination is configured, the message is forwarded from the intended destination to its exception destination. If an exception destination is not configured, a time interval between retry attempts is applied. + + Maximum redelivery count + + + + + + Producers can send messages to this destination. + + Send allowed + + + + + + Clear this option (setting it to false) to prevent consumers from being able to receive messages from this destination. + + Receive allowed + + + + + + Maintains the order in which a producer sends messages to the destination. + + Maintain strict message order + + + + + + The maximum number of messages that the messaging engine can place on its message points. + + Maximum message depth + + + + + + + + + + + + + + + + + + + + + A queue destination represents a message queue and is used for point-to-point messaging. + + Queue + + + + + + + + + The name of the queue. + + Queue name + + + + + + The reliability assigned to a message produced to this destination when an explicit reliability has not been set by the producer. + + Force reliability + + + + + + + + + BestEffortNonPersistent + + + + + ExpressNonPersistent + + + + + ReliableNonPersistent + + + + + ReliablePersistent + + + + + AssuredPersistent + + + + + + + + + + The destination to which a message is forwarded by the system when it cannot be delivered to this destination. + + Exception destination name + + + + + + Lists the actions that the messaging engine must take when the maxredeliverycount is reached for a message. + + Failed delivery policy + + + + + + + + + SEND_TO_EXCEPTION_DESTINATION + + + + + DISCARD + + + + + KEEP_TRYING + + + + + + + + + + When no exception destination is configured, the time interval to apply between retry attempts, after the maximum failed deliveries limit is reached, for this destination. + + Redelivery interval + + + + + + The maximum number of failed attempts to process a message. After this number of failed attempts, if an exception destination is configured, the message is forwarded from the intended destination to its exception destination. If an exception destination is not configured, a time interval between retry attempts is applied. + + Maximum redelivery count + + + + + + Producers can send messages to this destination. + + Send allowed + + + + + + Clear this option (setting it to false) to prevent consumers from being able to receive messages from this destination. + + Receive allowed + + + + + + Maintains the order in which a producer sends messages to the destination. + + Maintain strict message order + + + + + + The maximum number of messages that the messaging engine can place on its message points. + + Maximum message depth + + + + + + + + + + + + + + + + + + + + + An alias destination maps an alternative name for a bus destination. You can use an alias destination for point-to-point messaging or publish/subscribe messaging. + + Alias + + + + + + + + + The name of the alias queue or alias topic space. + + Alias name + + + + + + The target destination parameter identifies a destination that might be within the same Bus as the alias destination. By default, if no property is set, it points to Default.Queue. + + Target destination + + + + + + The reliability assigned to a message produced to this destination when an explicit reliability has not been set by the producer. + + Force reliability + + + + + + + + + BestEffortNonPersistent + + + + + ExpressNonPersistent + + + + + ReliableNonPersistent + + + + + ReliablePersistent + + + + + AssuredPersistent + + + + + + + + + + Producers can send messages to this destination. + + Send allowed + + + + + + + + + true + + + + + false + + + + + + + + + + + + + + + + Configures web container application security. + + Web Container Application Security + + + + + + The JCache cache reference that is used as the logged-out-cookie cache. + + JCache Cache Reference + + + + + + + Specifies whether to fail over to basic authentication when certificate authentication fails. The equivalent custom property in the full application server profile is com.ibm.wsspi.security.web.failOverToBasicAuth. + + Allow failover to HTTP basic auth + + + + + + Warning, security risk: Setting this property to true may open your systems to potential URL redirect attacks. If set to true, any host can be specified for the logout page redirect. If set to false, and the logout page points to a different host, or one not listed in the logout page redirect domain list, then a generic logout page is displayed. The equivalent custom property in the full application server profile is com.ibm.websphere.security.allowAnyLogoutExitPageHost. + + Allow logout page to redirect to any host + + + + + + Warning, security risk: if this property is set to true, and the user registry's realm name contains sensitive information, it is displayed to the user. For example, if an LDAP configuration is used, the LDAP server hostname and port are displayed. This configuration controls what the HTTP basic authentication login window displays when the realm name is not defined in the application web.xml. If the realm name is defined in the application web.xml file, this property is ignored. If set to true, the realm name displayed will be the user registry realm name for the LTPA authentication mechanism. If set to false, the realm name displayed will be "Default Realm". The equivalent custom property in the full application server profile is com.ibm.websphere.security.displayRealm. + + Display the realm for HTTP basic auth + + + + + + Specifies whether the HTTP only (HttpOnly) cookies option is enabled. + + Enable HTTP only cookies + + + + + + Specifies whether users will be logged out after the HTTP session timer expires. If set to false, the user credential will stay active until the Single Sign-On token timeout occurs. The equivalent custom property in the full application server profile is com.ibm.ws.security.web.logoutOnHTTPSessionExpire. + + Logout users after the HTTP session timer expires + + + + + + A pipe (|) separated list of domain names that are allowed for the WASReqURL page redirect. The hostname found on the form login request is implied. + + Domain names allowed for WASReqURL page redirect + + + + + + A pipe (|) separated list of domain names that are allowed for the logout page redirect (localhost is implied). The equivalent custom property in the full application server profile is com.ibm.websphere.security.logoutExitPageDomainList. + + Domain names for logout page redirect + + + + + + Size of the POST parameter cookie. If the size of the cookie is larger than the browser limit, unexpected behavior may occur. The value of this property must be a positive integer and represents the maximum size of the cookie in bytes. The equivalent custom property in the full application server profile is com.ibm.websphere.security.util.postParamMaxCookieSize. + + POST parameter cookie size + + + + + + Specifies where POST parameters are stored upon redirect. Valid values are cookie (POST parameters are stored in a cookie), session (POST parameters are stored in the HTTP Session) and none (POST parameters are not preserved). The equivalent custom property in the full application server profile is com.ibm.websphere.security.util.postParamSaveMethod. + + POST parameter store behavior for redirects + + + + + + + + + Cookie + + + + + Session + + + + + None + + + + + + + + + + Warning, security risk: Setting this to true may open your systems to potential URL redirect attacks. This property specifies whether the fully qualified referrer URL for form login redirects is preserved. If false, the host for the referrer URL is removed and the redirect is to localhost. The equivalent custom property in the full application server profile is com.ibm.websphere.security.util.fullyQualifiedURL + + Preserve the fully qualified referrer URL + + + + + + Specifies whether single sign-on is enabled. + + Enable single sign-on + + + + + + Customizes the SSO cookie name. A custom cookie name allows you to logically separate authentication between SSO domains and to enable customized authentication to a particular environment. Before setting this value, consider that setting a custom cookie name can cause an authentication failure. For example, a connection to a server that has a custom cookie property set sends this custom cookie to the browser. A subsequent connection to a server that uses either the default cookie name or a different cookie name, is not able to authenticate the request via a validation of the in-bound cookie. The equivalent custom property in the full application server profile is com.ibm.websphere.security.customSSOCookieName. + + Single sign-on cookie name + + + + + + Specifies whether to use only the custom cookie name. + + Use only the custom cookie name + + + + + + A pipe (|) separated list of domain names that SSO Cookies should be presented. The equivalent custom property in the full application server profile is com.ibm.ws.security.config.SingleSignonConfig + + Domain names for SSO cookies + + + + + + Specifies whether a SSO cookie is sent over SSL. The equivalent property in the full application server profile is requiresSSL. + + Single sign-on requires SSL + + + + + + Specifies whether to use the domain name from the request URL for the cookie domain. + + Use domain name from the request URL + + + + + + Enables the single sign-on behavior using the LTPA token for a JASPIC authentication. After the initial authentication is performed by the JASPIC provider, the LTPA cookie is created and used for subsequent logins to achieve the single-sign on behavior. The JASPIC provider is not called until the token expires. The JASPIC authentication applies when an external provider is used and also when the application uses the Java EE Security API annotations. The single sign-on behavior can also be achieved by enabling the JASPIC session cookie or the application provided RememberMeIdentityStore bean for a JASPIC authentication. In this case, set the useLtpaSSOForJaspic attribute to false. + + Enable LTPA single sign-on for JASPIC + + + + + + Specifies whether authentication data can be used when accessing an unprotected resource. The unprotected resource can access validated authenticated data that it previously could not access. This option enables the unprotected resource to call the getRemoteUser, isUserInRole, and getUserPrincipal methods to retrieve an authenticated identity. The equivalent custom property in the full application server profile is com.ibm.wsspi.security.web.webAuthReq=persisting. + + Use authenticated identity for an unprotected URI + + + + + + Specifies whether the login() method will throw an exception when an identity has already been authenticated. + + Allow login with authenticated identity + + + + + + Specifies the global URL of a form login page including the root context. The form login page must be part of the WAR file. If a form login application does not specify the form login page in the web.xml file, it uses the global form login URL. This is required when overrideHttpAuthMethod attribute is set to FORM. + + Login form URL + + + + + + Specifies the global URL of a form login error page that includes the root context. The form login error page must be part of a WAR file. An application uses the global login error URL if the application uses form login authentication and does not specify either the form login page or the login error page in the auth-method element of the web.xml file. This is required when overrideHttpAuthMethod attribute is set to FORM. + + Login error URL + + + + + + Specifies the authentication failover method that is used when the certificate authentication fails or if the certificate is missing. Valid values are BASIC, FORM, and APP_DEFINED. APP_DEFINED is only valid when overrideHttpAuthMethod attribute is set to CLIENT_CERT. When APP_DEFINED is set, the authentication method that is configured in the application is used. + + Failover method when certificate login fails + + + + + + + + + BASIC + + + + + FORM + + + + + APP_DEFINED + + + + + + + + + + Setting the Path parameter can allow the client/browser to manage multiple WASReqURL cookies during multiple concurrent logins on the same user agent. The equivalent custom property in the full application server profile is com.ibm.websphere.security.setContextRootForFormLogin. + + Set the path parameter for the WASReqURL cookie + + + + + + Specifies whether to track LTPA single signon tokens that are logged out on a server so that it can not be reused on the same server. + + Track logged out LTPA single signon tokens + + + + + + Specifies the authentication method to be used for all applications. This specified value overrides any application defined authentication method. The acceptable value is BASIC, FORM or CLIENT_CERT. When FORM is used, loginFormURL and loginErrorURL attributes are required to be set. + + Name of authentication method to override + + + + + + + + + BASIC + + + + + FORM + + + + + CLIENT_CERT + + + + + + + + + + Specifies the context root of a form login page, which is specified by the loginFormURL property. If this value is not set, the first path element of the loginFormURL property is used as a context root. This value is applicable when overrideHttpAuthMethod is set to FORM, or if overrideHttpAuthMethodis is set to CLIENT_CERT and allowAuthenticationFailOverToAuthMethod is set to FORM. + + Context root for the Java EE 8 login form + + + + + + Specifies a realm name for the Java EE 8 Security HTTP basic authentication. This value is applicable when overrideHttpAuthMethod is set to BASIC, or if overrideHttpAuthMethod is set to CLIENT_CERT and allowAuthenticationFailOverToAuthMethod is set to BASIC. The default value is defaultRealm. + + Realm name of the Java EE 8 basic authentication + + + + + + Specifies the SameSite attribute value to use for the SSO cookie. + + Add the SameSite attribute to the SSO cookie + + + + + + + + + Do not set the SameSite attribute value on the SSO cookie + + + + + Set the SSO cookie SameSite attribute value to Lax + + + + + Set the SSO cookie SameSite attribute value to None. When None is set, the secure attribute is set to true on the cookie. + + + + + Set the SSO cookie SameSite attribute value to Strict + + + + + + + + + + The JCache cache reference that is used as the logged-out-cookie cache. + + JCache cache reference + cache + + + + + + + Configuration properties for WAS WebSocket outgoing connection requests. + + WAS WebSocket Outbound + + + + + + TCP protocol options for WAS WebSocket outbound + + TCP Options + + + + + + HTTPprotocol options for WAS WebSocket outbound + + HTTP Options + + + + + + SSL protocol options for WAS WebSocket outbound + + SSL Options + + + + + + + TCP protocol options for WAS WebSocket outbound + + TCP options reference + tcpOptions + + + + + + HTTPprotocol options for WAS WebSocket outbound + + HTTP options reference + httpOptions + + + + + + SSL protocol options for WAS WebSocket outbound + + SSL options reference + sslOptions + + + + + + + Configuration for the user registry federation. + + User Registry Federation + + + + + + Reference to the realm. + + Realm + + + + + + Primary realm configuration. + + Primary Realm + + + + + + The default parent for an entity type mapping. + + Entity Mapping Reference + + + + + + The extended properties for Person and Group. + + Extended Property Mapping + + + + + + + Maximum number of entries that can be returned in a search. + + Maximum search results + + + + + + Maximum amount of time, in milliseconds, to process a search. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Search timeout + + + + + + Defines the number of pagination requests that can be stored in the cache. The paging cache size needs to be configured based on the number of pagination requests executed on the system and the hardware system resources available. + + Paging cache size + + + + + + Defines the maximum time that an entry, which added to the page cache, is available. When the specified time has elapsed, the entry from the page cache is cleared. This needs to be configured based on the interval between pagination search requests executed on the system and the hardware system resources available. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Page cache timeout + + + + + + The minimum delay for a failed login attempt. For example, 0s or 1000ms. The failed login delay adds a variable delay to requests where the login fails. To customize the maximum delay time, set the failedLoginDelayMax attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Failed login delay minimum + + + + + + The maximum delay for a failed login attempt. For example, 5s or 5000ms. The failed login delay adds a variable delay to requests where the login fails. To disable the failed login delay, set the value to 0s. The delay is intended to mitigate user enumeration style attacks; therefore, disabling it is not recommended. To customize the minimum delay time, set the failedLoginDelayMin attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Failed login delay maximum + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Realm configuration. + + Realm + + + + + + The Base Entry that is part of this realm. + + Participating Base Entry + + + + + + The input and output property mappings for unique user id used in an user registry operation. + + Unique User Id Mapping + + + + + + The input and output property mappings for user security name in an user registry operation. + + User Security Name Mapping + + + + + + The input and output property mappings for user display name in an user registry operation. + + User Display Name Mapping + + + + + + The input and output property mappings for unique group id in an user registry operation. + + Unique Group Id Mapping + + + + + + The input and output property mappings for group security name in an user registry operation. + + Group Security Name Mapping + + + + + + The input and output property mappings for group display name in an user registry operation. + + Group Display Name Mapping + + + + + + The default parent mapping for the realm. + + Default Parent Mapping + + + + + + + Name of the realm. + + Realm name + + + + + + Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name. + + Delimiter + + + + + + Specifies whether operation is allowed if a repository is down. The default value is false. + + Allow operation if repository is down + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The default parent mapping for the realm. + + Default Parent Mapping + + + + + + + + + The name of the entity being mapped. The name of the entity can be PersonAccount or Group. + + Name of entity + + + + + + The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created. + + Parent distinguished name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The property mapping for userDisplayName (default: principalName). + + User Display Name Mapping Properties + + + + + + + + + The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. + + User registry input property + + + + + + The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. + + User registry output property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The default parent for an entity type mapping. + + Entity Mapping Reference + + + + + + The name of the entity being mapped. The name of the entity can be PersonAccount or Group. + + Name of entity + + + + + + The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created. + + Parent distinguished name + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The extended properties for Person and Group. + + Extended Property Mapping + + + + + + + + + Defines the name of the property extended for Person and Group. + + Name of extended property + + + + + + Defines the data type of the property extended for Person and Group. The basic Java data types are supported. + + Data type of extended property + + + + + + + + + Integer + + + + + Long + + + + + String + + + + + Boolean + + + + + Date + + + + + Double + + + + + BigInteger + + + + + BigDecimal + + + + + + + + + + The name of the entity being mapped. The name of the entity can be PersonAccount or Group. + + Name of entity + + + + + + + + + Person + + + + + Group + + + + + + + + + + Defines if the property extended for Person and Group supports multiple values. + + Multi-valued + + + + + + Defines the default value for the property during write operation, if no default value is set. + + Default value to be set + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The property mapping for userSecurityName (default: principalName). + + User Security Name Mapping Properties + + + + + + + + + The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. + + User registry input property + + + + + + The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. + + User registry output property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration of the registry base entry. + + Registry Base Entry + + + + + + + + + Name of the base entry. + + Base entry name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The property mapping for uniqueGroupId (default: uniqueName). + + Unique Group ID Mapping Properties + + + + + + + + + The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. + + User registry input property + + + + + + The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. + + User registry output property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The input and output mapping for the unique user id. + + Unique User ID Mapping Properties + + + + + + + + + The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. + + User registry input property + + + + + + The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type. + + User registry output property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The property mapping for groupDisplayName (default: cn). + + Group Display Name Mapping Properties + + + + + + + + + The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. + + User registry input property + + + + + + The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. + + User registry output property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The property mapping for groupSecurityName (default: cn). + + Group Security Name Mapping Properties + + + + + + + + + The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. + + User registry input property + + + + + + The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type. + + User registry output property + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies a relational database as a persistent store for server features. + + Database Store + + + + + + Data source that connects to the persistent store. + + Data Source + + + + + + Authentication data for task scheduling, queries, and execution. + + Authentication Data + + + + + + + When set to true, database tables are created. + + Create database tables + + + + + + Data source that connects to the persistent store. + + Data source reference + dataSource + + + + + + The preferred strategy for generating unique primary keys. If the selected strategy is not supported for the database, a different strategy might be used. + + Key generation strategy + + + + + + + + + Automatically select the strategy to generate unique primary keys. + + + + + Use a database identity column to generate unique primary keys. + + + + + Use a database sequence to generate unique primary keys. + + + + + Use a database table to generate unique primary keys. + + + + + + + + + + Name prefix for tables, sequences, and other database artifacts. + + Table name prefix + + + + + + Authentication data for task scheduling, queries, and execution. + + Authentication data reference + authData + + + + + + Schema name with read and write access to the database tables. + + Schema name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for the ACME Certificate Authority. + + ACME Certificate Authority + + + + + + A domain name to request a certificate for. + + Domain name + + + + + + A contact URL the ACME server can use to contact the client for issues related this the ACME account. + + Account contact + + + + + + ACME transport layer. + + ACME Transport + + + + + + Configuration for checking the revocation status of certificates with the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs). + + ACME Certificate Revocation Checker + + + + + + + The URI to the ACME CA server's directory object. + + ACME server directory URI + + + + + + The duration of time that the certificate signing request specifies for the certificate to be valid. The default is defined by the ACME CA server. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Valid for + + + + + + Subject distinguished name (DN) to use for the certificate. The DN can include the following relative distinguished name (RDN) types: cn, c, st, l, o and ou. If the cn RDN type is defined, it must be one of the domains defined by the domain configuration element and it must be the first RDN in the DN. If the cn RDN type is not defined, the first domain defined by the domain configuration element is used as the cn RDN value. + + Subject distinguished name + + + + + + The amount of time to spend polling the status of an ACME challenge before polling discontinues and treats the challenge as failed. A value of 0 indicates to poll indefinitely. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Challenge poll timeout + + + + + + The amount of time to spend polling the status of an ACME order before polling discontinues and treats the order as failed. A value of 0 indicates to poll indefinitely. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Order poll timeout + + + + + + A path to the file containing a key identifier for a registered account on the ACME CA server. If the file does not exist, a new account is registered with the ACME CA server and the associated key is written to this file. Back this file up to maintain control of the account on the ACME CA server. + + Account key file + + + + + + A path to the file containing a key identifier for a domain. If the file does not exist, a new key is generated and written to this file. Back this file up to maintain control of the domain. + + Domain key file + + + + + + ACME transport layer. + + ACME transport reference + acmeTransportConfig + + + + + + Renew time before expiration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Renew time before expiration + + + + + + Configuration for checking the revocation status of certificates with the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs). + + ACME certificate revocation checker reference + acmeRevocationChecker + + + + + + + ACME transport layer. + + ACME Transport + + + + + + + + + The SSL handshake protocol. Protocol values can be found in the documentation for the Java Secure Socket Extension (JSSE) provider of the underlying JRE. When using the IBM JRE the default value is SSL_TLSv2 and when using the Oracle JRE the default value is SSL. + + SSL protocol + + + + + + A keystore that contains trusted certificate entries that are used by SSL for signing verification. + + Truststore + + + + + + The password that is used to load the truststore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password. + + Truststore password + + + + + + The keystore type for the truststore. Supported types are JKS, PKCS12 and JCEKS. + + Truststore type + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for checking the revocation status of certificates with the Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRLs). + + ACME Certificate Revocation Checker + + + + + + + + + Verifies whether certificate revocation checking is enabled for the ACME CA service. The default is true. + + Certificate revocation checking enabled + + + + + + Sets the URI that identifies the location of the OCSP responder. This setting overrides the ocsp.responderURL security property and any responder that is specified in the certificate Authority Information Access Extension. + + OCSP responder URL + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + An audit event + + Audit Event + + + + + + + + + The unique name of the audit event. For example: SECURITY_AUTHN or SECURITY_AUTHZ. + + Audit event name + + + + + + + + + Audit record of the starting and stopping of audit services. + + + + + Audit record for all user and group management events, including creation, reading, updating and deleting of user and group records. + + + + + Audit record for any authentication which passes through the authentication API, excluding logouts. + + + + + Audit record for any authentication logout which passes through the authentication API. + + + + + Audit record for any security authentication event, excluding logouts. + + + + + Audit record for any authentication logout event. + + + + + Audit record for any authentication failover event. + + + + + Audit record for any delegation, identify assertion, and runAS. Used when switching user identities within a given session. + + + + + Audit record for any security authorization events. + + + + + Audit record for any create, query, invoke MBean operations + + + + + Audit record for any query, create or update to MBean attributes. + + + + + Audit record for any register or unregister MBean operations. + + + + + Audit record of any addition or removal of notification listeners. + + + + + Audit record for any JMS authentication events. + + + + + Audit record for any JMS auhorization events. + + + + + Audit record for SAF Authorization event when the SAF authorization service is configured to report additional information about authorization failures and a SAFAuthorizationException is thrown. + + + + + Audit record for OAuth application token and password management + + + + + Audit record for SAF Authorization event. + + + + + + + + + + Defines the outcome for an audit event to gather and report. For example: SUCCESS, FAILURE, or DENIED. If no outcome is specified, then all outcomes for the particular audit event are emitted to the audit.log. + + Audit outcome + + + + + + + + + success + + + + + failure + + + + + error + + + + + redirect + + + + + info + + + + + warning + + + + + denied + + + + + challenge + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configures Batch job logging. + + Batch Job Logging + + + + + + + + + Enables or disables batch job logging. + + Enable batch job logging + + + + + + The maximum number of log records per job log file before rolling over to the next file. + + Maximum log records per file + + + + + + + + + + + + + + + + The maximum number of seconds allowed to elapse between publishes of job log events. + + Maximum number of seconds between log publishes + + + + + + + + + + + + + + + + + Connection Manager configuration + + Connection Manager + Additional properties for more advanced usage. + + + + + + + + + Amount of time before a connection can be discarded by pool maintenance. A value of -1 disables this timeout. A value of 0 discards every connection, which disables connection pooling. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Aged timeout + + + + + + Amount of time after which a connection request times out. A value of -1 disables this timeout, meaning infinite wait. A value of 0 is immediate, meaning no wait. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Connection timeout + + + + + + Amount of time a connection can be unused or idle until it can be discarded during pool maintenance, if doing so does not reduce the pool below the minimum size. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Maximum idle time + + + + + + Maximum number of physical connections for a pool. A value of 0 means unlimited. The optimal setting depends on the application characteristics. For an application in which every thread obtains a connection to the database, you might start with a 1:1 mapping to the `coreThreads` attribute. + + Maximum connections + + + + + + + + + + + + + + + Specifies which connections to destroy when a stale connection is detected in a pool. + + Purge policy + + + + + + + + + When a stale connection is detected, all connections in the pool are marked stale, and when no longer in use, are closed. + + + + + When a stale connection is detected, only the connection which was found to be bad is closed. + + + + + When a stale connection is detected, connections are tested and those found to be bad are closed. + + + + + + + + + + Amount of time between runs of the pool maintenance thread. A value of -1 disables pool maintenance. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Reap time + + + + + + Attempts to clean up after applications that leave connections open after the end of a servlet request, enterprise bean instance, managed executor task, contextual task, or managed completion stage. When an unsharable connection is obtained within one of these application artifacts and remains open when it ends, the container attempts to close the connection handle. The container may also close sharable connections that do not support DissociatableManagedConnection. Applications should always follow the programming model defined by the specification and close connections at the appropriate times rather than relying on the container, even when this option is enabled. + + Automatically close connections + + + + + + + If set to true, connections use container authentication. If set to false, connections use application authentication. + + Enable container authentication on direct lookups + + + + + + + If set to true, connections are shared. If set to false, connections are unshared. + + Enable connection sharing for direct lookups + + + + + + + Minimum number of physical connections to maintain in the pool. The pool is not pre-populated. Aged timeout can override the minimum. + + Minimum connections + + + + + + + + + + + + + + + Limits the number of open connections on each thread. + + Maximum open connections per thread + + + + + + + + + + + + + + + + Caches the specified number of connections for each thread. This setting can provide a performance improvement on large multi-core (8+) machines by reserving the specified number of database connections for each thread. For best performance, if you have n applications threads, set the maximum pool connections to at least n times the value of the numConnectionsPerThreadLocal attribute. Use the same credentials for all connection requests. For example, if you use 20 application threads, set the maximum pool connections to 20 or more. If you set the value of numConnectionPerThreadLocal attribute as 2 and you have 20 application threads, set the maximum pool connection to 40 or more. If setting numConnectionsPerThreadLocal does not improve performance due to application connection usage patterns that do not benefit from using numConnectionsPerThreadLocal, remove the attribute from configuration or set the value to 0. + + Number of cached connections per thread + + + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Members of an external cache group that are controlled by WebSphere Application Server. + + External Cache Group Member + + + + + + Specifies the name of a class, which is located on the WebSphere Application Server class path, of the adapter between WebSphere Application Server and this external cache. + + Adapter bean name + + + + + + + Fully qualified host name + + Host name + + + + + + Port. + + Port + + + + + + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Enable disk offload to specify that when the cache is full, cache entries are removed from the cache and saved to disk. The location is a fully-qualified directory location that is used by the disk offload function. The Flush to Disk on Stop option specifies that when the server stops, the contents of the memory cache are moved to disk. + + Enable Disk Offload + + + + + + + + + Specifies a value for the maximum disk cache size, in number of entries. + + Disk cache size + + + + + + + + + + + + + + + Specifies a value for the maximum disk cache size, in gigabytes (GB). + + Disk cache size in gigabytes + + + + + + + + + + + + + + + Specifies the eviction algorithm and thresholds that the disk cache uses to evict entries. When the disk size reaches a high threshold limit, the disk cache garbage collector wakes up and evicts randomly-selected (Random) or the largest (Size) entries on the disk until the disk size reaches a low threshold limit. + + Disk cache eviction policy + + + + + + + + + Random + + + + + Size + + + + + + + + + + Specifies when the eviction policy starts. + + High threshold + + + + + + + + + + + + + + + + Specifies when the eviction policy ends. + + Low threshold + + + + + + + + + + + + + + + + Specifies a directory to use for disk offload. + + Disk offload location + + + + + + Set this value to true to have objects that are cached in memory saved to disk when the server stops. This value is ignored if Enable disk offload is set to false. + + Flush to disk + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies sets of external caches that are controlled by WebSphere(R) Application Server on servers such as IBM(R) WebSphere(R) Edge Server and IBM(R) HTTP Server. + + External Cache Groups + + + + + + + + Specifies a unique name for the external cache group. The external cache group name must match the ExternalCache property that is defined in the servlet or Java(TM) Server Pages (JSP) cachespec.xml file. + + Name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Distributed map configuration for a local cache. + + Distributed Map + + + + + + Specifies a reference to a shared library. + + Shared Library + + + + + + + + + Display name of the distributed map. + + Distributed map name + cacheId + + + + + + JNDI name for a cache instance. + + JNDI name + jndiName + + + + + + Specifies a positive integer that defines the maximum number of entries that the cache can hold. Values are usually in the thousands. The minimum value is 100, with no set maximum value. The default value is 2000. + + Memory cache size + + + + + + + + + + + + + + + Specifies a value for the maximum memory cache size in megabytes (MB). + + Memory cache size in megabytes + + + + + + + + + + + + + + + Specifies when the memory cache eviction policy starts. The threshold is expressed in terms of the percentage of the memory cache size in megabytes (MB). + + High threshold + + + + + + + + + + + + + + + + Specifies when the memory cache eviction policy ends. The threshold is expressed in terms of the percentage of the memory cache size in megabytes (MB). + + Low threshold + + + + + + + + + + + + + + + + Specifies the name of an alternate cache provider. + + Cache provider + + + + + + Specifies a reference to a shared library. + + Shared library reference + library + + + + + + + + + + + + Configuration properties to be applied to gRPC endpoints that match the specified URI. + + GRPC Server Properties + + + + + + + + + GRPC target endpoint + + GRPC target endpoint + + + + + + The maximum inbound message size. + + Maximum message size + + + + + + A list of fully qualified class names for gRPC server interceptor classes. + + GRPC server interceptors + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties to be applied to gRPC targets that match the specified URI. + + GRPC Client Properties + + + + + + Specifies an ID of the SSL configuration that is used to connect to the gRPC service. + + SSL Reference + + + + + + + The remote gRPC service hostname or IP address, with wildcard support. + + Remote host + + + + + + The remote gRPC service path, with wildcard support. A path consists of the gRPC service and method names, in the "ServiceName/MethodName" format. + + Remote procedure path + + + + + + HTTP header names to propagate from an inbound request to an outbound call. + + HTTP header names to propagate + + + + + + The time to wait for new messages before sending a new keepalive ping. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Keepalive interval + + + + + + End the connection if a keepalive response is not received within this time. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Keepalive timeout + + + + + + Perform keepalive when no outstanding RPCs are on the channel. + + Keepalive without calls + + + + + + The maximum inbound message size. + + Maximum message size + + + + + + + + + + + + + + + The maximum allowed inbound metadata size. + + Maximum metadata size + + + + + + + + + + + + + + + A list of fully qualified class names for gRPC client interceptor classes. + + GRPC client interceptors + + + + + + Specifies an ID of the SSL configuration that is used to connect to the gRPC service. + + SSL reference + ssl + + + + + + A custom authority that overrides the default authority. + + Override authority + + + + + + A custom User-Agent that adds a prefix to the default User-Agent. + + Custom user agent + + + + + + Use a plain text connection for the outbound gRPC channel. + + Use a plain text connection + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Vendor-specific JCache configuration properties, which are passed to the CachingProvider when the CacheManager instance is obtained. + + JCache Properties + + + + + + + + + + List of vendor-specific JCache configuration properties, which are passed to the CachingProvider when the CacheManager is obtained. + + Vendor specific properties + + + + + + + + Configuration for the JCache CacheManager. + + JCache CacheManager + + + + + + The JCache CachingProvider that this JCache CacheManager instance uses. + + JCache CachingProvider + + + + + + + + The JCache CachingProvider that this JCache CacheManager instance uses. + + JCache caching provider reference + cachingProvider + + + + + + Vendor-specific JCache configuration URI, which is passed to the CachingProvider when the CacheManager instance is obtained. + + JCache caching provider URI + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for JCache Cache. + + JCache Cache + + + + + + The JCache CacheManager instance that manages this cache. + + JCache CacheManager + + + + + + + The JCache CacheManager instance that manages this cache. + + JCache cache manager reference + cacheManager + + + + + + The JCache cache name to use for caching. If this cache does not exist, it is created at runtime. The name must be unique for a given CacheManager instance. + + JCache name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration for the JCache CachingProvider + + JCache CachingProvider + + + + + + A library that contains the JCache implementation. + + JCache Implementation Library + + + + + + A library or libraries that contain any classes that might be stored in the cache. + + Common Library + + + + + + + A library that contains the JCache implementation. + + JCache implementation library reference + library + + + + + + The fully-qualified class name of the JCache javax.cache.CachingProvider instance. + + JCache caching provider class + + + + + + A library or libraries that contain any classes that might be stored in the cache. + + Common library reference + library + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Information about configuring the builder. The elements and attributes that you specify are used to build the token. + + JWT Builder + + + + + + The trusted audience list to be included in the aud claim in the JSON web token. + + Trusted audiences + + + + + + Specify a comma separated list of claims to include in the token. These claims must be existing user attributes that are defined for the subject of the JWT in the user registry. + + Supported claims + + + + + + + This ID is used to identify the JWT builder. If an ID value is not specified, the builder is not processed. The ID must be a URL-safe string. The ID is used as part of the issuer value if the issuer configuration attribute is not specified. The JwtBuilder API uses this ID to determine which builder configuration to use to construct JWTs. + + Builder ID + + + + + + An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme that contains scheme, host, and optionally port number and path components. + + Issuer + + + + + + Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored. + + Enable JSON web key (JWK) + + + + + + Indicates the token expiration time in hours. ExpiresInSeconds takes precedence if present. Specify a positive integer followed by the unit of time, which can be hours (h). For example, specify 12 hours as 12h. + + Token expiration time in hours + + + + + + Indicates the token expiration time in seconds. Takes precedence over expiry. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Token expiration time in seconds + + + + + + Specify a white space separated list of OAuth scopes. + + Supported scopes + + + + + + Specifies the signature algorithm that will be used to sign the JWT token. + + JWT token signature algorithm + + + + + + + + + Use the RS256 signature algorithm to sign and verify tokens. + + + + + Use the RS384 signature algorithm to sign and verify tokens. + + + + + Use the RS512 signature algorithm to sign and verify tokens. + + + + + Use the HS256 signature algorithm to sign and verify tokens. + + + + + Use the HS384 signature algorithm to sign and verify tokens. + + + + + Use the HS512 signature algorithm to sign and verify tokens. + + + + + Use the ES256 signature algorithm to sign and verify tokens. + + + + + Use the ES384 signature algorithm to sign and verify tokens. + + + + + Use the ES512 signature algorithm to sign and verify tokens. + + + + + + + + + + Specifies the string that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. + + Shared secret + + + + + + Indicates whether to generate a unique id for the token. + + JTI + + + + + + A keystore containing the private key necessary for signing the token with an asymmetric algorithm. + + Keystore + keyStore + + + + + + A key alias name that is used to locate the private key for signing the token with an asymmetric algorithm. When the jwkEnabled attribute is set to true, the value for this attribute is ignored. + + Key alias name + + + + + + A keystore that contains the key management key that is used to encrypt the Content Encryption Key of a JWE. + + Trust keystore + keyStore + + + + + + Identifies the time when JWT is accepted for processing. The value must be a NumericDate object. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Not before claim offset + + + + + + Specifies the encryption algorithm that is used to encrypt the Content Encryption Key of a JWE. + + Key management key algorithm + + + + + + + + + Use the RSAES OAEP algorithm to encrypt the Content Encryption Key of a JWE. + + + + + + + + + + Public key alias of the key management key that is used to encrypt the Content Encryption Key of a JWE. + + Key management key alias + + + + + + Specifies the encryption algorithm that is used to encrypt the JWT plaintext to produce the JWE ciphertext. + + Content encryption algorithm + + + + + + + + + Use the AES GCM algorithm with a 256-bit key to encrypt the JWT plaintext of a JWE. + + + + + + + + + + + + + + + + The JWT consumer information to validate the JWT token. + + JWT Consumer + + + + + + The trusted audience list to be included in the aud claim in the JSON web token. + + Trusted audiences + + + + + + + This ID is used to identify the JWT consumer. If an ID value is not specified, the consumer is not processed. The ID must be a URL-safe string. The JwtConsumer API uses this ID to determine which consumer configuration to use to consume JWTs. + + Consumer ID + + + + + + An Issuer is a case-sensitive URL using the HTTP or HTTPS scheme that contains scheme, host, and optionally port number and path components. + + Issuer + + + + + + Specifies the string that will be used to generate the shared keys. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key. + + Shared secret + + + + + + Specifies the signature algorithm that will be used to sign the JWT token. + + JWT token signature algorithm + + + + + + + + + Use the RS256 signature algorithm to sign and verify tokens. + + + + + Use the RS384 signature algorithm to sign and verify tokens. + + + + + Use the RS512 signature algorithm to sign and verify tokens. + + + + + Use the HS256 signature algorithm to sign and verify tokens. + + + + + Use the HS384 signature algorithm to sign and verify tokens. + + + + + Use the HS512 signature algorithm to sign and verify tokens. + + + + + Use the ES256 signature algorithm to sign and verify tokens. + + + + + Use the ES384 signature algorithm to sign and verify tokens. + + + + + Use the ES512 signature algorithm to sign and verify tokens. + + + + + + + + + + A keystore that contains the public key that can verify a signature of the JWT token. + + Trust keystore + keyStore + + + + + + A trusted key alias for using the public key to verify the signature of the token + + Trusted alias name + + + + + + This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + The time difference allowed between systems + + + + + + Indicates whether to use JWK to sign the token. When JWK is enabled, the JWT builder dynamically generates key pairs and signs the JWT token with the private key. To validate the signature, the JWT consumer can retrieve the key from the JWK API, which has the format https://<host_name>:<ssl_port>/jwt/ibm/api/<jwtBuilder_configuration_id>/jwk. When this attribute is set to true, the value for the keyAlias attribute is ignored. + + Enable JSON web key (JWK) + + + + + + Specifies a JWK end point URL. + + JSON web key(JWK) end point URL + + + + + + Specifies an ID of the SSL configuration that is used to connect to the OpenID Connect provider. + + SSL reference + ssl + + + + + + Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if you want the connections to use the http* and javax* system properties. + + Use system properties for HTTP client connections + + + + + + Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JWE. + + Key management key alias + + + + + + + + + + + + Information about configuring JWT Single Sign On. + + JWT SSO + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + Name of the cookie that is used to store the JWT token. + + Name of cookie + + + + + + Set the secure flag on the JWT cookie to send it only over a secured connection. + + Set secure flag on JWT cookie + + + + + + After successful authentication with a JWT token, include an LTPA cookie in addition to the JWT cookie. + + Include LTPA cookie + + + + + + If the JWT cookie is missing, attempt to process an LTPA cookie if it is present. + + Use LTPA cookie if JWT cookie is not present + + + + + + Do not create the JWT cookie. + + Disable JWT cookie + + + + + + A reference to the JWT Builder configuration element in server.xml that describes how to build the JWT token. + + JWT builder reference + jwtBuilder + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + + Security role for token management requests. + + Token Manager Role + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Clients are defined in server.xml and tokens are cached in the server. + + Local Store + + + + + + + + Token store size + + Token store size + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Special subject that has the security role. + + Special Subject + + + + + + + + + One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. + + Special subject type + + + + + + + + + All authenticated users. + + + + + All users for every request, even if the request was not authenticated. + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Clients are defined, and tokens and consents are cached in a custom OAuthStore implementation. + + Custom OAuthStore + + + + + + + + + Specifies the OAuthStore ID to use for a custom store. The value must match the value of the oauth.store.id property that is specified for the OAuthStore implementation. + + Custom OAuthStore ID + + + + + + The interval to use for cleaning up expired tokens and consents from the custom OAuthStore implementation. The valid range is 0 to Integer.MAX_VALUE in seconds. A value of 0 indicates that no cleanup is performed. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Custom OAuthStore cleanup interval + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + OAuth web application security role map. + + OAuth Role Map + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The grant_type for JWT Token handler + + JWT Grant Type + + + + + + + + + The maximum size of cache, which keeps jti data of jwt token, to prevent the jti from being reused. + + Maximum size of cache for jti of jwt token + + + + + + + + + + + + + + + The time difference allowed between OpenID Connect Client and OpenID Connect Provider systems when they are not synchronized. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + The time difference allowed between systems + + + + + + The time indicates the maximum lifetime of an alive jwt token since its issued-at-time. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Maximum lifetime of a jwt token + + + + + + The iat claim in a jwt token is required. + + Required iat claim in a jwt token + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Security role for client management requests. + + Client Manager Role + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Group that has the security role. + + Group + + + + + + + + + Name of a group that has the security role. + + Group name + + + + + + A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified. + + Group access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Security role for authorization code and token requests. + + Authenticated Role + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + OAuth client definition. Only clients defined here can access the provider. + + OAuth Client + + + + + + Array of redirect URIs for use in redirect-based flows such as the authorization code and implicit grant types of the client. The first redirect URI is used as a default, when none is specified in a request. Each URI must be an absolute URI as defined by RFC 3986. + + Array of redirect URIs + + + + + + Grant types the client may use. + + Grant types + + + + + + + + + authorization_code + + + + + implicit + + + + + refresh_token + + + + + client_credentials + + + + + password + + + + + urn:ietf:params:oauth:grant-type:jwt-bearer + + + + + + + + + + Response types the client may use. + + Response types + + + + + + + + + code + + + + + token + + + + + id_token token + + + + + + + + + + Array of URLs supplied by the RP to which it may request that the end-user's user agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. + + Post logout redirection URIs + + + + + + URIs for use by the coverage map. + + Trusted URI prefixes + + + + + + The resource identifiers which are the audiences of the Json Web Token. + + Resource identifiers + + + + + + A list of group ids to be to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_groupIds response parameter from the introspect endpoint. + + Functional user group IDs + + + + + + + Name of the client (sometimes referred to as the Id). + + Name + + + + + + Secret key of the client. + + Secret key + + + + + + Display name of the client. + + Display name + + + + + + The requested authentication method for the token endpoint of the client. + + Token endpoint authentication method + + + + + + + + + none + + + + + client_secret_post + + + + + client_secret_basic + + + + + + + + + + Specify by spaces the list of scopes of the client. + + Scope + + + + + + The type of application best describing the client. + + Application type + + + + + + + + + native + + + + + web + + + + + + + + + + Subject type requested for response to this client. + + Subject type + + + + + + + + + public + + + + + + + + + + Boolean indicating whether the client participates in OpenID session management. + + Session managed + + + + + + Space separated list of scope values that the client can use when requesting access tokens that are deemed to have been pre-approved by the resource owner and therefore does not require the resource owner's consent. + + PreAuthorized scope + + + + + + Boolean value specifying whether the client is allowed to access the introspection endpoint to introspect tokens issued by the authorization server. + + Introspect tokens + + + + + + Allow redirect URLs to contain regular expressions. The default is false. + + Allow regular expression redirects + + + + + + A user identifier to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_id response parameter from the introspect endpoint. + + Functional user ID + + + + + + Client is enabled if true, disabled if false. + + Client enabled + + + + + + When set to true, the OAuth client is allowed to request application passwords. + + Application password allowed + + + + + + When set to true, the OAuth client is allowed to request application tokens. + + Application token allowed + + + + + + Proof key for code exchange support for OAuth clients. + + Proof key for code exchange + + + + + + Specify whether OAuth client is public. + + Public OAuth client + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Clients are defined and tokens are cached in the database. + + Database Store + + + + + + Reference to the data source for the store. + + Data Source + + + + + + + Reference to the data source for the store. + + Data source reference + dataSource + + + + + + The interval to use for cleaning up expired tokens from the database store. The valid range is 0 to Integer.MAX_VALUE in seconds. A value of 0 indicates that no cleanup is performed. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Database cleanup interval + + + + + + User + + User + + + + + + Password used to access the database. + + Password + + + + + + Schema + + Schema + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + User who has the security role. + + User + + + + + + + + + Name of a user who has the security role. + + User name + + + + + + A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified. + + User access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + OAuth provider definition. + + OAuth Provider Definition + + + + + + + + + Reference to shared library containing the mediator plugin class. + + Shared Library + + + + + + Mediator plugin class name. + + Mediator class name + + + + + + An OAuth 2.0 grant type, as detailed in the OAuth 2.0 specification, that is allowed for the provider. By default, all grant types are allowed. The supported values are authorization_code, client_credentials, refresh_token, password, implicit and urn:ietf:params:oauth:grant-type:jwt-bearer. + + OAuth grant type + + + + + + Name of a client that is allowed to use auto authorization. + + Auto authorize client + + + + + + The type of token to be produced. One of opaque, jwt, or mpjwt. Mpjwt is microprofile standardized format. The default is opaque. + + Type of JWT token issued + + + + + + + + + opaque + + + + + jwt + + + + + mpjwt + + + + + + + + + + + + SSL communication between the OAuth client and provider is required. + + Require SSL communication + + + + + + Authorization grant lifetime (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Authorization grant lifetime + + + + + + Authorization code lifetime (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Authorization code lifetime + + + + + + Length of the generated authorization code. + + Authorization code length + + + + + + Time that access token is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Access token lifetime + + + + + + Length of the generated OAuth access token. + + Access token length + + + + + + A value of false disables generation and the use of refresh tokens. + + Refresh token use flag + + + + + + Length of generated refresh token. + + Refresh token length + + + + + + Maximum number of access tokens that can be created by using refresh tokens for a single OAuth client and user combination. + + Refreshed access token limit + + + + + + A value of false disables revocation of associated access tokens when a refresh token is revoked. The default value is true. + + Revoke access tokens when refresh token revoked + + + + + + Reference to shared library containing the mediator plugin class. + + Shared library reference + library + + + + + + A value of false disables the access of public clients as detailed in the OAuth specification. + + Allow public clients to access OAuth provider + + + + + + URL of a custom authorization page template. + + Custom authorization form + + + + + + URL of a custom authorization error page template. + + Custom authorization error form + + + + + + URL of a custom login page. + + Custom login form + + + + + + To use auto authorization, append the autoAuthorize parameter to requests with a value of true. + + Auto authorization parameter + + + + + + To use auto authorization, append the autoAuthorize parameter to requests with a value of true. + + Auto authorization parameter + + + + + + Optional value to replace client URI strings for dynamic host names. + + Client URI substitution + + + + + + Maximum number of entries in the client token cache. + + Client token cache size + + + + + + Token limit for each user and client combination. + + User client token limit + + + + + + URI filter selects requests to be authorized by this provider. + + Request filter + + + + + + Set request character encoding to this value. + + Character encoding + + + + + + If the value is true, then requests matching the filter must have an access token or they will be failed. If false, then matching requests will be checked for other authentication data if no access token is present. + + Fail authentication if OAuth access token missing + + + + + + If the value is true, add the com.ibm.wsspi.security.oauth20.token.WSOAuth20Token as a private credential. + + Include OAuth token in subject + + + + + + Time that an entry in the consent cache is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Consent cache entry lifetime + + + + + + Maximum number of entries allowed in the consent cache. + + Consent cache size + + + + + + + + + + + + + + + Enable caching to save access tokens in the database and in-memory cache. + + Cache access tokens + + + + + + Enable the authentication of client certificate in the https request. + + Enable client certificate authentication + + + + + + Allow the authentication of a client certificate if a client certificate is included in the https request. This attribute allows client certificates to be used for authentication even if the certAuthentication attribute is set to false. + + Allow client certificate authentication + + + + + + Allow the authentication of an SPNEGO token in the https request. + + Allow SPNEGO authentication + + + + + + Generate the Json Web Token, serialize it as a string and put in the place of the access token. + + Access token is JWT + + + + + + The max-age value (seconds) for the cache-control header of the coverage map service. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Coverage map session max age + + + + + + If the value is true, skip validation of resource owner. + + Skip resource owner validation + + + + + + The encoding type for the stored access token. The default is set to plain, for compatibility with earlier versions. PBKDF2WithHmacSHA512 is recommended. + + Access token encoding + + + + + + + + + plain + + + + + PBKDF2WithHmacSHA512 + + + + + + + + + + Optional URL that the client is redirected to after successfully invoking the logout endpoint. If a URL is not supplied, then a minimal default logout page is used. + + URL used after logout + + + + + + When set to true, OAuth authorization flows that use the resource owner password credentials grant type must use an application password instead of the password configured for a user in the user registry. When this attribute is enabled, OAuth clients must obtain an application password from this OAuth provider to use the password grant type. + + Password grant requires application password + + + + + + Specifies the lifetime of application passwords that are generated by this OAuth provider. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Application password lifetime + + + + + + Specifies the lifetime of application tokens that are generated by this OAuth provider. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Application token lifetime + + + + + + Token limit for each user and client combination. + + Application token or password limit + + + + + + The ID of an existing client that will be used to generate tokens for PersonalTokenManagement and UsersTokenManagement UI pages. + + Client ID used to generate tokens + + + + + + The secret of an existing client that will be used to generate tokens for PersonalTokenManagement and UsersTokenManagement UI pages. + + Client secret used to generate tokens + + + + + + The encoding type for the stored client secret. The default is set to XOR, for compatibility with earlier versions. PBKDF2WithHmacSHA512 is recommended. + + Client secret encoding + + + + + + + + + xor + + + + + PBKDF2WithHmacSHA512 + + + + + + + + + + If the user security name differs from the username that is supplied in the ROPC (Resource Owner Password Credentials) request, then the username is set to the user security name for all tokens that are created by the ROPC grant type. The default is false. If both ropcPreferUserSecurityName and ropcPreferUserPrincipalName are set to true, then ropcPreferUserPrincipalName takes precedence. + + ROPC grant prefers user security name + + + + + + If the user principal name differs from the username that is supplied in the ROPC (Resource Owner Password Credentials) request, then the username is set to the user principal name for all tokens that are created by the ROPC grant type. The default is false. If both ropcPreferUserSecurityName and ropcPreferUserPrincipalName are set to true, then ropcPreferUserPrincipalName takes precedence. + + ROPC grant prefers user principal name + + + + + + Track all OAuth clients that interact with this OAuth provider. + + Track OAuth clients + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Description of service + + OpenID Connect Client Web Application + + + + + + + + + Description of service + + Context path + + + + + + + OpenID Connect client. + + OpenID Connect Client + + + + + + Specifies custom parameters to send to authorization endpoint of the OpenID Connect provider. + + Custom Parameters For Authorization Endpoint + + + + + + Specifies custom parameters to send to token endpoint of the OpenID Connect provider. + + Custom Parameters For Token Endpoint + + + + + + Specifies a comma-separated list of trusted audiences that is verified against the aud claim in the JSON Web Token. + + Trusted audiences + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + Resource parameter is included in the request. + + Resource request parameter + + + + + + Specifies a comma-separated list of parameter names to forward to the OpenID Connect provider. If a protected resource request includes one or more of the specified parameters, the OpenID Connect client will include those parameters and their values in the authorization endpoint request to the OpenID Connect provider. + + Forward login parameter + + + + + + + OpenID Connect scope (as detailed in the OpenID Connect specification) that is allowed for the provider. + + Scope + + + + + + Specifies a JSON attribute in the ID token that is used as the user principal name in the subject. If no value is specified, the JSON attribute "sub" is used. The value for this property is overridden by the value for userIdentifier, if specified. + + User identity use to create a subject + + + + + + Require SSL communication between the OpenID relying party and provider service. + + Require SSL communication + + + + + + Specifies the grant type to use for this client. Use of the responseType attribute is preferred instead. + + Grant type + + + + + + + + + Authorization code grant type + + + + + Implicit grant type + + + + + + + + + + Identity of the client. + + Client identity + + + + + + Secret key of the client. + + Client secret key + + + + + + After authorization, the relying party will be redirected to this destination, instead of the default. The default is the origin of the relying party request. + + Redirect destination sent to the relying party + + + + + + Specifies a path fragment to be inserted into the redirect URL, after the host name and port. The default is an empty string. + + Path fragment inserted into redirect URL + + + + + + Set this property to false if you do not want to use JavaScript to redirect to the OpenID Connect Provider for the initial authentication request. If JavaScript is not used, any URI fragments that are present in the original inbound request are lost. + + Client side redirect + + + + + + A case-sensitive URL using the HTTPS scheme that contains scheme, host and optionally port number and path components. Specify multiple values as a comma separated list. + + Issuer identifier + + + + + + Specifies whether to map the identity to a registry user. If this is set to false, then the user registry is not used to create the user subject. + + Map identity to registry user + + + + + + A keystore containing the public key necessary for verifying the signature of the ID token. + + Trust keystore + keyStore + + + + + + Key alias name to locate public key for signature validation with asymmetric algorithm. + + Trust alias name + + + + + + Enable the nonce parameter in the authorization code flow. + + Enable the nonce parameter + + + + + + Specifies a realm name to be used to create the user subject when the mapIdentityToRegistryUser is set to false. + + Realm name + + + + + + Specifies an ID of the SSL configuration that is used to connect to the OpenID Connect provider. + + SSL reference + ssl + + + + + + Specifies the signature algorithm that will be used to verify the signature of the ID token. + + ID token signature algorithm + + + + + + + + + Tokens are not required to be signed + + + + + Use the RS256 signature algorithm to sign and verify tokens + + + + + Use the RS384 signature algorithm to sign and verify tokens + + + + + Use the RS512 signature algorithm to sign and verify tokens + + + + + Use the HS256 signature algorithm to sign and verify tokens + + + + + Use the HS384 signature algorithm to sign and verify tokens + + + + + Use the HS512 signature algorithm to sign and verify tokens + + + + + Use the ES256 signature algorithm to sign and verify tokens + + + + + Use the ES384 signature algorithm to sign and verify tokens + + + + + Use the ES512 signature algorithm to sign and verify tokens + + + + + + + + + + Specifies whether to include ID token in the client subject. + + Include ID token in the client subject + + + + + + Specifies whether the LTPA token includes the access token. + + LTPA token includes the access token + + + + + + Specifies the beginning capacity of state cache. The capacity grows bigger when needed by itself. + + Beginning capacity of state cache + + + + + + + + + + + + + + + Specifies whether to enable host name verification. + + Host name verification enabled + + + + + + Specifies a discovery endpoint URL for an OpenID Connect provider. + + Discovery endpoint URL + + + + + + Specifies an Authorization endpoint URL. + + Authorization endpoint URL + + + + + + Specifies a token endpoint URL. + + Token endpoint URL + + + + + + Specifies a User Info endpoint URL + + UserInfo endpoint URL + + + + + + Specifies whether the User info endpoint is contacted. + + User info endpoint enabled + + + + + + Specifies a JWK endpoint URL. + + JSON web key (JWK) endpoint URL + + + + + + Specifies the client identifier to include in the basic authentication scheme of the JWK request. + + JWK client identifier + + + + + + Specifies the client password to include in the basic authentication scheme of the JWK request. + + JWK client password + + + + + + Specifies the response requested from the provider, either an authorization code or implicit flow tokens. + + Response type + + + + + + + + + Authorization code + + + + + ID token + + + + + ID token and access token + + + + + Access token + + + + + + + + + + Specifies a JSON attribute in the ID token that is used as the user principal name in the subject. If no value is specified, the JSON attribute "sub" is used. + + Principal identifier + + + + + + Specifies a JSON attribute in the ID token that is used as the name of the group that the authenticated principal is a member of. + + Group identifier + + + + + + Specifies a JSON attribute in the ID token that is used as the realm name. + + Realm identifier + + + + + + Specifies a JSON attribute in the ID token that is used as the unique user name as it applies to the WSCredential in the subject. + + Unique identifier + + + + + + The method to use for sending credentials to the token endpoint of the OpenID Connect provider in order to authenticate the client. + + Authentication method of token endpoint + + + + + + + + + basic + + + + + post + + + + + Private key JWT client authentication. + + + + + + + + + + Controls the operation of the token inbound propagation of the OpenID relying party. + + Enable token inbound propagation + + + + + + + + + Support inbound token propagation + + + + + Require inbound token propagation + + + + + Do not support inbound token propagation + + + + + + + + + + The method of validation on the token inbound propagation. + + Method of validating the inbound token + + + + + + + + + Validate inbound tokens using token introspection + + + + + Validate inbound tokens using the userinfo endpoint + + + + + + + + + + Specifies whether a JWT access token that is received for inbound propagation is validated locally by the OpenID Connect client or by using the validation method that is configured by the OpenID Connect client. + + JWT access token remote validation + + + + + + + + + A JWT access token that is received for inbound propagation is parsed and validated locally by the OpenID Connect client. If validation fails, the access token is not validated by using the validation method that is configured by the OpenID Connect client. + + + + + A JWT access token that is received for inbound propagation is parsed and validated locally by the OpenID Connect client. If validation fails, the access token is validated by using the validation method that is configured by the OpenID Connect client. + + + + + A JWT access token that is received for inbound propagation is validated by using the validation method that is configured by the OpenID Connect client. The access token is not parsed or validated locally by the OpenID Connect client. + + + + + + + + + + The name of the header which carries the inbound token in the request. + + Name of the header containing the inbound token + + + + + + The endpoint URL for validating the token inbound propagation. The type of endpoint is decided by the validationMethod. + + Endpoint URL for validation + + + + + + Require the issuer claim to be absent when the OpenID Connect client validates a JWT access token for inbound propagation or when it performs token introspection for inbound propagation. + + Disable issuer checking + + + + + + An authentication session cookie will not be created for inbound propagation. The client is expected to send a valid OAuth token for every request. + + Authentication session cookie disabled + + + + + + Do not create an LTPA Token during processing of the OAuth token. Create a cookie of the specific Service Provider instead. + + Disable LTPA token + + + + + + Specifies whether to use Java system properties when the OpenID Connect client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + Authenticate a user again when its authenticating access token expires and disableLtpaCookie is set to true. + + Reauthenticate when access token expires + + + + + + The time period to authenticate a user again when its tokens are about to expire. The expiration time of an ID token is specified by its exp claim. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Cushion time for reauthentication + + + + + + Specifies whether a custom cache key is used to store users in an authentication cache. If this property is set to true and the cache key for a user is not found in the authentication cache, the user will be required to log in again. Set this property to false when you use the jwtSso feature to allow the security subject to be constructed directly from the jwtSso cookie. Set this property to false when you do not use the jwtSso feature to allow the security subject to be constructed directly from the user registry. If the security subject is reconstructed from the user registry, there will be no SSO components in the subject. If your LTPA cookie is used by more than one server, consider setting this property to false. If your application always requires the SSO components to be present in the subject, you must either set this property to true or use the jwtSso feature. + + Allow custom cache key + + + + + + Specifies the allowed clock skew in seconds when you validate the JSON Web Token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Clock skew + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies whether to create an HttpSession if the current HttpSession does not exist. + + Create session + + + + + + Maximum duration in milliseconds between redirection to the authentication server and return from the authentication server. Cookies expire after this duration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Authentication time limit + + + + + + Duration rate in milliseconds at which the OpenID Connect client checks for updates to the discovery file. The checking is done only if there is an authentication failure. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Next discovery interval + + + + + + Specifies whether JSON Web Tokens can be reused. Tokens must contain a jti claim for this attribute to be effective. The jti claim is a token identifier that is used along with the iss claim to uniquely identify a token and associate it with a specific issuer. A request is rejected when this attribute is set to false and the request contains a JWT with a jti and iss value combination that has already been used within the lifetime of the token. + + Allow re-use of JSON web tokens (JWT) + + + + + + Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JSON Web Encryption (JWE) token. + + Key management key alias + + + + + + Specifies whether authenticated subjects that are created by using a propagated access tokens are cached. + + Enable access token cache + + + + + + Specifies how long an authenticated subject that is created by using a propagated access token is cached. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Access token cache timeout + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies additional parameters to include in the requests to send to the provider. + + Custom Parameters To Include In Requests + + + + + + + + + Specifies name of the additional parameter. + + Custom request parameter name + + + + + + Specifies value of the additional parameter. + + Custom request parameter value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify the claims for the scope. + + Scope To Claims Map + + + + + + + + + Specify a comma-separated list of claims associated with the profile scope. + + Profile scope + + + + + + Specify a comma-separated list of claims associated with the email scope. + + Email scope + + + + + + Specify a comma-separated list of claims associated with the address scope. + + Address scope + + + + + + Specify a comma-separated list of claims associated with the phone scope. + + Phone scope + + + + + + Specify the claims for the scope. + + Scope to claims map + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify the user registry key for the claim. + + Claim To User Registry Map + + + + + + + + + Specify the user registry key that will be retrieved for the name claim. + + Name claim + + + + + + Specify the user registry key that will be retrieved for the given_name claim. + + Given name claim + + + + + + Specify the user registry key that will be retrieved for the picture claim. + + Picture claim + + + + + + Specify the user registry key that will be retrieved for the email claim. + + Email claim + + + + + + Specify the user registry key that will be retrieved for the address claim. + + Address claim + + + + + + Specify the user registry key that will be retrieved for the phone_number claim. + + Phone number claim + + + + + + Specify the user registry key for the claim. + + Claim to user registry map + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specify a property in addition to the parent element properties + + Additional Property + + + + + + + + + Specify the name of the property + + Property name + + + + + + Specify the value of the property + + Value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + OpenID Connect server provider + + OpenID Connect Server Provider + + + + + + A reference to the ID of an OAuth provider. + + OAuth Provider Reference + + + + + + The extra claims to be put in the payloads of the ID token, in addition to the default realmName, uniqueSecurityName, and groupIds claims. + + Extra claims of ID token + + + + + + + + + + A reference to the ID of an OAuth provider. + + OAuth provider reference + oauthProvider + + + + + + Specify an issuer identifier for the issuer of the response. + + Issuer identifier + + + + + + When this property is set to true, the default SSO cookie name, ltpaToken2, is used if a custom SSO cookie name is not configured. If a custom cookie name is configured for SSO, that cookie name is used. If a custom cookie name is not configured and this property is set to false, an auto-generated SSO cookie name will be used. + + Allow default SSO cookie name + + + + + + When JWK is enabled, the OpenID Connect provider dynamically generates key pairs for signing JWT tokens that it creates. To validate the signature, the client can retrieve the key from the JWK endpoint, which has the format https://<host_name>:<port_number>/oidc/endpoint/<provider_id>/jwk. When this attribute is false, the provider will use the key that is specified by the keyAliasName attribute to sign the JWT. The provider will still make that key available as a JWK from the JWK endpoint if this attribute is false. + + Enable JSON web key (JWK) + + + + + + Enable caching to save ID tokens in the database and in-memory cache. + + Cache ID tokens + + + + + + Amount of time after which a new JWK will be generated. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. + + JWK rotation time + + + + + + Size measured in bits of the signing key. + + JWK signing key size + + + + + + + + + 1024 bits + + + + + 2048 bits + + + + + 4096 bits + + + + + + + + + + Specify the signature algorithm that will be used to sign the ID token. + + ID token signature algorithm + + + + + + + + + No signature + + + + + RSASSA-PKCS-v1_5 using SHA-256 hash + + + + + HMAC using SHA-256 hash + + + + + + + + + + A keystore containing the private key necessary for signing with an asymmetric algorithm. + + Keystore + keyStore + + + + + + Key alias name to locate the private key for signing with an asymmetric algorithm. + + Key alias name + + + + + + A keystore containing the public key necessary for verifying a signature of the JWT token. + + Trust keystore + keyStore + + + + + + Indicate by true or false whether session management is supported. Default is false. + + Session managed + + + + + + Time that ID token is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + ID token lifetime + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Discovery is based on OpenID Connect and Jazz Authorization Server Profile. + + Discovery + + + + + + Specify by comma the list of the response types that will be supported by the OP. + + Response types supported + + + + + + + + + code + + + + + token + + + + + id_token token + + + + + + + + + + Specify the signature algorithm that will be used to sign the ID token. + + ID token signing algorithms supported + + + + + + + + + No signature + + + + + RSASSA-PKCS-v1_5 using SHA-256 hash + + + + + HMAC using SHA-256 hash + + + + + + + + + + Specify by comma the list of scopes that will be supported. + + Scopes supported + + + + + + Specify by comma the list of claims that will be supported. + + Claims supported + + + + + + Specify by comma the list of the response modes that will be used. + + Response modes supported + + + + + + + + + query + + + + + fragment + + + + + form_post + + + + + + + + + + Specify by comma the list of the grant types that will be used. + + Grant types supported + + + + + + + + + authorization_code + + + + + implicit + + + + + refresh_token + + + + + client_credentials + + + + + password + + + + + urn:ietf:params:oauth:grant-type:jwt-bearer + + + + + + + + + + Specify by comma the list of the token endpoint authentication methods that will be used. + + Token endpoint authentication methods supported + + + + + + + + + none + + + + + client_secret_post + + + + + client_secret_basic + + + + + + + + + + + Indicate by true or false whether claims parameter is supported. + + Claim parameter supported + + + + + + Indicate by true or false whether request parameter is supported. + + Request parameter supported + + + + + + Indicate by true or false whether request URI parameter is supported. + + Request URI parameter supported + + + + + + Indicate by true or false whether require request URI registration is supported. + + Require request URI registration + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies a list of x509 certificates that are used to verify the signature. + + X509 Certificate + + + + + + + + + Specifies the path to the x509 certificate. + + X509 certificate path + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the PKIX trust information that is used to evaluate the trustworthiness and validity of XML signatures in a SAML response. Do not specify multiple pkixTrustEngine in a samlWebSso20. + + PKIX Trust Engine + + + + + + Specifies the identities of trusted IdP issuers. If the value is "ALL_ISSUERS", then all IdP identities are trusted. + + Trusted issuers + + + + + + + + + A keystore containing the public key necessary for verifying the signature of the SAMLResponse and Assertion. + + Trust keystore or anchor reference + keyStore + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Controls the operation of the Security Assertion Markup Language Web SSO 2.0 Mechanism. + + SAML Web SSO 2.0 Authentication + + + + + + A URI reference identifying an authentication context class that describes the authentication context declaration. The default is null. + + Authentication context class reference + + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + The header name of the HTTP request which stores the SAML Token. + + Header name + + + + + + The list of audiences which are trusted to verify the audience of the SAML Token. If the value is "ANY", then all audiences are trusted. + + Audiences of SAML token + + + + + + + Enforce using SSL communication when accessing a SAML WebSSO service provider end point such as acs or metadata. + + Require SSL communication + + + + + + Controls the operation of the Security Assertion Markup Language Web SSO 2.0 for the inbound propagation of the Web Services Mechanisms. + + Enable SAML inbound propagation + + + + + + + + + %inboundPropagation.required + + + + + %inboundPropagation.none + + + + + + + + + + Indicates a requirement for the <saml:Assertion> elements received by this service provider to contain a Signature element that signs the Assertion. + + Sign SAML assertion + + + + + + Indicates the required algorithm by this service provider. + + Signature algorithm + + + + + + + + + SHA-256 signature algorithm + + + + + %signatureMethodAlgorithm.SHA128 + + + + + SHA-1 signature algorithm + + + + + + + + + + Specifies whether to create an HttpSession if the current HttpSession does not exist. + + Create session + + + + + + Indicates whether the <samlp:AuthnRequest> messages sent by this service provider will be signed. + + Sign the samlp:AuthnRequest messages + + + + + + Specifies whether to include the x509 certificate in the Liberty SP metadata. + + Include x509 in metadata + + + + + + Indicates whether the IdP should force the user to re-authenticate. + + IdP forces user to re-authenticate + + + + + + Indicates IdP must not take control of the end user interface. + + IdP controls the interface of end user + + + + + + Allow the IdP to create a new account if the requesting user does not have one. + + Allow create new account + + + + + + When an authnContextClassRef is specified, the authnContextComparisonType can be set. + + The comparison type + + + + + + + + + Exact. The authentication context in the authentication statement must be an exact match of at least one of the authentication contexts specified. + + + + + Minimum. The authentication context in the authentication statement must be at least as strong as one of the authentication contexts specified. + + + + + Maximum. The authentication context in the authentication statement must be as strong as possibe without exceeding the strength of at least one of the authentication contexts specified. + + + + + Better. The authentication context in the authentication statement must be stronger than any one of the authentication contexts specified. + + + + + + + + + + Specifies the URI reference corresponding to a name identifier format defined in the SAML core specification. + + Unique identifier of name id format + + + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:entity + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted + + + + + Customized Name ID Format. + + + + + + + + + + Specifies the customized URI reference corresponding to a name identifier format that is not defined in the SAML core specification. + + Customized XML name space of name id format + + + + + + Specifies the IdP metadata file. + + IdP metadata file + + + + + + A keystore containing the private key for the signing of the AuthnRequest, and the decryption of EncryptedAssertion element. The default is the server's default. + + Keystore reference + keyStore + + + + + + Key alias name to locate the private key for signing and decryption. This is optional if the keystore has exactly one key entry, or if it has one key with an alias of 'samlsp'. + + Key alias name + + + + + + Specifies the SAML IdP login application URL to which an unauthenticated request is redirected. This attribute triggers IdP-initiated SSO, and it is only required for IdP-initiated SSO. + + User defined login page URL + + + + + + Specifies an error page to be displayed if the SAML validation fails. If this attribute is not specified, and the received SAML is invalid, the user will be redirected back to the SAML IdP to restart SSO. + + SAML validation error URL + + + + + + This is used to specify the allowed clock skew in minutes when validating the SAML token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + The time difference allowed between systems + + + + + + This property is used to specify how long the Liberty SP should prevent token replay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + The timeout value to prevent token replay + + + + + + Indicates an upper bound on SAML session durations, after which the Liberty SP should ask the user to re-authenticate to the IdP. If the SAML token returned from the IdP does not contain a sessionNotOnOrAfter assertion, the value specified by this attribute is used. This property is only used if disableLtpaCookie=true. The default value is true. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + The default SAML session timeout value + + + + + + Specifies a SAML attribute that is used as the user principal name in the subject. If no value is specified, the NameID SAML assertion element value is used. + + Principal identifier + + + + + + Specifies a SAML attribute that is used as the name of the group that the authenticated principal is a member of. There is no default value. + + Group identifier + + + + + + Specifies a SAML attribute that is used as the unique user name as it applies to the WSCredential in the subject. The default is the same as the userIdentifier attribute value. + + Unique identifier + + + + + + Specifies a SAML attribute that is used as the realm name. If no value is specified, the Issuer SAML assertion element value is used. + + Realm identifier + + + + + + Specifies whether to include a SAML assertion in the subject. + + Include SAML assertion in the subject + + + + + + Specifies how to map an identity to a registry user. The options are No, User, and Group. The default is No, and the user registry is not used to create the user subject. + + Map a SAML identity to a registry user + + + + + + + + + Do not map a SAML identity to a user or group in the registry + + + + + Map a SAML identity to a user defined in the registry + + + + + Map a SAML identity to a group defined in the user registry + + + + + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + When too many authentication requests are created by Service Provider and redirected to IdP due to the application SSO setup, set this attribute to true to prevent creation of the initial request cookie. The default is false. + + Disable initial request cookie creation + + + + + + Do not create an LTPA Token during processing of the SAML Assertion. Create a cookie of the specific Service Provider instead. + + Disable LTPA token + + + + + + Specifies a cookie name for the SAML service provider. The service provider will provide one by default. + + SAML server provider cookie name + + + + + + Specifies a realm name when mapToUserRegistry is set to No or Group. + + Realm name + + + + + + Specifies the life time period of an authnReuqest which is generated and sent from the service provider to an IdP for requesting a SAML Token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + AuthnRequest alive time period + + + + + + The service provider is enabled if true and disabled if false. + + SP enabled + + + + + + Allow generating a custom cache key to access the authentication cache and get the subject. + + Customized cache key + + + + + + Specifies the hostname and port number by which the IdP addresses this SAML service provider. Use this attribute if the browser needs to be redirected to a router or proxy server instead of directly connecting to the service provider. The format for the value for this attribute is (scheme)://(proxyOrRouterHost):(proxyOrRouterPort). For example, https://myRouter.com:443. + + SAML host name and port number + + + + + + Authenticate the incoming HTTP request again when the NotOnOrAfter value in the Conditions element of the SAML Assertion is expired. + + Authenticate again when assertion expires + + + + + + The time period to authenticate the user again when the Subject associated with a SAML Assertion is about to expire. This cushion is applied to both the NotOnOrAfter value in the Conditions element and the SessionNotOnOrAfter attribute of the SAML Assertion. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Cushion time to authenticate again + + + + + + The default landing page for the IdP-initiated SSO if the relayState is missing. This property must be set to a valid URL if useRelayStateForTarget is set to false. + + Target page URL + + + + + + When doing IdP-initiated SSO, this property specifies if the relayState in a SAMLResponse should be used as the target URL. If set to false, the value for targetPageUrl is always used as the target URL. + + Use relayState for target URL + + + + + + The client is redirected to this optional URL after the client invokes the SAML logout endpoint and the logout completes + + URL used after logout + + + + + + Perform a SAML logout when you invoke the HttpServletRequest.logout method or the ibm_security_logout URL. + + Automatic SAML logout + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the list of crls that are used to evaluate the validity of the signature. + + CRL + + + + + + + + + Specifies the path to the crl. + + CRL path + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Controls how HTTP sessions are persisted using JCache. + + HTTP Session Cache + Use these properties to tune performance. + + + + + + Identifies JCache provider files. + + Shared Library + + + + + + + The JCache CacheManager reference that is used to get the HTTP session JCache caches. + + JCache CacheManager + + + + + + + Specifies which session data is written to the persistent store. + + Write contents + + + + + + + + + + Only attributes for which setAttribute is invoked are written to the persistent store. + + + + + Attributes for which getAttribute or setAttribute is invoked are written to the persistent store. This can be useful for applications that use getAttribute to obtain and mutate attribute values without using setAttribute to explicitly request that they be written to the persistent store. + + + + + All attributes are written to the persistent store regardless of whether getAttribute or setAttribute are invoked. + + + + + + + + + + Specifies when session data is written to the persistent store. + + Write frequency + + + + + + + + + + Session data is written to the persistent store after the servlet completes execution. + + + + + Session data is written to the persistent store upon programmatic sync of the IBMSession object. + + + + + Session data is written to the persistent store according to the write interval. + + + + + + + + + + Specifies how often to write session data to the persistent store. This value is used when a time-based write frequency is enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Write interval + + + + + + + Identifies JCache provider files. + + Shared Library + library + + + + + + Vendor-specific JCache configuration URI, which is passed to the JCache provider when the CacheManager is obtained. This setting is ignored when cacheManagerRef is used. + + JCache configuration URI + + + + + + Enable this option to reduce the number of cache updates required to remove invalidated HTTP sessions. Specify an hour of the day when there is the least activity. When this option is disabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions. + + First hour of scheduled invalidation + + + + + + + + + + + + + + + + + Enable this option to reduce the number of cache updates required to remove invalidated HTTP sessions. Specify an hour of the day when there is the least activity. When this option is disabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions. + + Second hour of scheduled invalidation + + + + + + + + + + + + + + + + + The single character used to separate the session meta cache name. The default value should usually be used. + + Cache name separator + + + + + + + By default, per-application JCache session cache names are generated by using the context root. When the JCache session caches are distributed across multiple servers, multiple applications with the same context root might exist that must not share a session cache. When this option is enabled, application names are included in JCache cache names to help avoid conflicting JCache cache names. The default value is false. + + Use the application name in the cache names + + + + + + + The JCache CacheManager reference that is used to get the HTTP session JCache caches. + + JCache cache manager reference + cacheManager + + + + + + + List of vendor-specific JCache configuration properties, which are passed to the JCache provider when the CacheManager is obtained. This setting is ignored when cacheManagerRef is used. + + JCache Configuration Properties + + + + + + + + + + List of vendor-specific JCache configuration properties, which are passed to the JCache provider when the CacheManager is obtained. This setting is ignored when cacheManagerRef is used. + + Vendor specific properties + + + + + + + + Controls how HTTP sessions are persisted to a database. + + HTTP Session Database + + Changing these settings may enhance performance. + Changing these settings may enhance performance, but the default values work for most environments. + These optional settings are only applicable to DB2 databases. + These optional settings are only applicable to Oracle databases. + + + + + + + + + The identifier of the data source the session manager should use to persist HTTP session data. + + Data source + + + + + + The database table name. + + Table name + + + + + + When enabled, each session data attribute is placed in a separate row in the database, allowing larger amounts of data to be stored for each session. This configuration can yield better performance when session attributes are very large and few changes are required to the session attributes. When disabled, all session data attributes are placed in the same row for each session. + + Use multi row schema + + + + + + Set this property to "true" to disable index creation on server startup. This custom property should only be used if you want to manually create your own database indices for session persistence. However, it is recommended that you let session manager create database indices. Before enabling this property, make sure that the correct index does exist on your session database. + + Skip index creation + + + + + + Specifies when session data is written to the persistent store. By default, session data is written to the persistent store after the servlet completes execution. Changing this value can improve performance in some environments. + + Write frequency + + + + + + + + + + Session data is written to the persistent store after the servlet completes execution. + + + + + A programmatic sync on the IBMSession object is required to write the session data to the persistent store. + + + + + Session data is written to the persistent store based on the specified write interval value. + + + + + + + + + + Number of seconds that should pass before writing session data to the persistent store. The default is 120 seconds. This value is only used when a time based write frequency is enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. You can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. + + Write interval + + + + + + + Specifies how much session data should be written to the persistent store. By default, only updated attributes are written, but all attributes can be written instead (regardless of whether or not they changed). + + Write contents + + + + + + + + + + Only updated attributes are written to the persistent store. + + + + + Attributes for which getAttribute or setAttribute is invoked are written to the persistent store. This can be useful for applications that use getAttribute to obtain and mutate attribute values without using setAttribute to explicitly request that they be written to the persistent store. + + + + + All attributes are written to the persistent store. + + + + + + + + + + Enable this option to reduce the number of database updates required to keep the HTTP sessions alive. Specify the two hours of a day when there is the least activity in the application server. When this option is disabled, the invalidator process runs every few minutes to remove invalidated HTTP sessions. + + Schedule invalidation + + + + + + + Indicates the first hour during which the invalidated sessions are cleared from the persistent store. Specify this value as an integer between 0 and 23. This value is valid only when schedule invalidation is enabled. + + First hour of day + + + + + + + Indicates the second hour during which the invalidated sessions are cleared from the persistent store. Specify this value as an integer between 0 and 23. This value is valid only when schedule invalidation is enabled. + + Second hour of day + + + + + + + Set this property to "true" to maintain affinity to the new member even after original one comes back up. When a cluster member fails, its requests routed to a different cluster member, and sessions are activated in that other member. Thus, session affinity is maintained to the new member, and when failed cluster member comes back up, the requests for sessions that were created in the original cluster member are routed back to it. Allowed values are true or false, with the default being false. Set this property to true when you have distributed sessions configured with time-based write. Note that this property has no affect on the behavior when distributed sessions are not enabled. + + No affinity switchBack + + + + + + + Set this property to "true" to reuse the incoming identifier if the session with that identifier was recently invalidated. This is a performance optimization because it prevents checking the persistent store. + + Use invalidated identifier + + + + + + + A value of true indicates that the last access time of a session should only be updated if a request gets the session. A value of false indicates that the last access time of a session should be updated upon every request. Changing this value can improve performance in some environments. + + Only check in cache during pre invoke + + + + + + + If the user's browser session is moving back and forth across multiple web applications, you might see extra persistent store activity as the in-memory sessions for a web module are refreshed from the persistent store. As a result, the cache identifiers are continually increasing and the in-memory session attributes are overwritten by those of the persistent copy. Set this property to true if you want to prevent the cache identifiers from continually increasing. A value of true indicates that the session manager should assess whether the in-memory session for a web module is older than the copy in persistent store. If the configuration is a cluster, ensure that the system times of each cluster member are as identical as possible. + + Optimize cache identifier increments + + + + + + + Table space page size configured for the sessions table, if using a DB2 database. Increasing this value can improve database performance in some environments. + + DB2 row size + + + + + + + + + + Use the default table space page size of 4 KB. You do not need to create a DB2 buffer pool or table space, and you do not need to specify a table space name. + + + + + Use a table space page size of 8 KB. You must additionally create a DB2 buffer pool and table space, and specify 8KB as the page size for both. You must also specify the name of the table space you created. + + + + + Use a table space page size of 16 KB. You must additionally create a DB2 buffer pool and table space, and specify 16KB as the page size for both. You must also specify the name of the table space you created. + + + + + Use a table space page size of 32 KB. You must additionally create a DB2 buffer pool and table space, and specify 32KB as the page size for both. You must also specify the name of the table space you created. + + + + + + + + + + Table space to be used for the sessions table. This value is only required when the DB2 Row Size is greater than 4KB. + + Table space name + + + + + + + Set this property to "true" if you are using DB2 for session persistence and the currentSchema property is set in the data source. + + Use custom schema name + + + + + + + Set this property to "true" to create the database table using the Binary Large Object (BLOB) data type for the medium column. This value increases performance of persistent sessions when Oracle databases are used. Due to an Oracle restriction, BLOB support requires use of the Oracle Call Interface (OCI) database driver for more than 4000 bytes of data. You must also ensure that a new sessions table is created before the server is restarted by dropping your old sessions table or by changing the datasource definition to reference a database that does not contain a sessions table. + + Use Binary Large Object (BLOB) for medium column + + + + + + + Set the limit of stored data per record, in megabytes. The default is 2 megabytes. + + Oracle row size limit + + + + + + + Additional properties related to session persistence. + + Additional properties + + + + + + + + The configuration of the social login for Linkedin. + + Linkedin Social Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + + The application or client ID. + + ID of application or client + + + + + + The secret of the application or client. + + Secret of application or client + + + + + + Specifies an Authorization end point URL. + + Authorization end point URL + + + + + + Specifies a token end point URL. + + Token end point URL + + + + + + The URL of retrieving the user information. + + User information URL + + + + + + Specifies required scope. + + OAuth scope + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + Specifies required authentication method. + + Authentication method + + + + + + + + + client_secret_basic + + + + + client_secret_post + + + + + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + Specifies the OAuth response type. + + OAuth response type + + + + + + + + + Authorization code + + + + + + + + + + + The configuration of the social login for Google. + + Google Social Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + + The application or client ID. + + ID of application or client + + + + + + The secret of the application or client. + + Secret of application or client + + + + + + Specifies an Authorization end point URL. + + Authorization end point URL + + + + + + Specifies a token end point URL. + + Token end point URL + + + + + + Specifies a JSON Web Key service URL. + + JWK endpoint url + + + + + + Specifies required scope. + + OAuth scope + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + Specifies required authentication method. + + Authentication method + + + + + + + + + client_secret_basic + + + + + client_secret_post + + + + + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + The url of the issuer. + + Issuer + + + + + + The value of the claim is used as the subject realm. + + Claim as the realm + + + + + + The value of the claim is used as the user group membership. + + Claim as the group + + + + + + The value of the claim is used as the subject uniqueId. + + Claim as subject unique id + + + + + + The maximum time difference in milliseconds between when a key is issued and when it can be used. + + Clock skew + + + + + + The algorithm that is used to sign a token or key. + + Signature algorithm + + + + + + Specifies the OAuth response type. + + OAuth response type + + + + + + + + + Authorization code + + + + + ID token and access token + + + + + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + + The configuration of the social login for GitHub. + + GitHub Social Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + + The application or client ID. + + ID of application or client + + + + + + The secret of the application or client. + + Secret of application or client + + + + + + Specifies an Authorization end point URL. + + Authorization end point URL + + + + + + Specifies a token end point URL. + + Token end point URL + + + + + + The URL of retrieving the user information. + + User information URL + + + + + + Specifies required scope. + + OAuth scope + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + Specifies required authentication method. + + Authentication method + + + + + + + + + client_secret_basic + + + + + client_secret_post + + + + + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + Specifies the OAuth response type. + + OAuth response type + + + + + + + + + Authorization code + + + + + + + + + + + The configuration of the social login for Twitter. + + Twitter Social Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + + Consumer key issued by Twitter. + + Consumer key + + + + + + Consumer secret issued by Twitter. + + Consumer secret + + + + + + The request token endpoint of Twitter. + + Request token URL + + + + + + The user authorization end point URL of Twitter. + + Authorization URL + + + + + + The token end point URL of Twitter. + + Token end point URL + + + + + + The URL of retrieving the user information. + + User information URL + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + + Social Login Web Application. + + Social Login Web Application + + + + + + + + + The context path that the social login web application redirect servlet listens on. + + Context path + + + + + + When this property is set to true and a custom social media selection page is not configured, the default social media selection page will include inputs for a user name and password. Users may choose to authenticate with a user name and password instead of selecting a social media provider. The user name and password will be verified against the configured user registry. + + Enable local authentication + + + + + + The URL of a custom web page that can display social media options that are available to use for authentication. The value must be an absolute URI that uses the HTTP or HTTPS protocol, or a relative URI. The web page must be able to receive HTTP request parameters that include the server configuration information that is required to display and submit the appropriate options. See the product documentation for more information. + + Social media selection page + + + + + + + The configuration of the social login for Facebook. + + Facebook Social Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + + The application or client ID. + + ID of application or client + + + + + + The secret of the application or client. + + Secret of application or client + + + + + + The login authorization end point URL of Facebook. + + Login dialog end point URL + + + + + + Specifies a token end point URL. + + Token end point URL + + + + + + The URL of retrieving the user information. + + User information URL + + + + + + Specifies the required scope from Facebook. + + OAuth permissions + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + Specifies required authentication method. + + Authentication method + + + + + + + + + client_secret_basic + + + + + client_secret_post + + + + + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + Specifies the OAuth response type. + + OAuth response type + + + + + + + + + Authorization code + + + + + + + + + + + The configuration of a social login that uses OIDC. + + OIDC Social Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + Specifies custom parameters to send to the authorization endpoint of the OpenID Connect provider. + + Custom Parameters For Authorization Endpoint + + + + + + Specifies custom parameters to send to the token endpoint of the OpenID Connect provider. + + Custom Parameters For Token Endpoint + + + + + + + The unique ID. + + Unique ID + uniqueId + + + + + + The application or client ID. + + ID of application or client + + + + + + The secret of the application or client. + + Secret of application or client + + + + + + Specifies an Authorization end point URL. + + Authorization end point URL + + + + + + Specifies a token end point URL. + + Token end point URL + + + + + + Specifies a UserInfo end point URL. + + Userinfo end point URL + + + + + + Specifies whether the User Info endpoint is contacted. + + Userinfo endpoint enabled + + + + + + Specifies a JSON Web Key service URL. + + JWK endpoint url + + + + + + Specifies required scope. + + OAuth scope + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies a trusted key alias for using the public key to verify the signature of the token. + + Trusted alias name + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + The url of the issuer. + + Issuer + + + + + + The value of the claim is used as the subject realm. + + Claim as the realm + + + + + + The value of the claim is used as the user group membership. + + Claim as the group + + + + + + The value of the claim is used as the subject uniqueId. + + Claim as subject unique id + + + + + + The maximum time difference in milliseconds between when a key is issued and when it can be used. + + Clock skew + + + + + + The algorithm that is used to sign a token or key. + + Signature algorithm + + + + + + Specifies required authentication method. + + Authentication method + + + + + + + + + client_secret_basic + + + + + client_secret_post + + + + + Private key JWT client authentication. + + + + + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + Specifies whether to enable host name verification when the client contacts the provider. + + Host name verification enabled + + + + + + Specifies the OAuth response type. + + OAuth response type + + + + + + + + + Authorization code + + + + + ID token and access token + + + + + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + Specifies a discovery endpoint URL for an OpenID Connect provider. + + Discovery endpoint URL + + + + + + Rate in milliseconds at which the OpenID Connect client checks for updates to the discovery file. The check is done only if an authentication failure exists. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Next discovery interval + + + + + + Specifies the client identifier to include in the basic authentication scheme of the JWK request. + + JWK client identifier + + + + + + Specifies the client password to include in the basic authentication scheme of the JWK request. + + JWK client password + + + + + + Specifies whether to create an HttpSession if the current HttpSession does not exist. + + Create session + + + + + + Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JSON Web Encryption (JWE) token. + + Key management key alias + + + + + + + + + + + + The configuration of social login for OpenShift service accounts. + + OpenShift Service Account Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + The unique ID. + + Unique ID + uniqueId + + + + + + URL that is used to retrieve information about a user from a token. + + User validation API URL + + + + + + The length of time for which the social login feature caches the response from the user validation API. If a response is cached and the length of time that is specified by this attribute has passed, a new request to the user validation API is sent. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + User API response cache time + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + The realm name for this social media. + + Realm name + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + + + + + + + Specifies the information that is used to build the JWT tokens. This information includes the JWT builder reference and the claims from the id token. + + JWT Builder + + + + + + Specifies a comma-separated list of claims to copy from the user information or the id token. + + List of claims to copy to the JWT token + + + + + + + The referenced JWT builder creates a JWT token, and the token is added to the authenticated subject. + + Builder reference + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies additional parameters to include in the requests to send to the provider. + + Custom Parameters To Include In Requests + + + + + + + + + Specifies the name of the additional parameter. + + Custom request parameter name + + + + + + Specifies the value of the additional parameter. + + Custom request parameter value + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + The configuration of a generic social media login. + + OAuth Login + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + + The unique ID. + + Unique ID + uniqueId + + + + + + The name of the social login configuration for display. + + Name of social login + + + + + + The website address. + + Website + + + + + + Specifies an Authorization end point URL. + + Authorization end point URL + + + + + + Specifies a token end point URL. + + Token end point URL + + + + + + Specifies the OAuth response type. + + OAuth response type + + + + + + + + + Authorization code + + + + + + + + + + Specifies required authentication method. + + Authentication method + + + + + + + + + client_secret_basic + + + + + client_secret_post + + + + + + + + + + Specifies an ID of the SSL configuration that is used to connect to the social media. + + SSL reference + ssl + + + + + + Specifies required scope. + + OAuth scope + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Specifies a callback protocol, host, and port number. For example, https://myhost:8020. + + Callback host and port number + + + + + + The application or client ID. + + ID of application or client + + + + + + The secret of the application or client. + + Secret of application or client + + + + + + The value of the claim is authenticated user principal. + + Claim as the principal + + + + + + The URL of retrieving the user information. + + User information URL + + + + + + The realm name for this social media. + + Realm name + + + + + + The value of the claim is used as the subject realm. + + Claim as the realm + + + + + + The value of the claim is used as the user group membership. + + Claim as the group + + + + + + The value of the claim is used as the subject uniqueId. + + Claim as subject unique id + + + + + + Specifies whether to map userIdentifier to registry user. + + Map user identifier + + + + + + Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. + + Is client side redirection supported + + + + + + Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. + + Use system properties for HTTP client connections + + + + + + Indicates which specification to use for the user API. + + User API specification + + + + + + + + + Indicates that the user API can be directly started with an HTTP GET request. + + + + + Indicates that the user API is a Kubernetes TokenReview API. + + + + + internal + + + + + + + + + + Specifies the access token that has permission to call the user API. For OpenShift, the token is from a service account with permission to call the TokenReview API, which usually requires the system:auth-delegator role. + + Access token for user API calls + + + + + + Determines whether the access token that is provided in the request is used for authentication. If true, the client must provide a valid access token. + + Access token authentication required + + + + + + Determines whether to support access token authentication if an access token is provided in the request. If true, and an access token is provided in the request, the access token is used as an authentication token. + + Access token authentication supported + + + + + + Name of the header to use when an OAuth access token is forwarded. + + OAuth access token header name + + + + + + + + + + + + Controls the operation of the Simple and Protected GSS-API Negotiation Mechanism. + + Spnego Authentication + + + + + + Specifies the authentication filter reference. + + Authentication Filter Reference + + + + + + + Specifies the authentication filter reference. + + Authentication filter reference + authFilter + + + + + + Controls whether you want to use the canonical host name. + + Use canonical host name + + + + + + Deprecated: use configFile attribute on the <kerberos> element instead. Specifies the fully qualified Kerberos configuration path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path. + + The Kerberos configuration file with full path + + + + + + Deprecated: use keytab attribute on the <kerberos> element instead. Specifies the fully qualified Kerberos keytab path and name. Standard variable substitutions, such as ${server.config.dir}, can be used when specifying the directory path. The Kerberos keytab file contains a list of keys that are analogous to user passwords. It is important for hosts to protect their Kerberos keytab files by storing them on the local disk. + + The Kerberos keytab file name and include path + + + + + + Specifies a list of Kerberos service principal names separated by a comma. + + The Kerberos service principal names (SPN) + + + + + + Specifies that SPNEGO is used to log in to WebSphere Application Server first. However, if the login fails, then the application authentication mechanism is used to log in to the WebSphere Application Server. + + Disable fall back to application authentication + + + + + + Specifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response that is displayed by the browser client application if it does not support SPNEGO authentication. + + SPNEGO not supported error page URL + + + + + + Specifies the URL of a resource that contains the content which SPNEGO includes in the HTTP response, which is displayed by the browser client application. + + NTLM token received error page URL + + + + + + Specifies the URL of a resource that contains the content that SPNEGO includes in the HTTP response. The HTTP response is displayed by the browser client application. + + SPNEGO authentication error page URL + + + + + + Specifies whether SPNEGO removes the suffix of the Kerberos principal user name, starting from the @ that precedes the Kerberos realm name. If this attribute is set to true, the suffix of the principal user name is removed. If this attribute is set to false, the suffix of the principal name is retained. + + Remove the realm name from a Kerberos principal + + + + + + Specifies whether the client delegation credentials should be stored in a client subject. + + Add the client delegation credentials to subject + + + + + + Specifies whether the custom cache key is stored in a client subject and LTPA cookie. If this property is set to true and the cache key for a user is not found in the authentication cache, the user is required to log in again. Set this property to false when you use the SPNEGO feature to allow the security subject to be constructed from the LTPA cookie and the user registry. If the security subject is reconstructed from the LTPA cookie and the user registry, no Kerberos or GSS credentials are included in the subject. If more than one server uses your LTPA cookie, consider setting this property to false. + + Add the custom cache key to subject + + + + + + Do not create an LTPA cookie during processing of the SPNEGO token. No LTPA cookie is added to the HTTP response. + + Disable LTPA cookie + + + + + + + Group that has the security role. + + Group + + + + + + + + + Name of a group that has the security role. + + Group name + + + + + + A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified. + + Group access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + User who has the security role. + + User + + + + + + + + + Name of a user who has the security role. + + User name + + + + + + A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified. + + User access ID + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A collection of role names and mappings of the roles to users, groups, or special subjects + + Feature Authorization Role Mapping + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + A role that is mapped to users and groups in a user registry. + + Security Role + + + + + + + + + + Role name. + + Role name + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Special subject that has the security role. + + Special Subject + + + + + + + + + One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. + + Special subject type + + + + + + + + + All authenticated users. + + + + + All users for every request, even if the request was not authenticated. + + + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration properties for the Web Services Atomic Transaction feature. + + WS-AtomicTransaction + + + + + + + + + When set to true, WS-AtomicTransaction internal event messages sent between the WS-AT coordinator and participant are encrypted using SSL. + + SSL enabled + + + + + + Specifies the SSL configuration to be used for the WS-AtomicTransaction protocol when SSL is enabled. + + SSL reference + ssl + + + + + + Specifies whether additional client authentication is enabled for the WS-AtomicTransaction protocol when SSL is enabled. + + SSL client authentication enabled + + + + + + Optionally specifies the host and port address of a proxy server used to route the WS-AtomicTransaction protocol. + + Proxy server address + + + + + + + Web Services Security default configuration for provider. + + WS-Security Provider + + + + + + + Caller token. + + WebSphere Caller + + + + + + Required signature configuration. + + Signature Properties + + + + + + Required encryption configuration. + + Encryption Properties + + + + + + + + User information to create Username Token. + + User name + + + + + + Password callback handler implementation class. + + Password callback handler + + + + + + Alias used for accessing encryption keystore. + + Encryption alias + + + + + + Alias used for accessing signature keystore. + + Signature alias + + + + + + Whether to cache UsernameToken nonces. + + Nonce cache + + + + + + Collection of additional properties for web services security. + + Additional properties + + + + + + + + Web Services Security default configuration for client. + + WS-Security Client + + + + + + + Required signature configuration. + + Signature Properties + + + + + + Required encryption configuration. + + Encryption Properties + + + + + + + User information to create Username Token. + + User name + + + + + + User password information needed to create Username Token. + + Password + + + + + + Password callback handler implementation class. + + Password callback handler + + + + + + Alias used for accessing encryption keystore. + + Encryption alias + + + + + + Alias used for accessing signature keystore. + + Signature alias + + + + + + Collection of additional properties for web services security. + + Additional properties + + + + + + + + Configuration information such as keystore type, keystore password + + WS-Security Encryption + + + + + + + + + + JKS, JCEKS or PKCS11 + + Keystore type + + + + + + The default keystore alias to use, if none is specified. + + Keystore alias + + + + + + Password to access keystore file. + + Keystore password + + + + + + Provider used to create Crypto instances. Defaults to "org.apache.ws.security.components.crypto.Merlin". + + WSS4J provider + + + + + + The location of the keystore + + Keystore file + + + + + + The provider used to load keystores. Defaults to installed provider. + + Keystore provider + + + + + + The provider used to load certificates. Defaults to keystore provider. + + Certificate provider + + + + + + The location of an (X509) CRL file to use. + + X509 CRL file + + + + + + The default password used to load the private key. + + Key password + + + + + + The location of the truststore + + Truststore file + + + + + + The truststore password. + + Truststore password + + + + + + The truststore type. + + Truststore type + + + + + + Collection of additional properties for web services security. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Required configuration for caller processing. + + WebSphere Caller + + + + + + + + + Specify token name. The options are Usernametoken, X509token, Samltoken. + + Caller token + + + + + + Specifies a SAML attribute that is used as the user principal name in the subject. The default is NameID assertion. + + Principal identifier + + + + + + Specifies a SAML attribute that is used as the name of the group that the authenticated principal is a member of. There is no default value. + + Group identifier + + + + + + Specifies a SAML attribute that is used as the unique user name as it applies to the WSCredential in the subject. The default is the same as the userIdentifier attribute value. + + Unique identifier + + + + + + Specifies a SAML attribute that is used as the realm name. The default is issuer. + + Realm identifier + + + + + + Specifies whether to include a SAML assertion in the subject. + + Include SAML assertion in the subject + + + + + + Specifies how to map an identity to a registry user. The options are No, User, and Group. The default is No, and the user registry is not used to create the user subject. + + Map a SAML identity to a registry user + + + + + + + + + Do not map a SAML identity to a user or group in the registry + + + + + Map a SAML identity to a user defined in the registry + + + + + Map a SAML identity to a group defined in the user registry + + + + + + + + + + Specifies a realm name when mapToUserRegistry is set to No or Group. + + Realm name + + + + + + Allow the generation of a custom cache key to access the authentication cache and get the subject. + + Customized cache key + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Configuration information such as keystore type, keystore password + + WS-Security Signature + + + + + + + + + + JKS, JCEKS or PKCS11 + + Keystore type + + + + + + The default keystore alias to use, if none is specified. + + Keystore alias + + + + + + Password to access keystore file. + + Keystore password + + + + + + The location of the keystore + + Keystore file + + + + + + The location of the truststore + + Truststore file + + + + + + The truststore password. + + Truststore password + + + + + + The truststore type. + + Truststore type + + + + + + Provider used to create Crypto instances. Defaults to "org.apache.ws.security.components.crypto.Merlin". + + WSS4J provider + + + + + + The provider used to load keystores. Defaults to installed provider. + + Keystore provider + + + + + + The provider used to load certificates. Defaults to keystore provider. + + Certificate provider + + + + + + The location of an (X509) CRL file to use. + + X509 CRL file + + + + + + The default password used to load the private key. + + Key password + + + + + + Collection of additional properties for web services security. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the properties that are used to evaluate the trustworthiness and validity of a SAML Assertion. + + SAML Token Properties + + + + + + + Specify the allowed audiences of the SAML Assertion. Default is all audiences allowed. + + The audience restrictions + + + + + + + Indicates a requirement for the <saml:Assertion> elements received by this service provider to be signed. + + Sign SAML assertion + + + + + + This is used to specify the allowed clock skew in minutes when validating the SAML token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + The time difference allowed between systems + + + + + + Specify whether the Subject Confirmation Method is required in the SAML Assertion. Default is true. + + Subject confirmation method required + + + + + + + + + bearer + + + + + + + + + + Specify the default life time of a SAML Assertion in the case it does not define the NoOnOrAfter condition. Default is 30 minutes. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. + + Default life time + + + + + + Collection of additional properties for web services security. + + Additional properties + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Specify a configuration resource to include in the server's configuration. + + Include + + + + + Allow the included resource to be skipped if it cannot be found. + + Resource is optional + + + + + + Specifies the resource location. This can be a file path or a URI for a remote resource. + + Location + + + + + + Specifies the behavior that is used to merge elements when conflicts are found. + + On conflict + + + + + + + + + Conflicting elements will be merged together. + + + + + When elements conflict, the element from the included file will replace the conflicting element. + + + + + Conflicting elements in the included file will be ignored. + + + + + + + + + + + Declare a new variable by specifying the name and value for the variable. + + Variable Declaration + + + + + The name of the variable. + + Name + + + + + + The value to be assigned to the variable. + + Value + + + + + + The defaultValue to be assigned to the variable if no value is available. + + Default value + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lemminx-liberty/src/test/java/io/openliberty/DocumentUtilTest.java b/lemminx-liberty/src/test/java/io/openliberty/DocumentUtilTest.java new file mode 100644 index 00000000..bbd9787b --- /dev/null +++ b/lemminx-liberty/src/test/java/io/openliberty/DocumentUtilTest.java @@ -0,0 +1,55 @@ +package io.openliberty; + +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.File; +import java.util.List; + +import org.junit.jupiter.api.Test; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import io.openliberty.tools.langserver.lemminx.util.DocumentUtil; + +public class DocumentUtilTest { + File resourcesDir = new File("target/test-classes"); + + @Test + public void readEmptyXml() throws Exception { + File sampleXsd = new File(resourcesDir, "sample.xsd"); + + Document doc = DocumentUtil.getDocument(sampleXsd); + + List anyAttr = DocumentUtil.getElementsByName(doc, "anyAttribute"); + assertNotNull(anyAttr, "List is unexpectedly null."); + assertTrue(anyAttr.size() == 3, "Expected 3 anyAttributes elements but found: "+anyAttr.size()); + + List props = DocumentUtil.getElementsByName(doc, "extraProperties"); + assertNotNull(props, "List is unexpectedly null."); + assertTrue(props.size() == 1, "Expected extraProperties element not found."); + + DocumentUtil.removeExtraneousAnyAttributeElements(sampleXsd); + + doc = DocumentUtil.getDocument(sampleXsd); + props = DocumentUtil.getElementsByName(doc, "extraProperties"); + + assertNotNull(props, "List is unexpectedly null."); + assertTrue(props.size() == 1, "Expected extraProperties element not found."); + + anyAttr = DocumentUtil.getElementsByName(doc, "anyAttribute"); + assertNotNull(anyAttr, "List is unexpectedly null."); + assertTrue(anyAttr.size() == 1, "Expected 1 anyAttributes element but found: "+anyAttr.size()); + + } + + //@Test + public void updateCachedSchema() throws Exception { + // When uploading a new server schema, put a copy of the schema file in src/test/resources and uncomment this + // test to get the updated schema without the extaneous anyAttribute elements. Then copy the updated schema + // from target/test-classes to src/main/resources/schema/xsd/liberty and remove it from src/test/resources. + File sampleXsd = new File(resourcesDir, "server-cached-23006.xsd"); + DocumentUtil.removeExtraneousAnyAttributeElements(sampleXsd); + } + +} diff --git a/lemminx-liberty/src/test/resources/sample.xsd b/lemminx-liberty/src/test/resources/sample.xsd new file mode 100644 index 00000000..594927db --- /dev/null +++ b/lemminx-liberty/src/test/resources/sample.xsd @@ -0,0 +1,271 @@ + + + + + Collection of properties for the interceptor. + + Interceptor Properties + + + + + + + + + Collection of properties for the interceptor. + + Interceptor properties + + + + + + + + + + + + A unique configuration ID. + + ID + + + + + + + + + Specifies the remote host TCP/IP address of the client application that sent the HTTP request, for example, remoteAddress id="sample" ip="100.100.100.99" matchType="greaterThan". + + Remote Address + + + + + + + + Specifies the match type. + + Match type + + + + + + + + + Equals + + + + + Contains + + + + + Not contain + + + + + Greater than + + + + + Less than + + + + + + + + + + Specifies the remote host TCP/IP address. + + IP address + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Specify a configuration resource to include in the server's configuration. + + Include + + + + + Allow the included resource to be skipped if it cannot be found. + + Resource is optional + + + + + + Specifies the resource location. This can be a file path or a URI for a remote resource. + + Location + + + + + + Specifies the behavior that is used to merge elements when conflicts are found. + + On conflict + + + + + + + + + Conflicting elements will be merged together. + + + + + When elements conflict, the element from the included file will replace the conflicting element. + + + + + Conflicting elements in the included file will be ignored. + + + + + + + + + + + Declare a new variable by specifying the name and value for the variable. + + Variable Declaration + + + + + The name of the variable. + + Name + + + + + + The value to be assigned to the variable. + + Value + + + + + + The defaultValue to be assigned to the variable if no value is available. + + Default value + + + + + + + + + + + + + + + +