JMX REST Connector
A secure JMX connector that can be used locally or remotely using any JDK. It enables remote access by JMX clients via a REST-based connector and requires SSL and basic user security configuration.
Enable this feature
To enable the JMX REST Connector feature, add the following element declaration inside the featureManager element in the server.xml file:
<feature>restConnector-1.0</feature>
Developing a feature that depends on this feature
If we are developing a feature that depends on the JMX REST Connector feature, include the following item in the Subsystem-Content header in the feature manifest file for the new feature:
com.ibm.websphere.appserver.restConnector-1.0; type="osgi.subsystem.feature"
Features that this feature enables
- Distributed Map interface for Dynamic Caching
- Java RESTful Services 1.1
- Java Servlets 3.0
- Secure Socket Layer
Features that enable this feature
API packages provided by this feature
- com.ibm.websphere.filetransfer
- com.ibm.websphere.jmx.connector.rest
- com.ibm.ws.jmx.connector.client.rest
SPI packages provided by this feature
Feature configuration elements
We can use the following elements in the server.xml file to configure the JMX REST Connector feature:
- administrator-role
- authCache
- authentication
- basicRegistry
- channelfw
- classloading
- httpAccessLogging
- httpDispatcher
- httpEncoding
- httpEndpoint
- httpOptions
- httpProxyRedirect
- jaasLoginContextEntry
- jaasLoginModule
- library
- ltpa
- mimeTypes
- quickStartSecurity
- remoteFileAccess
- tcpOptions
- trustAssociation
- virtualHost
- administrator-role
- A collection of users and/or groups assigned the server administrator role.
- administrator-role > group
Description: Group assigned a role.
Required: false
Data type: string
- administrator-role > user
Description: User assigned a role.
Required: false
Data type: string
- authCache
- Controls the operation of the authentication cache.
Attribute name Data type Default value Description allowBasicAuthLookup boolean true Allow lookup by user ID and hashed password. initialSize int Minimum: 1
50 Initial number of entries supported by the authentication cache. maxSize int Minimum: 1
25000 Maximum number of entries supported by the authentication cache. timeout A period of time with millisecond precision 600s Amount of time after which an entry in the cache will be removed. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
- authentication
- Controls the built-in authentication service configuration.
Attribute name Data type Default value Description allowHashtableLoginWithIdOnly boolean false Allow an application to login with just an identity in the hashtable properties. Use this option only when we have applications that require this and have other means to validate the identity. cacheEnabled boolean true Enables the authentication cache.
- basicRegistry
- A simple XML-based user registry.
Attribute name Data type Default value Description id string A unique configuration ID. ignoreCaseForAuthentication boolean false Allow case-insensitive user name authentication. realm string BasicRegistry The realm name represents the user registry.
- basicRegistry > group
Description: A group in a Basic User Registry.
Required: false
Data type:
Attribute name Data type Default value Description name string Name of a group in a Basic User Registry.
- basicRegistry > group > member
Description: A member of a Basic User Registry group.
Required: false
Data type:
Attribute name Data type Default value Description name string Name of a user in a Basic User Registry group.
- basicRegistry > user
Description: A user in a Basic User Registry.
Required: false
Data type:
Attribute name Data type Default value Description name string Name of a user in a Basic User Registry. password One way hashable, or reversably encoded password (string) Password of a user in a Basic User Registry. Stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option.
- channelfw
- Defines channel and chain management settings.
Attribute name Data type Default value Description chainQuiesceTimeout A period of time with millisecond precision 30s Default amount of time to wait while quiescing chains. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. chainStartRetryAttempts int Minimum: 0
60 Number of retry attempts to make per chain. chainStartRetryInterval A period of time with millisecond precision 5s Time interval between start retries. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. warningWaitTime A period of time with millisecond precision 10s Amount of time to wait before notifying of a missing factory configuration. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
- classloading
- Global classloading
Attribute name Data type Default value Description useJarUrls boolean false Whether to use jar: or wsjar: URLs for referencing files in archives
- httpAccessLogging
- HTTP access logs contain a record of all inbound HTTP client requests.
Attribute name Data type Default value Description enabled boolean true Enable access logging. filePath Path to a file ${server.output.dir}/logs/http_access.log Directory path and name of the access log file. Standard variable substitutions, such as ${server.output.dir}, can be used when specifying the directory path. id string A unique configuration ID. logFormat string %h %u %{t}W "%r" %s %b Log format used when logging client access information. maxFileSize int Minimum: 0
20 Maximum size of a log file, in megabytes, before being rolled over; a value of 0 means no limit. maxFiles int Minimum: 0
2 Maximum number of log files that will be kept, before the oldest file is removed; a value of 0 means no limit.
- httpDispatcher
- HTTP Dispatcher configuration.
Attribute name Data type Default value Description appOrContextRootMissingMessage string Message to return to the client when the application in the requested URI can not be found. enableWelcomePage boolean true Enables the default Liberty profile welcome page when no application is bound to a context root of "/". The default value is true.
- httpDispatcher > trustedHeaderOrigin
Description: Private headers are used by the web server plug-in to provide information about the original request. These headers take precedence over the http Host header, and are used to select a virtual host to service a request. The default value is '*', which will trust incoming private headers from any source. Specify 'none' to disable private headers and rely only on the http Host header, or specify a list of IP addresses to restrict private header processing to specific trusted sources.
Required: false
Data type: string
- httpEncoding
- HTTP transport encoding settings
Attribute name Data type Default value Description converter.Big5 string Cp950 Big5 Chinese converter converter.EUC-JP string Cp33722C EUC Japanese converter (EUC-JP) converter.EUC-KR string Cp970 EUC Korean converter (EUC-KR) converter.EUC-TW string Cp964 EUC Chinese (Taiwan) converter (EUC-TW) converter.EUC_KR string Cp970 EUC Korean converter (EUC_KR) converter.GB2312 string EUC_CN GB2312 Chinese converter converter.ISO-2022-KR string ISO2022KR ISO-2022 Korean converter (ISO-2022-KR) converter.Shift_JIS string Cp943C Shift_JIS Japanese converter encoding.ar string ISO-8859-6 Arabic language encoding (ar) encoding.be string ISO-8859-5 Belarusian language encoding (be) encoding.bg string ISO-8859-5 Bulgarian language encoding (bg) encoding.bn string UTF-8 Bengali language encoding (bn) encoding.ca string ISO-8859-1 Catalan language encoding (ca) encoding.cs string ISO-8859-2 Czech language encoding (cs) encoding.da string ISO-8859-1 Danish language encoding (da) encoding.de string ISO-8859-1 German language encoding (de) encoding.el string ISO-8859-7 Greek language encoding (el) encoding.en string ISO-8859-1 English language encoding (en) encoding.es string ISO-8859-1 Spanish language encoding (es) encoding.et string ISO-8859-4 Estonian language encoding (et) encoding.eu string ISO-8859-1 Basque language encoding (eu) encoding.fa string ISO-8859-6 Persian language encoding (fa) encoding.fi string ISO-8859-1 Finnish language encoding (fi) encoding.fo string ISO-8859-2 Faroese language encoding (fo) encoding.fr string ISO-8859-1 French language encoding (fr) encoding.he string ISO-8859-8 Hebrew language encoding (he) encoding.hi string UTF-8 Hindi language encoding (hi) encoding.hr string ISO-8859-2 Croatian language encoding (hr) encoding.hu string ISO-8859-2 Hungarian language encoding (hu) encoding.hy string UTF-8 Armenian language encoding (hy) encoding.is string ISO-8859-1 Icelandic language encoding (is) encoding.it string ISO-8859-1 Italian language encoding (it) encoding.iw string ISO-8859-8 Hebrew language encoding (iw) encoding.ja string Shift_JIS Japanese language encoding (ja) encoding.ji string ISO-8859-8 Yiddish language encoding (ji) encoding.ka string UTF-8 Georgian language encoding (ka) encoding.ko string EUC-KR Korean language encoding (ko) encoding.lt string ISO-8859-2 Lithuanian language encoding (lt) encoding.lv string ISO-8859-4 Latvian language encoding (lv) encoding.mk string ISO-8859-5 Macedonian language encoding (mk) encoding.mr string UTF-8 Marathi language encoding (mr) encoding.ms string ISO-8859-6 Malay language encoding (ms) encoding.mt string ISO-8859-3 Maltese language encoding (mt) encoding.nl string ISO-8859-1 Dutch language encoding (nl) encoding.no string ISO-8859-1 Norwegian language encoding (no) encoding.pl string ISO-8859-2 Polish language encoding (pl) encoding.pt string ISO-8859-1 Portuguese language encoding (pt) encoding.ro string ISO-8859-2 Romanian language encoding (ro) encoding.ru string ISO-8859-5 Russian language encoding (ru) encoding.sa string UTF-8 Sanskrit language encoding (sa) encoding.sh string ISO-8859-2 Serbo-Croatian language encoding (sh) encoding.sk string ISO-8859-2 Slovak language encoding (sk) encoding.sl string ISO-8859-2 Slovenian language encoding (sl) encoding.sq string ISO-8859-2 Albanian language encoding (sq) encoding.sr string ISO-8859-5 Serbian language encoding (sr) encoding.sv string ISO-8859-1 Swedish language encoding (sv) encoding.ta string UTF-8 Tamil language encoding (ta) encoding.th string windows-874 Thai language encoding (th) encoding.tr string ISO-8859-9 Turkish language encoding (tr) encoding.uk string ISO-8859-5 Ukrainian language encoding (uk) encoding.vi string windows-1258 Vietnamese language encoding (vi) encoding.yi string ISO-8859-8 Yiddish language encoding (yi) encoding.zh string GB2312 Chinese language encoding (zh) encoding.zh_TW string Big5 Chinese language encoding (zh_TW)
- httpEndpoint
- Configuration properties for an HTTP endpoint.
Attribute name Data type Default value Description accessLoggingRef A reference to top level httpAccessLogging element (string). HTTP access logging configuration for the endpoint. enabled boolean true Toggle the availability of an endpoint. When true, this endpoint will be activated by the dispatcher to handle HTTP requests. host string localhost IP address, DNS host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for available network interfaces. httpOptionsRef A reference to top level httpOptions element (string). defaultHttpOptions HTTP protocol options for the endpoint. httpPort int Minimum: -1
Maximum: 65535
The port used for client HTTP requests. Use -1 to disable this port. httpsPort int Minimum: -1
Maximum: 65535
The port used for client HTTP requests secured with SSL (https). Use -1 to disable this port. id string A unique configuration ID. onError
- IGNORE
- FAIL
- WARN
WARN Action to take after a failure to start an endpoint.
- IGNORE
- Server will not issue any warning and error messages when it incurs a configuration error.
- FAIL
- Server will issue a warning or error message on the first error occurrence and then stop the server.
- WARN
- Server will issue warning and error messages when it incurs a configuration error.
sslOptionsRef A reference to top level sslOptions element (string). SSL protocol options for the endpoint. tcpOptionsRef A reference to top level tcpOptions element (string). defaultTCPOptions TCP protocol options for the endpoint.
- httpEndpoint > accessLogging
Description: HTTP access logging configuration for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description enabled boolean true Enable access logging. filePath Path to a file ${server.output.dir}/logs/http_access.log Directory path and name of the access log file. Standard variable substitutions, such as ${server.output.dir}, can be used when specifying the directory path. logFormat string %h %u %{t}W "%r" %s %b Log format used when logging client access information. maxFileSize int Minimum: 0
20 Maximum size of a log file, in megabytes, before being rolled over; a value of 0 means no limit. maxFiles int Minimum: 0
2 Maximum number of log files that will be kept, before the oldest file is removed; a value of 0 means no limit.
- httpEndpoint > httpOptions
Description: HTTP protocol options for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description keepAliveEnabled boolean true Enables persistent connections (HTTP keepalive). If true, connections are kept alive for reuse by multiple sequential requests and responses. If false, connections are closed after the response is sent. maxKeepAliveRequests int Minimum: -1
100 Maximum number of persistent requests allowed on a single HTTP connection if persistent connections are enabled. A value of -1 means unlimited. persistTimeout A period of time with second precision 30s Amount of time that a socket will be allowed to remain idle between requests. This setting only applies if persistent connections are enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. readTimeout A period of time with second precision 60s Amount of time to wait for a read request to complete on a socket after the first read occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. removeServerHeader boolean false Removes server implementation information from HTTP headers and also disables the default Liberty profile welcome page. writeTimeout A period of time with second precision 60s Amount of time to wait on a socket for each portion of the response data to be transmitted. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
- httpEndpoint > sslOptions
Description: SSL protocol options for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description sessionTimeout A period of time with second precision 1d Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. sslRef string The default SSL configuration repertoire. The default value is defaultSSLSettings. suppressHandshakeErrors boolean false Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly.
- httpEndpoint > tcpOptions
Description: TCP protocol options for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description inactivityTimeout A period of time with millisecond precision 60s Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. soReuseAddr boolean true Enables immediate rebind to a port with no active listener.
- httpOptions
- HTTP protocol configuration.
Attribute name Data type Default value Description id string A unique configuration ID. keepAliveEnabled boolean true Enables persistent connections (HTTP keepalive). If true, connections are kept alive for reuse by multiple sequential requests and responses. If false, connections are closed after the response is sent. maxKeepAliveRequests int Minimum: -1
100 Maximum number of persistent requests allowed on a single HTTP connection if persistent connections are enabled. A value of -1 means unlimited. persistTimeout A period of time with second precision 30s Amount of time that a socket will be allowed to remain idle between requests. This setting only applies if persistent connections are enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. readTimeout A period of time with second precision 60s Amount of time to wait for a read request to complete on a socket after the first read occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. removeServerHeader boolean false Removes server implementation information from HTTP headers and also disables the default Liberty profile welcome page. writeTimeout A period of time with second precision 60s Amount of time to wait on a socket for each portion of the response data to be transmitted. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
- httpProxyRedirect
- Configures port redirection. HTTP Proxy Redirect is used when redirecting HTTP requests from a non-secure port (for example, 80) to an SSL-enabled secured port (for example, 443).
Attribute name Data type Default value Description enabled boolean true This attribute determines whether or not the server should redirect ports specified in this configuration element. The default is true. host string * The host name used for this proxy redirect. The server redirects HTTP requests only if the incoming request specifies a host name that matches this value. The default is * (all hosts). httpPort int Minimum: 1
Maximum: 65535
The (non-secure) port to redirect from. Incoming HTTP requests on this port are redirected to the specified HTTPS port. httpsPort int Minimum: 1
Maximum: 65535
The (secure) port to redirect to. Incoming HTTP requests that use the HTTP port are redirected to this port. id string A unique configuration ID.
- jaasLoginContextEntry
- The JAAS login context entry configuration.
Attribute name Data type Default value Description id string A unique configuration ID. loginModuleRef List of references to top level jaasLoginModule elements (comma-separated string). hashtable,userNameAndPassword,certificate,token A reference to the ID of a JAAS login module. name string Name of a JAAS configuration entry.
- jaasLoginModule
- A login module in the JAAS configuration.
Attribute name Data type Default value Description className string Fully-qualified package name of the JAAS login module class. controlFlag
- SUFFICIENT
- REQUISITE
- REQUIRED
- OPTIONAL
REQUIRED The login module's control flag. Valid values are REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL.
- SUFFICIENT
- This LoginModule is SUFFICIENT as per the JAAS specification. The LoginModule is not required to succeed. If authentication is successful, no other LoginModules will be called and control is returned to the caller.
- REQUISITE
- This LoginModule is REQUISITE as per the JAAS specification. The LoginModule is required to succeed. If authentication fails, no other LoginModules will be called and control is returned to the caller.
- REQUIRED
- This LoginModule is REQUIRED as per the JAAS specification. The LoginModule is required to succeed.
- OPTIONAL
- This LoginModule is OPTIONAL as per the JAAS specification. The LoginModule is not required to succeed.
id string A unique configuration ID. libraryRef A reference to top level library element (string). A reference to the ID of the shared library configuration.
- jaasLoginModule > library
Description: A reference to the ID of the shared library configuration.
Required: false
Data type:
Attribute name Data type Default value Description apiTypeVisibility string spec,ibm-api,api The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party. description string Description of shared library for administrators filesetRef List of references to top level fileset elements (comma-separated string). Id of referenced Fileset name string Name of shared library for administrators
- jaasLoginModule > library > file
Description: Id of referenced File
Required: false
Data type:
Attribute name Data type Default value Description name Path to a file Fully qualified filename
- jaasLoginModule > library > fileset
Description: Id of referenced Fileset
Required: false
Data type:
Attribute name Data type Default value Description caseSensitive boolean true Boolean to indicate whether or not the search should be case sensitive (default: true). dir Path to a directory ${server.config.dir} The base directory to search for files. excludes string The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded. includes string * The comma or space separated list of file name patterns to include in the search results (default: *). scanInterval A period of time with millisecond precision 0 Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
- jaasLoginModule > library > folder
Description: Id of referenced folder
Required: false
Data type:
Attribute name Data type Default value Description dir Path to a directory Directory or folder to be included in the library classpath for locating resource files
- jaasLoginModule > options
Description: A collection of JAAS Login module options
Required: false
Data type:
- library
- Shared Library
Attribute name Data type Default value Description apiTypeVisibility string spec,ibm-api,api The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party. description string Description of shared library for administrators filesetRef List of references to top level fileset elements (comma-separated string). Id of referenced Fileset id string A unique configuration ID. name string Name of shared library for administrators
- library > file
Description: Id of referenced File
Required: false
Data type:
Attribute name Data type Default value Description name Path to a file Fully qualified filename
- library > fileset
Description: Id of referenced Fileset
Required: false
Data type:
Attribute name Data type Default value Description caseSensitive boolean true Boolean to indicate whether or not the search should be case sensitive (default: true). dir Path to a directory ${server.config.dir} The base directory to search for files. excludes string The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded. includes string * The comma or space separated list of file name patterns to include in the search results (default: *). scanInterval A period of time with millisecond precision 0 Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
- library > folder
Description: Id of referenced folder
Required: false
Data type:
Attribute name Data type Default value Description dir Path to a directory Directory or folder to be included in the library classpath for locating resource files
- ltpa
- Lightweight Third Party Authentication (LTPA) token configuration.
Attribute name Data type Default value Description expiration A period of time with minute precision 120m Amount of time after which a token expires in minutes. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. We can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. keysFileName Path to a file ${server.output.dir}/resources/security/ltpa.keys Path of the file containing the token keys. keysPassword Reversably encoded password (string) {xor}CDo9Hgw= Password for the token keys. Stored in clear text or encoded form. It is recommended to encode the password, use the securityUtility tool with the encode option. monitorInterval A period of time with millisecond precision 0ms Rate at which the server checks for updates to the LTPA token keys file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
- mimeTypes
- Definition of mime types shared by all http virtual hosts
- mimeTypes > type
Description: Definition of mime type as id=value. Use the extension as the id, and the associated type as the value.
Required: false
Data type: string
- quickStartSecurity
- Simple administrative security configuration.
Attribute name Data type Default value Description userName string Single user defined as part of the quick start security configuration. This user is granted the Administrator role. userPassword Reversably encoded password (string) Password for the single user defined as part of the quick start security configuration. It is recommended that you encode this password. To do so, use the securityUtility tool with the encode option.
- remoteFileAccess
- This element contains artifacts that control the level of file access exposed for remote connections.
- remoteFileAccess > readDir
Description: A directory that remote clients are allowed to read from. There can be multiple readDir elements, and each represents a single directory that may refer to variables or absolute paths. Default is ${wlp.install.dir}, ${wlp.user.dir} and ${server.output.dir}
Required: false
Data type: Path to a directory
- remoteFileAccess > writeDir
Description: A directory that remote clients are allowed to read from and write to. There can be multiple writeDir elements, and each represents a single directory that may refer to variables or absolute paths. Default is an empty set of directories.
Required: false
Data type: Path to a directory
- tcpOptions
- Defines TCP protocol settings.
Attribute name Data type Default value Description id string A unique configuration ID. inactivityTimeout A period of time with millisecond precision 60s Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. soReuseAddr boolean true Enables immediate rebind to a port with no active listener.
- trustAssociation
- Controls the operation of the trust association interceptor (TAI).
Attribute name Data type Default value Description failOverToAppAuthType boolean false Allow an interceptor to fall back to the application authentication mechanism. id string A unique configuration ID. invokeForUnprotectedURI boolean false Controls whether the TAI is invoked for an unprotected URI.
- trustAssociation > interceptors
Description: Defines a trust association interceptor.
Required: false
Data type:
Attribute name Data type Default value Description className string Fully-qualified package name of the interceptor class. enabled boolean true Enables or disables the interceptor. invokeAfterSSO boolean false Invoke an interceptor after single sign-on (SSO). invokeBeforeSSO boolean true Invoke an interceptor before single sign-on (SSO). libraryRef A reference to top level library element (string). A reference to the ID of the shared library configuration.
- trustAssociation > interceptors > library
Description: A reference to the ID of the shared library configuration.
Required: false
Data type:
Attribute name Data type Default value Description apiTypeVisibility string spec,ibm-api,api The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party. description string Description of shared library for administrators filesetRef List of references to top level fileset elements (comma-separated string). Id of referenced Fileset name string Name of shared library for administrators
- trustAssociation > interceptors > library > file
Description: Id of referenced File
Required: false
Data type:
Attribute name Data type Default value Description name Path to a file Fully qualified filename
- trustAssociation > interceptors > library > fileset
Description: Id of referenced Fileset
Required: false
Data type:
Attribute name Data type Default value Description caseSensitive boolean true Boolean to indicate whether or not the search should be case sensitive (default: true). dir Path to a directory ${server.config.dir} The base directory to search for files. excludes string The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded. includes string * The comma or space separated list of file name patterns to include in the search results (default: *). scanInterval A period of time with millisecond precision 0 Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
- trustAssociation > interceptors > library > folder
Description: Id of referenced folder
Required: false
Data type:
Attribute name Data type Default value Description dir Path to a directory Directory or folder to be included in the library classpath for locating resource files
- trustAssociation > interceptors > properties
Description: Collection of properties for the interceptor.
Required: false
Data type:
- virtualHost
- A virtual host provides a logical grouping for configuring web applications to a particular host name. The default virtual host (default_host) is suitable for most simple configurations.
Attribute name Data type Default value Description allowFromEndpointRef List of references to top level httpEndpoint elements (comma-separated string). Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints. enabled boolean true Enable this virtual host. id string A unique configuration ID.
- virtualHost > allowFromEndpoint
Description: Specify the identifier of one or more HTTP endpoints to restrict inbound traffic for this virtual host to the specified endpoints.
Required: false
Data type:
Attribute name Data type Default value Description accessLoggingRef A reference to top level httpAccessLogging element (string). HTTP access logging configuration for the endpoint. enabled boolean true Toggle the availability of an endpoint. When true, this endpoint will be activated by the dispatcher to handle HTTP requests. host string localhost IP address, DNS host name with domain name suffix, or just the DNS host name, used by a client to request a resource. Use '*' for available network interfaces. httpOptionsRef A reference to top level httpOptions element (string). defaultHttpOptions HTTP protocol options for the endpoint. httpPort int Minimum: -1
Maximum: 65535
The port used for client HTTP requests. Use -1 to disable this port. httpsPort int Minimum: -1
Maximum: 65535
The port used for client HTTP requests secured with SSL (https). Use -1 to disable this port. onError
- IGNORE
- FAIL
- WARN
WARN Action to take after a failure to start an endpoint.
- IGNORE
- Server will not issue any warning and error messages when it incurs a configuration error.
- FAIL
- Server will issue a warning or error message on the first error occurrence and then stop the server.
- WARN
- Server will issue warning and error messages when it incurs a configuration error.
sslOptionsRef A reference to top level sslOptions element (string). SSL protocol options for the endpoint. tcpOptionsRef A reference to top level tcpOptions element (string). defaultTCPOptions TCP protocol options for the endpoint.
- virtualHost > allowFromEndpoint > accessLogging
Description: HTTP access logging configuration for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description enabled boolean true Enable access logging. filePath Path to a file ${server.output.dir}/logs/http_access.log Directory path and name of the access log file. Standard variable substitutions, such as ${server.output.dir}, can be used when specifying the directory path. logFormat string %h %u %{t}W "%r" %s %b Log format used when logging client access information. maxFileSize int Minimum: 0
20 Maximum size of a log file, in megabytes, before being rolled over; a value of 0 means no limit. maxFiles int Minimum: 0
2 Maximum number of log files that will be kept, before the oldest file is removed; a value of 0 means no limit.
- virtualHost > allowFromEndpoint > httpOptions
Description: HTTP protocol options for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description keepAliveEnabled boolean true Enables persistent connections (HTTP keepalive). If true, connections are kept alive for reuse by multiple sequential requests and responses. If false, connections are closed after the response is sent. maxKeepAliveRequests int Minimum: -1
100 Maximum number of persistent requests allowed on a single HTTP connection if persistent connections are enabled. A value of -1 means unlimited. persistTimeout A period of time with second precision 30s Amount of time that a socket will be allowed to remain idle between requests. This setting only applies if persistent connections are enabled. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. readTimeout A period of time with second precision 60s Amount of time to wait for a read request to complete on a socket after the first read occurs. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. removeServerHeader boolean false Removes server implementation information from HTTP headers and also disables the default Liberty profile welcome page. writeTimeout A period of time with second precision 60s Amount of time to wait on a socket for each portion of the response data to be transmitted. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
- virtualHost > allowFromEndpoint > sslOptions
Description: SSL protocol options for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description sessionTimeout A period of time with second precision 1d Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds. sslRef string The default SSL configuration repertoire. The default value is defaultSSLSettings. suppressHandshakeErrors boolean false Disable logging of SSL handshake errors. SSL handshake errors can occur during normal operation, however these messages can be useful when SSL is behaving unexpectedly.
- virtualHost > allowFromEndpoint > tcpOptions
Description: TCP protocol options for the endpoint.
Required: false
Data type:
Attribute name Data type Default value Description inactivityTimeout A period of time with millisecond precision 60s Amount of time to wait for a read or write request to complete on a socket. This value is overridden by protocol-specific timeouts. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. soReuseAddr boolean true Enables immediate rebind to a port with no active listener.
- virtualHost > hostAlias
Description: Associate a host and port with this virtual host, using the host:port syntax. The specified host can be an IP address, DNS hostname with a domain name suffix, the DNS hostname, or * for a wildcard match on all hostnames. Note that IPv6 addresses must be enclosed in [].
Required: false
Data type: string