Web container custom properties
We can configure name-value pairs of data, where the name is a property key and the value is a string value we can use to set internal system configuration properties. Define a new property to configure a setting beyond what is available in the administrative console. Following is a list of some available web container custom properties.
To specify web container custom properties, in the administrative console click...
Servers | Server Types | WebSphere application servers | server | Web Container Settings | Web container | Additional Properties | Custom Properties | New
From the settings page, enter the name of the custom property to configure in the Name field and the value that to set it to in the Value field.
After saving, restart the server.
The following list of custom properties are provided with the server. The documents, JavaServer Pages specific web container custom properties, and HTTP transport custom properties, are listed in a separate area of the product documentation.
Use the Custom properties page to define the following properties for use by the Java virtual machine.
- BodyContentBuffSize
- com.ibm.ws.jsf.disablealternatefacesconfigsearch
- com.ibm.ws.jsp.doNotEscapeWhitespaceCharsInExpression
- com.ibm.ws.jsp.enableDefaultIsELIgnoredInTag
- com.ibm.ws.jsp.expressionreturnemptystring
- com.ibm.ws.jsp.getWriterOnEmptyBuffer
- com.ibm.ws.jsp.limitBuffer
- com.ibm.ws.jsp.throwExceptionForAddELResolver
- com.ibm.ws.webcontainer.allowDotsinName
- com.ibm.ws.webcontainer.allowPrivAccessGetResource
- com.ibm.ws.webcontainer.AllowQueryParamWithNoEqual
- com.ibm.ws.webcontainer.appendMetaInfResourcesInLooseLib
- com.ibm.ws.webcontainer.asyncmaxsizetaskpool
- com.ibm.ws.webcontainer.asyncpurgeinterval
- com.ibm.ws.webcontainer.channelwritetype
- com.ibm.ws.webcontainer.checkEDRinGetRealPath
- com.ibm.ws.webcontainer.copyattributeskeyset
- com.ibm.ws.webcontainer.decodeParamViaReqEncoding
- com.ibm.ws.webcontainer.deferServingRequestsUntilEarStarted
- com.ibm.ws.webcontainer.deferServletRequestListenerDestroyOnError
- com.ibm.ws.webcontainer.disableSetCharacterEncodingAfterParametersRead
- com.ibm.ws.webcontainer.disableStaticMappingCache
- com.ibm.ws.webcontainer.disableSystemAppGlobalListenerLoading
- com.ibm.ws.webcontainer.disablexPoweredBy
- com.ibm.ws.webcontainer.disallowAllFileServing
- com.ibm.ws.webcontainer.disallowServeServletsByClassname
- com.ibm.ws.webcontainer.discernUnavailableServlet
- com.ibm.ws.webcontainer.dispatcherRethrowSER
- com.ibm.ws.webcontainer.dispatcherRethrowSError
- com.ibm.ws.webcontainer.donotservebyclassname
- com.ibm.ws.webcontainer.emptyServletMappings
- com.ibm.ws.webcontainer.enabledefaultservletrequestpathelements
- com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst
- com.ibm.ws.webcontainer.enableExactMatchJSecurityCheck
- com.ibm.ws.webcontainer.enableJspMappingOverride
- com.ibm.ws.webcontainer.enableMultiReadOfPostData
- com.ibm.ws.webcontainer.excludehandledtypesclasses
- com.ibm.ws.webcontainer.extractHostHeaderPort and trusthostheaderport
- com.ibm.ws.webcontainer.finishresponseonclose
- com.ibm.ws.webcontainer.ForceDifferentCookiePaths
- com.ibm.ws.webcontainer.handlingRequestWithOverridenPath
- com.ibm.ws.webcontainer.HTTPOnlyCookies
- com.ibm.ws.webcontainer.ignoreinjectionfailure
- com.ibm.ws.webcontainer.ignoreInvalidQueryString
- com.ibm.ws.webcontainer.ignorePostConstructOverriddenMethod
- com.ibm.ws.webcontainer.ignoreSemiColonOnRedirectToWelcomePage
- com.ibm.ws.webcontainer.IgnoreSessiononStaticFileRequest
- com.ibm.ws.webcontainer.initFilterBeforeInitServlet
- com.ibm.ws.webcontainer.invokeFilterAfterService
- com.ibm.ws.webcontainer.invokeFilterInitAtStartup
- com.ibm.ws.webcontainer.KeepUnreadPostDataAfterResponseSentToClient
- com.ibm.ws.webcontainer.logServletContainerInitializerClassloadingErrors
- com.ibm.ws.webcontainer.mapFiltersToAsterisk
- com.ibm.ws.webcontainer.maxParamPerRequest
- com.ibm.ws.webcontainer.metainfresourcescachesize
- com.ibm.ws.webcontainer.modifiedFileNotFoundExceptionBehavior
- com.ibm.ws.webcontainer.ModifiedSinceLaterThanFileTimeStamp
- com.ibm.ws.webcontainer.normalizerequesturi
- com.ibm.ws.webcontainer.parseUTF8PostData
- com.ibm.ws.webcontainer.preserveRequestParameterValues
- com.ibm.ws.webcontainer.provideQStringToWelcomeFile
- com.ibm.ws.webcontainer.RedirectWithPathInfo
- com.ibm.ws.webcontainer.removeAttributeForNullObject
- com.ibm.ws.webcontainer.returnDefaultContextPath
- com.ibm.ws.webcontainer.returnzeroendofinputstream
- com.ibm.ws.webcontainer.searchMetaInfResourcesDuringAppStart
- com.ibm.ws.webcontainer.SendResponseToClientAsPartOfSendRedirect
- com.ibm.ws.webcontainer.SendResponseToClientWhenResponseIsComplete
- com.ibm.ws.webcontainer.setAsyncDispatchRequestURI
- com.ibm.ws.webcontainer.setcontenttypebysetheader
- com.ibm.ws.webcontainer.ServeWelcomeFileFromExtendedDocumentRoot
- com.ibm.ws.webcontainer.ServletDestroyWaitTime
- com.ibm.ws.webcontainer.setUnencodedHTMLinsendError
- com.ibm.ws.webcontainer.skipInputStreamReadOnError
- com.ibm.ws.webcontainer.SkipMetaInfResourcesProcessing
- com.ibm.ws.webcontainer.suppressheadersinrequest
- com.ibm.ws.webcontainer.suppressHtmlRecursiveErrorOutput
- com.ibm.ws.webcontainer.suppressLastZeroBytePackage
- com.ibm.ws.webcontainer.suppressLoggingFileNotFoundExceptions
- com.ibm.ws.webcontainer.suppressLoggingWebGroupVhostNotFound
- com.ibm.ws.webcontainer.suppressServletExceptionLogging
- com.ibm.ws.webcontainer.throwMissingJspException
- com.ibm.ws.webcontainer.throwpostconstructexception
- com.ibm.ws.webcontainer.useOriginalRequestState
- com.ibm.ws.webcontainer.useSemiColonAsDelimiterInURI
- com.ibm.ws.webcontainer.webgroupvhostnotfound
- com.ibm.ws.webcontainer.xPoweredBy
- com.ibm.websphere.management.application.sync.deleteSymbolicLinks
- com.ibm.wsspi.jsp.allowMultipleAttributeValues
- com.ibm.wsspi.jsp.convertAttrValueToString
- com.ibm.wsspi.jsp.disableElCache
- com.ibm.wsspi.jsp.disableResourceInjection
- com.ibm.wsspi.jsp.disableTldSearch
- com.ibm.wsspi.jsp.enabledoublequotesdecoding
- com.ibm.wsspi.jsp.removexmlnsfromoutput
- DecodeUrlAsUTF8
- DisableMultiThreadedServletConnectionMgmt
- com.ibm.ws.webcontainer.denyDuplicateFilterinChain
- enableInProcessConnections
- fileServingEnabled, directoryBrowsingEnabled, and serveServletsByClassnameEnabled
- ForceSessionIdLengthCheck
- ForceSessionInvalidationMultiple
- httpsIndicatorHeader
- HttpSessionIdReuse
- listeners
- prependSlashToResource
- com.ibm.ws.webcontainer.suppressLoggingServiceRuntimeExcep
- trusted
- com.ibm.ws.webcontainer.servlet30compatibility
BodyContentBuffSize
The size of the body content buffer for a JavaServer Pages (JSP) file can affect the performance of some applications. By default, the body content buffer size is 512 bytes. However, we can use the BodyContentBuffSize custom property to set a different buffer value.
Name Default value BodyContentBuffSize 512 com.ibm.ws.jsf.disablealternatefacesconfigsearch
Disables MyFaces searching for META-INF/*.faces-config.xml for all web applications on a server.
Name Default value com.ibm.ws.jsf.disablealternatefacesconfigsearch false
com.ibm.ws.jsp.allowExpressionFactoryPerApp
If other JavaServer Faces (JSF) applications are already deployed in the server and use an expression language (EL) parser other than the default, the JSF application we deploy can have the following error:
java.lang.IllegalArgumentException: argument type mismatch:.javax.el.ELException .. at org.apache.myfaces.view.facelets.el.TagValueExpression.setValue (TagValueExpression.java:129) at javax.faces.component.UIInput.updateModel(UIInput.java:420) at javax.faces.component.UIInput.processUpdates(UIInput.java:339) ...To avoid this error, set the com.ibm.ws.jsp.allowExpressionFactoryPerApp property to true. This custom property loads the expression factory that the application sets. It also indicates that the application is using a custom EL implementation, such as Java Unified Expression Language, which needs to set its own expression factory.
Name Default value com.ibm.ws.jsp.allowExpressionFactoryPerApp false
com.ibm.ws.jsp.doNotEscapeWhitespaceCharsInExpression
Typically, Expression Language (EL) expressions in tag files get evaluated before a JavaServer Page (JSP) is compiled. However, to ensure an EL expression containing a carriage return (\r), new line (\n), or tab (\t) character within the syntax does not cause a javax.el.Exceptionable exception, set the com.ibm.ws.jsp.expressionistic custom property to true in the ibm-web-ext.xml file.
Name Default value com.ibm.ws.jsp.doNotEscapeWhitespaceCharsInExpression false com.ibm.ws.jsp.enableDefaultIsELIgnoredInTag
Typically Expression Language (EL) expressions in tag files get evaluated before the tag files a JavaServer Page (JSP) is compiled. However, under certain conditions these EL expressions in a tag file do not get evaluated if the <el-ignored> attribute is set to true.
To ensure that EL expressions are always evaluated, set the com.ibm.ws.jsp.enableDefaultIsELIgnoredInTag custom property to true. The default value for this property is false.
Name Default value com.ibm.ws.jsp.enableDefaultIsELIgnoredInTag false com.ibm.ws.jsp.expressionreturnemptystring
Indicate whether we want the JSP container to return an empty string or null for unset values in an expression.
An expression, such as the following expression, can return a value of null when testValue is null in the testBean:
<input type='text' name='test' value='<%=testBean.getTestValue()%>'maxlength="16">Some applications expect an empty string to be returned in these situations rather than the value of null. If the applications we are running expect an empty string to be returned, add this custom property to the web container settings and set the property to true.
Name Default value com.ibm.ws.jsp.expressionreturnemptystring false com.ibm.ws.jsp.getWriterOnEmptyBuffer
The dynamic cache service uses flushes to determine when one cacheable web fragment, such as a JSP include or a c:import, ends and the next web fragment begins. If we set the com.ibm.wsspi.jsp.usecdatatrim custom property to true for your JSP engine, all of the white space and extra lines in the generated Java code are stripped out. In this situation, there might not be any content to write before the first flush. If the generated Java code contains text or other code before the first flush, then normal dynamic cache service processing occurs.
If we set the com.ibm.wsspi.jsp.usecdatatrim custom property to true, and are using the dynamic cache service, we must also set the com.ibm.ws.jsp.getWriterOnEmptyBuffer custom property to true. This custom property requires the JSP Engine to call the flush function when it reaches the end of the first cacheable web fragments even if there is not any data to flush. The default value for this property is false.
Name Default value com.ibm.ws.jsp.getWriterOnEmptyBuffer false com.ibm.ws.jsp.limitBuffer
The body content buffer size of the tag bodies for a JavaServer Pages (JSP) file are reused to optimize performance. If the size of a tag body increases beyond the default body content buffer size, the buffer is resized to accommodate the tag body. However, the buffer is not reset to the default size after serving a request. As a result, the heap memory used by org.apache.jasper.runtime.BodyContentImpl implementation might increase over time. We can configure the body content buffer size by setting an integer value for the BodyContentBuffSize custom property. See BodyContentBuffSize.
Use to deallocate large body content buffer sizes and create a buffer with the default buffer size.
Name Default value com.ibm.ws.jsp.limitBuffer false com.ibm.ws.jsp.throwExceptionForAddELResolver
Set to true if we do not want to allow an ELResolver to be registered from a servlet or a filter after the application receives a request from the client. When set to true, an IllegalStateException is given as specified by the JSP (JavaServer Pages) specification for addELResolver() method of the JspApplicationContext interface.
The default value for this property is false.
Name Default value com.ibm.ws.jsp.throwExceptionForAddELResolver false
(ZOS) com.ibm.ws.jsp.zosFileLockRetrying
Specify, in seconds, the amount of time during which a thread continues to try to obtain a lock on a JSP.
A JSP file is locked before the start of the compile process, and unlocked after the compile process completes. If a thread fails to lock a JSP, the thread continues to try to obtain the file lock for that JSP for up to 240 seconds. If the thread cannot obtain the lock during this time interval, an error message is issued. The thread does not make any additional attempts to obtain a lock for the JSP.
Name Default value com.ibm.ws.jsp.zosFileLockRetrying 240
(ZOS) com.ibm.ws.jsp.zosReCompile
Specify how many times a thread attempts to lock a JSP.
After a thread obtains the lock for a JSP, the thread determines whether the JSP is already compiled. If the JSP is not compiled, the thread tries to compile the JSP.
If after the specified number of tries, the thread cannot compile the JSP, an error message is issued. The thread does not make any additional attempts to compile the JSP.
Name Default value Default 5 com.ibm.ws.webcontainer.allowDotsinName
If the requested static file has multiple consecutive dots in the name, the request is rejected by the server as a forbidden request.
When true, the requested file is served.
Name Default value com.ibm.ws.webcontainer.allowDotsinName false com.ibm.ws.webcontainer.allowPrivAccessGetResource
The path to the file defined with the EDR (extended document root) option is not considered part of the installed application artifacts. Therefore, accessing the file requires special permissions. A Java.security.AccessControlException: Access denied (java.io.FilePermission) exception is issued if the required permissions are not provided for this file in the web application.
When true, the application is allowed access to the file whose path is defined in the EDR.
Name Default value com.ibm.ws.webcontainer.allowPrivAccessGetResource false com.ibm.ws.webcontainer.AllowQueryParamWithNoEqual
If the query parameter in a URL contains only the string "name" instead of the expected "name=value" format, the server returns the value of request.getParameter("name") query as null.
When true, if the query parameter in a URL contains only the string "name", the server returns an empty string as the value for the request.getParameter("name") query
Name Default value com.ibm.ws.webcontainer.AllowQueryParamWithNoEqual false com.ibm.ws.webcontainer.appendMetaInfResourcesInLooseLib
This property removes the additional path when an application is deployed in a loose configuration, and is mainly used in a development environment or server.
Name Default value com.ibm.ws.webcontainer.appendMetaInfResourcesInLooseLib false com.ibm.ws.webcontainer.asyncmaxsizetaskpool
Specify the maximum task queue size used to hold the dispatched asynchronous servlet.
Name Default Value com.ibm.ws.webcontainer.asyncmaxsizetaskpool 5000 com.ibm.ws.webcontainer.asyncpurgeinterval
Specify the interval that the web container purges the task queue to release the resource of the canceled tasks.
Name Default Value com.ibm.ws.webcontainer.asyncpurgeinterval 30000 com.ibm.ws.webcontainer.channelwritetype
By default, the web container uses asynchronous writes to write response data in chunks up to the response buffer size. For larger responses that are greater than the response buffer size, the web container continues to buffer response data into memory while waiting for an asynchronous write of a response data chunk to complete. This process can result in part of a large response being held in memory, which can lead to high memory usage and potentially an out of memory error. An application server hang might also occur when a server is simultaneously processing more requests than web container-defined threads.
If the com.ibm.ws.webcontainer.channelwritetype property is set to sync, synchronous writing is used, otherwise asynchronous writing is used by default. With synchronous writing, response data is written synchronously in chunks of up to the value of responsebuffersize and no response data are buffered into memory while waiting for a synchronous write of a response data chunk to complete. As a result, the approximate maximum amount of response data that is held in memory is equal to the responsebuffersize multiplied by the number of web container threads. The maximum number of requests that can be processed simultaneously by the web container is limited by the number of web container threads. Additional requests are queued, waiting for a request that is in process to complete.
The responsebuffersize web container custom property defines the maximum amount of response data that is written by the web container in a single chunk, and is 32k by default. As a result, it is used to change the number of writes needed by the web container to send complete response data. However, if an application flushes response data, any response data that is held by the web container is immediately written irrespective of the responsebuffersize.
Use the following name-value pair to write chunks of data using synchronous writes.
Name Default value com.ibm.ws.webcontainer.channelwritetype async com.ibm.ws.webcontainer.checkEDRinGetRealPath
The ServletContext.getRealPath() Java Servlet API does not return the correct path for a requested resource when the resource exists in an extendedDocumentRoot path and does not exist in the installed application path. If we want the ServletContext.getRealPath() Java Servlet API to look for the requested resource in the extendedDocumentRoot path if the resource is not found in the installed application path, set the com.ibm.ws.webcontainer.checkEDRinGetRealPath custom property to true.
When true, and the requested resource is also not found in the extendedDocumentRoot path, a null value is returned.
Name Default value com.ibm.ws.webcontainer.checkEDRinGetRealPath false com.ibm.ws.webcontainer.copyattributeskeyset
This custom property addresses a situation where the request.getAttributeNames method returns a list of values. If a servlet modifies the list using the request.removeAttribute method, subsequent calls to the nextElement method cause a java.util.ConcurrentModificationException exception. To enable a servlet to modify the list, set the com.ibm.ws.webcontainer.copyattributeskeyset custom property to true. When we set this custom property to true, a copy of the list of attributes is returned, which enables the servlet to modify the list without resulting in a java.util.ConcurrentModificationException exception when the nextElement method is called.
Name Default value com.ibm.ws.webcontainer.copyattributeskeyset false com.ibm.ws.webcontainer.decodeParamViaReqEncoding
When the inbound request URI is not UTF-8 encoded, but the request encoding is set to UTF-8, characters whose encoded values are different in ISO-8859 are displayed incorrectly in the response. For example, if the request is sent using Microsoft Internet Explorer, the characters are displayed as n-tilde (Ñ) characters. To ensure that the characters are encoded and decoded correctly, based on the request encoding set, set to true.
Name Default value com.ibm.ws.webcontainer.decodeParamViaReqEncoding false com.ibm.ws.webcontainer.deferServingRequestsUntilEarStarted
This custom property defers serving requests until the whole Enterprise Archive (EAR) is started.
Name Default value com.ibm.ws.webcontainer.deferServingRequestsUntilEarStarted false com.ibm.ws.webcontainer.deferServletRequestListenerDestroyOnError
If this custom property is set to true, the web container enables CDI to work properly on custom error pages.
Name Default value com.ibm.ws.webcontainer.deferServletRequestListenerDestroyOnError false com.ibm.ws.webcontainer.disableSetCharacterEncodingAfterParametersRead
The web container processes a setCharacterEncoding(String) method of the ServletRequest API even if it is called after the post data is parsed. According to the Java Servlet Specification, the web container ignores a setCharacterEncoding(String) method if the method is called after the data is parsed.
If we want the web container to ignore a setCharacterEncoding(String) method if the method is called after the data is parsed, add the com.ibm.ws.webcontainer.disableSetCharacterEncodingAfterParametersRead custom property to the web container configuration settings and set this property to true.
The default value for this property is false.
Name Default value com.ibm.ws.webcontainer.disableSetCharacterEncodingAfterParametersRead false com.ibm.ws.webcontainer.disableStaticMappingCache
Allow the user to disable static caching. It can be set in the administrative console or though the context parameter in the web.xml.
To disable static caching for all deployed applications, use an asterisk. To disable static caching for specific applications, use a comma.
For example, com.ibm.ws.webcontainer.disableStaticMappingCache=* disables static caching for all deployed applications. com.ibm.ws.webcontainer.disableStaticMappingCache=SpecialApp,RareApp disables static caching for only those two applications.
We can also set a context parameter in the web.xml to disable static caching for the application. The parameter name is com.ibm.ws.webcontainer.DISABLE_STATIC_MAPPING_CACHE and set the parameter value to true.
There is no default value for this property.
Name Default value com.ibm.ws.webcontainer.disableStaticMappingCache none com.ibm.ws.webcontainer.disableSystemAppGlobalListenerLoading
If a system application is the first to start, and the application attempts to load a global listener in a shared library associated with the server classloader, the application does not load that listener and prevents the listener from being loaded or invoked by a later non-system application. Set to true to prevent system applications from loading global listeners. When true, the system application does not attempt to load the global listeners and later non-system applications can load them from a shared library associated with a server class loader.
Name Default value com.ibm.ws.webcontainer.disableSystemAppGlobalListenerLoading false com.ibm.ws.webcontainer.disablexPoweredBy
When we configure server security, we can turn off the X-Powered-By header if we do not want to reveal which server we are running. Disable the X-Powered-By header, which prevents the header from being sent on the HTTP response. The default is false. However, set this property to true, to disable this header.
Name Default value com.ibm.ws.webcontainer.disablexPoweredBy false com.ibm.ws.webcontainer.disallowAllFileServing
Disable file serving on all applications on a specific application server.
We can enable file serving on a global level across an application server using the fileServingEnabled custom property. However, the fileServingEnabled property is overridden by the specific deployment information of each application. Therefore, the current fileServingEnabled custom property applies only as a backup in case an application does not define the fileServingEnabled setting itself.
To globally override this setting on a specific application server to prevent the application server from serving static files regardless of their individual deployment settings, set the com.ibm.ws.webcontainer.disallowAllFileServing web container custom property to true using the following name-value pair.
Name Default value com.ibm.ws.webcontainer.disallowAllFileServing false com.ibm.ws.webcontainer.disallowServeServletsByClassname
When enabled, we can access servlets directly, resulting in a possible security exposure. Define the following custom property to disallow the use of the ServeServletsByClassnameEnabled property across the entire application server level.
Name Default value Valid value com.ibm.ws.webcontainer.disallowserveservletsbyclassname true false com.ibm.ws.webcontainer.discernUnavailableServlet
Typically, when the web container receives an UnavailableException, it cannot determine whether the exception was issued from a servlet or a dispatched resource. Therefore, the web container automatically marks the servlet unavailable even if it is the dispatched resource that is unavailable.
If we are running on v7.0.0.5 or later, and set the com.ibm.ws.webcontainer.discernUnavailableServlet custom property to true, any UnavailableException that is issued from a dispatched resource is placed in a wrapper. This wrapper enables the web container to determine whether the exception was issued from the servlet or a dispatched resource. If the exception is not issued by the servlet, the web container does not mark the servlet unavailable.
Name Default value com.ibm.ws.webcontainer.discernUnavailableServlet false com.ibm.ws.webcontainer.dispatcherRethrowSER
The RequestDispatcher propagates the exceptions from the dispatched servlets back to the dispatching servlets. This is a change in behavior from previous releases. If we do not want the application to give exceptions back to the servlet that is doing the dispatching, add the com.ibm.ws.webcontainer.dispatcherRethrowSER custom property to the settings for the web container and set the property to false.
Name Default value com.ibm.ws.webcontainer.dispatcherRethrowSER true
The com.ibm.ws.webcontainer.dispatcherRethrowSError custom property supersedes the com.ibm.ws.webcontainer.dispatcherRethrowSER custom property. When we enable the com.ibm.ws.webcontainer.dispatcherRethrowSError custom property by setting its value to true, the com.ibm.ws.webcontainer.dispatcherRethrowSER custom property is also set to true.com.ibm.ws.webcontainer.dispatcherRethrowSError
When a JavaServer Page (JSP) file contains a compilation error, the runtime error is caught and handled directly by the container. Exceptions are not propagated and addressed by the dispatched JSP resource. With the com.ibm.ws.webcontainer.dispatcherRethrowSError custom property, exceptions are propagated back to the dispatched JSP resource.
Name Default value com.ibm.ws.webcontainer.dispatcherRethrowSError false
The com.ibm.ws.webcontainer.dispatcherRethrowSError custom property supersedes the com.ibm.ws.webcontainer.dispatcherRethrowSER custom property. When we enable the com.ibm.ws.webcontainer.dispatcherRethrowSError custom property by setting its value to true, the com.ibm.ws.webcontainer.dispatcherRethrowSER custom property is also set to true.
(ZOS) com.ibm.ws.webcontainer.divertrecursiveexceptiontoerrorlog
When a recursive error occurs in an application, the exception message is logged by the trace audit method, which directs the message to the system console. If we need the message to be logged in the error log instead, add the com.ibm.ws.webcontainer.divertrecursiveexceptiontoerrorlog custom property to the web container configuration settings, and set the property to true. When true, exception messages are sent to the error log instead of to the system console.
Name Default value com.ibm.ws.webcontainer.divertrecursiveexceptiontoerrorlog false com.ibm.ws.webcontainer.donotservebyclassname
Specify a list of classes that cannot be served by the class name.
Name Default value com.ibm.ws.webcontainer.donotservebyclassname none com.ibm.ws.webcontainer.emptyServletMappings
If true, return an empty collection when the servlet mappings are requested by the getMappings() method and no mappings have yet been added.
Name Default value com.ibm.ws.webcontainer.emptyServletMappings false com.ibm.ws.webcontainer.enabledefaultservletrequestpathelements
To correctly map a request to a default servlet, we must determine the proper servlet path and PathInfo values. The following table shows the effects on the Servlet Path and PathInfo values when we set the com.ibm.ws.webcontainer.enabledefaultservletrequestpathelements custom property to a true or false value.
Value Servlet Path value PathInfo value true Set to the contents of the URI after the Context Path Set to a null value false (Default) Set to an empty string Set based on the contents of the URI after the Context Path com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst
When an exception occurs, the Web container searches for an error page to handle that exception. The default search order is:
- Any matching error-code error page
- Any matching exception-type error page
The matched error-code page is always returned even if there is also a matching exception type error page defined in the web.xml file. To have the Web container search and use the exception-type before the error-code, set this property to true.
Name Default value com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst false com.ibm.ws.webcontainer.enableExactMatchJSecurityCheck
Allow the keyword j_security_check to be used as part of the name of a resource. Typically, if a URI contains the keyword j_security_check the login process is initiated.
Name Default value com.ibm.ws.webcontainer.enableExactMatchJSecurityCheck false com.ibm.ws.webcontainer.enableJspMappingOverride
When a url-pattern is defined in the jsp-property-group of the web.xml, file, it is typically mapped to, and handled by the JavaServer Page (JSP) engine. If we have applications that must override this mapping so that they can handle and serve the JSP content themselves, set the com.ibm.ws.webcontainer.enableJspMappingOverride property to true.
Name Default value com.ibm.ws.webcontainer.enableJspMappingOverride false com.ibm.ws.webcontainer.enableMultiReadOfPostData
Set to true to enable multiple reads of post data. When set to true, the post data can be read multiple times as either an InputStream or Reader, and as parameters.
When the web container is enabled for multiple reads of post data, we can set up an application to complete the following actions if we want that application to re-read post data from the beginning using either an InputStream or Reader:
- Obtain the InputStream or Reader
- Read the data
- Close the InputStrean or Reader
If either the first or third action does not occur, the next read of the post data is not reset to the beginning of that data.
The web container automatically completes this sequence if an application re-reads the post data as parameters.
Name Default value com.ibm.ws.webcontainer.enableMultiReadOfPostData false
com.ibm.ws.webcontainer.enablePostOnlyJSecurityCheck
Set to true to disable all login methods except the Program Operations Support Tool (POST) method. We can set this custom property in the administrative console through web container custom properties. The server returns a 404 response status when all login methods are disabled.
Name Default value com.ibm.ws.webcontainer.enablePostOnlyJSecurityCheck false
com.ibm.ws.webcontainer.excludehandledtypesclasses
Exclude the handle type classes from being passed into the onStartup method of the ServletContainerInitializer implementation class.
Name Default value com.ibm.ws.webcontainer.excludehandledtypesclasses false com.ibm.ws.webcontainer.extractHostHeaderPort and trusthostheaderport
The getServerPort method relies on the getVirtualPort method of the channel, which returns a port number in the following order:
- Port number from the request URL
- Port number from the request host header
This order is compliant with HTTP/1.1 RFC but not with the Java Servlet Specification v2.4 API, which requires the port number from the host header to be returned first, if any, or the request URL. The correct returned URL for the previous example is: http://ProxyServer:8888. The web container was modified to return a port number from the host header, if any, or the URL port that accepted the client connection. We must set the trusthostheaderport and the com.ibm.ws.webcontainer.extractHostHeaderPort custom property to true to return the port number from the request host header first. Using the administrative console, we would set these properties as follows:
trusthostheaderport = true com.ibm.ws.webcontainer.extractHostHeaderPort = true
We cannot set these properties in web.xml to have them take effect as intended. We can set these properties as web container custom properties in the administrative console using the following two sets of name-value pairs:
Name Default value com.ibm.ws.webcontainer.extractHostHeaderPort false trusthostheaderport false
(ZOS) com.ibm.ws.webcontainer.fileWrapperEvents
Static files are handled by a file wrapper that does not generate SMF and PMI data for static files. In v5.1 processing of static files was performed by SimpleFileServlet which generated both SMF and PMI data. If we are migrating from v5.1, and we need to generate SMF and PMI data when serving static files, add the com.ibm.ws.webcontainer.fileWrapperEvents custom property to the web container configuration settings, and set the property to true.
Name Default value com.ibm.ws.webcontainer.fileWrapperEvents false
(ZOS) com.ibm.ws.webcontainer.FileWrapperEventsLessDetail
The SMF type 120 record displays the name of the static resource instead of FileServletWrapper in the name field of a static file report. If we migrated from an earlier version of the product, and want your SMF type 120 record to display FileServletWrapper in the name field of a static file report, add the com.ibm.ws.webcontainer.FileWrapperEventsLessDetail custom property to the web container settings and set it to true.
Name Default value com.ibm.ws.webcontainer.FileWrapperEventsLessDetail false com.ibm.ws.webcontainer.finishresponseonclose
Indicate that we want the web container to close a connection when a servlet calls close() on a writer or output stream.
Typically, when a servlet calls close() on a writer or output stream, the web container sends the data that is written to the writer or output stream to the client, and then waits for the servlet service() method to finish before it closes the connection. This delay might be interpreted as a response completion delay, especially if a servlet service() method does not complete until sometime after the writer or output stream is closed.
Name Default value com.ibm.ws.webcontainer.finishresponseonclose false com.ibm.ws.webcontainer.ForceDifferentCookiePaths
When we configure an application to use a cookie to track the session, the default path for the cookie is set to the context root of the application. Therefore, the cookie is only sent to requests that are made to this application. To change the default path to be "/" (forward slash), such that the cookie is sent to requests for any application in this domain, set the ForceDifferentCookiePaths session manager custom property.
Name Default value com.ibm.ws.webcontainer.ForceDifferentCookiePaths false com.ibm.ws.webcontainer.handlingRequestWithOverridenPath
When an application overrides the URI pathinfo, the server does not use the overridden path to service the request, but instead uses the original request URI pathinfo. If we want the server to use the overridden URI path, then set com.ibm.ws.webcontainer.handlingRequestWithOverridenPath to true. Normally, when an application overrides the request URI path, that URI path is used by application and not by server.
Name Default value com.ibm.ws.webcontainer.handlingRequestWithOverridenPath false com.ibm.ws.webcontainer.HTTPOnlyCookies
Provide a level of defense against a client-side script that accesses a protected cookie and acquiring its content. When we use this custom property, we can prevent Java scripts running in a browser from accessing all cookies or a particular list of cookies of our choosing. The HTTPOnly attribute is added to each cookie specified in this custom property and enables protection from client-side script access.
- An asterisk (*) value means that all cookies are given the HTTPOnly attribute.
- A comma-delimited list of the specific cookies that are given the HTTPOnly attribute. Cookies might contain wildcard characters. The HTTPOnly attribute is only given to the matched cookies that are on this list.
Specifying com.ibm.ws.webcontainer.HTTPOnlyCookies with no operands means that the HTTPOnly attribute will NOT be added to any cookie, and any client-side Java script that runs in a browser can access the content of any cookies.
The following examples illustrate how to specify these two settings:
com.ibm.ws.webcontainer.HTTPOnlyCookies=*
com.ibm.ws.webcontainer.HTTPOnlyCookies=cookieName1,Account3Cookie,JsessionIDCookie names used in specifying com.ibm.ws.webcontainer.HTTPOnlyCookies are case-insensitive.
The HTTPOnly attribute for JSESSIONID and LTPA cookies is enabled by default. Before WAS v8.0, the com.ibm.ws.security.addHttpOnlyAttributeToCookies custom property default was false. For WAS v8.5, the default is true.
Because the HTTPOnly attribute is now set using the admin console field...
Set session cookies to HTTPOnly to help prevent cross-site scripting attacks
...to disable this function, click...
Server Types > Application servers > Session management > Cookies
...and clear the field.
For more information see: Cookie settings and Enablement and migration considerations of Security hardening features.
Name Default value com.ibm.ws.webcontainer.HTTPOnlyCookies none com.ibm.ws.webcontainer.ignoreinjectionfailure
If a resource or EJB injection fails during the servlet initialization process, an error message is written to the server log files. However, the error message is not propagated to the client. In addition, the servlet is put into service and it is not reinitialized until its application is restarted. During this time, if a request is received that references the resource, which previously failed to inject, a NullPointerException exception results. Similarly, this problem can occur during the filter and listener initialization processes.
Enables us to specify whether to propagate these error messages and whether to put a servlet into service. By default, the custom property is set to false, which retains the previously described behavior. To enable the propagation of these injection exceptions to the client and to not put the servlet into service, we must leave this custom property set to false.
Name Default value com.ibm.ws.webcontainer.ignoreinjectionfailure false com.ibm.ws.webcontainer.ignoreInvalidQueryString
When the web container encounters an encoding character in a query string pair that is not valid, it throws an IllegalArgumentException exception and, by default, ignores the entire query string. In applications where every field in the query string is an essential resource, it might not be desirable to ignore the entire query string. If we set the com.ibm.ws.webcontainer.ignoreInvalidQueryString custom property to true, the web container ignores query string pairs that are not valid and continues to process valid query string pairs.
Name Default value com.ibm.ws.webcontainer.ignoreInvalidQueryString false com.ibm.ws.webcontainer.ignorePostConstructOverriddenMethod
If a parent class has its annotated @PostConstruct method that is overridden by a subclass, when the target subclass annotated method is called, the web container invokes the target subclass twice. If we set the com.ibm.ws.webcontainer.ignorePostConstructOverriddenMethod custom property to true, the web container invokes the target subclass method only once, and any parent's overridden methods are ignored.
Name Default value com.ibm.ws.webcontainer.ignorePostConstructOverriddenMethod false com.ibm.ws.webcontainer.ignoreSemiColonOnRedirectToWelcomePage
If set to true, the web container ignores the semicolon and everything after it when redirecting to the welcome page.
Name Default value com.ibm.ws.webcontainer.ignoreSemiColonOnRedirectToWelcomePage false com.ibm.ws.webcontainer.IgnoreSessiononStaticFileRequest
The web container accesses a session for the static file requests involving filters. This action can result in a performance degradation, for example, when running with database session persistence. If we set the com.ibm.ws.webcontainer.IgnoreSessiononStaticFileRequest custom property to true, the web container cannot access a session for the static files requests involving filters.
Name Default value com.ibm.ws.webcontainer.IgnoreSessiononStaticFileRequest false com.ibm.ws.webcontainer.initFilterBeforeInitServlet
Set to true to initialize filters before initializing load-on-startup servlets during the start process for an application.
Both the com.ibm.ws.webcontainer.invokeFilterInitAtStartup property and the com.ibm.ws.webcontainer.initFilterBeforeInitServlet property must be set to true for the filters to be initialized first on application start.
Name Default value com.ibm.ws.webcontainer.initFilterBeforeInitServlet false com.ibm.ws.webcontainer.invokeFilterAfterService
Ensure that the web container does not call the failing flush() when the OutputStream is closed.
Name Default value com.ibm.ws.webcontainer.invokeFilterAfterService true com.ibm.ws.webcontainer.invokeFilterInitAtStartup
Enable the web container to invoke the init method and initialize a filter during the start process for an application.
Name Default value com.ibm.ws.webcontainer.invokeFilterInitAtStartup false
com.ibm.ws.webcontainer.invokeflushafterserviceforstaticfileresponsewrapper
Set this custom property to false so that the web container does not flush the response after service for a request to a static file when the application uses a response wrapper.
Name Default value com.ibm.ws.webcontainer.invokeflushafterserviceforstaticfileresponsewrapper true com.ibm.ws.webcontainer.KeepUnreadPostDataAfterResponseSentToClient
This property indicates whether post data is available to read after the client response is completed, following either the completion of a forward request completes, or a return from a sendRedirect. If set to true, post data is available to read after the client response is completed either after a forward request completes, which is the default behavior, or on a return from a sendRedirect, which occurs when the com.ibm.ws.webcontainer.SendResponseToClientAsPartOfSendRedirect custom property is set to true. However, setting this property to true requires unread post data to be held in memory until the target resource completes, and increases memory usage.
Name Default value com.ibm.ws.webcontainer.KeepUnreadPostDataAfterResponseSentToClient false com.ibm.ws.webcontainer.logServletContainerInitializerClassloadingErrors
When we examine the classes of an application to see whether they match any of the criteria that is specified by the HandlesTypes annotation of a ServletContainerInitializer, the container might run into class loading problems if one or more of the optional application JAR files are missing. Because the container does not decide whether these types of class loading failures prevent the application from working correctly, it ignores the failures and provides a configuration option that logs them.
Setting this property to true turns on logging.
Name Default value com.ibm.ws.webcontainer.logServletContainerInitializerClassloadingErrors false com.ibm.ws.webcontainer.mapFiltersToAsterisk
When the web container processes a request, it recognizes servlet mappings to "*" as the same as servlet mappings to "/*". To provide the same behavior with filter mapping, set true, which causes the web container to recognize filter mappings to "*" as a filter mapping to "/*". This custom property is not case-sensitive.
Name Default value com.ibm.ws.webcontainer.mapFiltersToAsterisk false com.ibm.ws.webcontainer.maxParamPerRequest
Change the maximum number of parameters allowed in the inbound requests, based on the applications and environment. The maximum number of parameters allowed per inbound request (GET or POST) defaults to 10000.
We can set this property to -1 if we do not want to limit the number of parameters that can be included in a request.
Name Default value com.ibm.ws.webcontainer.maxParamPerRequest 10000 com.ibm.ws.webcontainer.metainfresourcescachesize
Change the number of entries in the META-INF resource cache. The default for this property is 20.
Name Default value com.ibm.ws.webcontainer.metainfresourcescachesize 20 com.ibm.ws.webcontainer.modifiedFileNotFoundExceptionBehavior
When a file does not exist and is the target of an include or forward operation for a request dispatcher, a FileNotFoundException occurs. You enable this file not found exception behavior by setting this custom property to true and allowing the exception to be thrown when a file does not exist. If set to false, the FileNotFoundException is suppressed as well as any logging of the failure. Also, if such a request results in a 404 exception, FFDCs are no longer created.
Name Default value com.ibm.ws.webcontainer.modifiedFileNotfFoundExceptionBehavior true com.ibm.ws.webcontainer.ModifiedSinceLaterThanFileTimeStamp
When true, the web container returns a 304 response if the If-Modified-Since timestamp of the requested variant is newer than the timestamp of the target variant.
Name Default value com.ibm.ws.webcontainer.ModifiedSinceLaterThanFileTimeStamp false com.ibm.ws.webcontainer.normalizerequesturi
Typically, request URI 404 errors do not occur if a request URI is submitted from a browser, because most modern browsers automatically normalize a request URI before calling WAS. Therefore, by default, the web container does not normalize a request URI before trying to resolve that URI to an application and servlet mapping.
A request URI, that includes /./ or /../ as part of an application context, with not been normalized, might fail with a 404 error. Similarly, a request URI, that includes /./" or /../ as part of a servlet path, that is not normalized, fails to match a servlet mapping, which also results in a 404 error, even though the URI is normalized before resolving the URI to a JavaServer Pages (JSP) or static file.
We can set the com.ibm.ws.webcontainer.normalizerequesturi custom property to true and the web container normalizes these types of request URIs.
Name Default value com.ibm.ws.webcontainer.normalizerequesturi false com.ibm.ws.webcontainer.parseUTF8PostData
If the web container attempts to process a request that includes UTF-8 post data that is not URL encoded, the target resource accesses the post data as parameters. However, the UTF-8 data is not decoded correctly and the result data might be lost.
To resolve this issue, set the com.ibm.ws.webcontainer.parseUTF8PostData custom property to true. When the web container processes parameters, it detects UTF-8 post data that is not URL encoded and includes the data in the parameter values.
To use this function, set the value to true.
Name Default value com.ibm.ws.webcontainer.parseUTF8PostData false com.ibm.ws.webcontainer.preserveRequestParameterValues
Use this custom property to preserve the original values of the parameter values used on the request.
The javax.servlet.ServletRequest.getParameterValues() method returns an array of String of the request parameter values. If this array of String is modified directly, the original request parameter values can be lost. Any subsequent call to javax.servlet.ServletRequest.getParameterValues() method returns the modified values.
To use this function, set the value to true.
Name Default value com.ibm.ws.webcontainer.preserveRequestParameterValues false com.ibm.ws.webcontainer.provideQStringToWelcomeFile
Typically, when a request is initially sent to the context root of the application, the request is forwarded to a welcome file. If a query string is included in an initial request, it is unavailable to the welcome file if you included the request.getQueryString() attribute in the welcome file. However, the query string is available to the welcome file if you included the javax.servlet.forward.query_string attribute in the welcome file.
If use the request.getQueryString() attribute, instead of the javax.servlet.forward.query_string attribute, to make the query string available to the welcome file, add the com.ibm.ws.webcontainer.provideQStringToWelcomeFile custom property to the web container configuration and set the property to true.
Name Default value com.ibm.ws.webcontainer.provideQStringToWelcomeFile false com.ibm.ws.webcontainer.RedirectWithPathInfo
The Servlet 3.1 specification ignores com.ibm.ws.webcontainer.RedirectWithPathInfo. To use the property, set the com.ibm.ws.webcontainer.servlet30compatibility to true, then set the com.ibm.ws.webcontainer.RedirectWithPathInfo to true.
When the redirect location provided is a relative URL and is without a leading slash, /, then during the conversion of the relative URI value to an absolute URL, the server removes the pathInfo from the existing URI. To ensure that the pathInfo is retained and not removed, set com.ibm.ws.webcontainer.RedirectWithPathInfo to true.
Name Default value com.ibm.ws.webcontainer.RedirectWithPathInfo false com.ibm.ws.webcontainer.removeAttributeForNullObject
By default, the getAttributeNames() method can return an attribute name whose value is set to null if the value passed to the ServletRequest.setAttribute() or ServleContextt.setAttribute() method is null. This default behavior is not in accordance to the API.
If we want the web container to remove the attribute if the null object is passed to the ServletRequest.setAttribute() or ServleContextt.setAttribute() method, add this com.ibm.ws.webcontainer.removeAttributeForNullObject custom property to the web container configuration, and set the property to true.
Data type Default Boolean false com.ibm.ws.webcontainer.returnDefaultContextPath
Return the correct context path when an application is installed on the default context root. For example, when the property is set to true, the context path is set to an empty string for any application installed on the default context root.
Data type Default Boolean False com.ibm.ws.webcontainer.returnzeroendofinputstream
By default, when a servlet calls the java.io.InputStream.available method, the method can return a -1 value when the end of the data stream is reached. If our code allocates a new buffer when the returned value is -1, such as with the byte[InputStream.available()] code, a maximum integer buffer is created. This maximum integer buffer can cause your system to run out of memory. To avoid the out of memory condition, check the return value of the InputStream.available method and if it is less than the value of 0, do not allocate a new buffer. Alternatively, set this custom property to the true value so that the java.io.InputStream.available method returns a 0 value instead of a -1 value.
Data type Default Boolean False com.ibm.ws.webcontainer.searchMetaInfResourcesDuringAppStart
Disable the enhanced feature when searching for the /META-INF/resources.
Data type Default Boolean True com.ibm.ws.webcontainer.SendResponseToClientAsPartOfSendRedirect
This property indicates whether a response is completed as part of a sendRedirect request. If set to true, a response is completed as part of a sendRedirect request, and any post data associated with the request is not available for a read on return from sendRedirect.
The default is false.
Name Default value com.ibm.ws.webcontainer.SendResponseToClientAsPartOfSendRedirect false com.ibm.ws.webcontainer.SendResponseToClientWhenResponseIsComplete
This property indicates whether a response is completed on return from a forward request.
If set to false, a response is not completed on return from a forward request. Instead, it is delayed until the target resource completes. Post data is available for a read after the forward completes.
Name Default value com.ibm.ws.webcontainer.SendResponseToClientAsPartOfSendRedirect true com.ibm.ws.webcontainer.setAsyncDispatchRequestURI
If set to true, the web container sets the current request URI as the target of the async dispatch.
Name Default value com.ibm.ws.webcontainer.setAsyncDispatchRequestURI false com.ibm.ws.webcontainer.setcontenttypebysetheader
When autoResponseEncoding is enabled or when the com.ibm.ws.webcontainer.contentTypeCompatibility property is set, the application server sets the content type of the response using an internal method. To enable setting the content-type using the ServletResponse.setContentType method instead, we need to set the com.ibm.ws.webcontainer.setcontenttypebysetheader custom property to false.
Name Default value com.ibm.ws.webcontainer.setcontenttypebysetheader true com.ibm.ws.webcontainer.ServeWelcomeFileFromExtendedDocumentRoot
Typically, the first time the web container handles a request for a static welcome page that is not a JavaServer Pages (JSP) file, the web container does not search the ExtendedDocumentRoot for the welcome file unless the request for that welcome file is fully qualified. If the request is fully qualified, the web container serves the welcome file, and the context root of the application displays the welcome file. If the request for the static welcome file is not fully qualified, the web container returns a 404 error, which indicates that the web container did not find the welcome file.
After the web container successfully serves a welcome file, the web container creates a mapping for that welcome file. The web container then uses this mapping to handle future requests for the welcome file, eliminating the need for subsequent requests to be fully qualified.
If we want the web container to always search an application defined ExtendedDocumentRoot for a welcome file, even if the request is not fully qualified, we can add the com.ibm.ws.webcontainer.ServeWelcomeFileFromExtendedDocumentRoot custom property to the web container settings, and set this property to true.
Name Default value com.ibm.ws.webcontainer.ServeWelcomeFileFromExtendedDocumentRoot false com.ibm.ws.webcontainer.ServletDestroyWaitTime
By default, when an application is stopped the web container waits up to 60 seconds for each active request for a resource of that application to complete. We can now define the com.ibm.ws.webcontainer.ServletDestroyWaitTime web container custom property to control the amount of time that the web container waits for an active request to complete when the owning application is stopped.
Set to an integer value, which specifies the number of seconds to wait for a request to complete. The default is 60 seconds.
Name Default value com.ibm.ws.webcontainer.ServletDestroyWaitTime 60 com.ibm.ws.webcontainer.setUnencodedHTMLinsendError
Typically, the web container encodes the specified error messages before formatting them to prevent Cross-Site Scripting (XSS) attacks on the client if the application does not sanitize these messages. However, the Java Servlet Specification for the sendError(int, String) method, indicates that the server should create the response to look like an HTML-formatted server error page.
If we do not want the web container to encode the specified error messages before formatting them, add the com.ibm.ws.webcontainer.setUnencodedHTMLinsendError custom property to the web container configuration settings, and set the property to true.
Name Default value com.ibm.ws.webcontainer.setUnencodedHTMLinsendError false com.ibm.ws.webcontainer.skipInputStreamReadOnError
If set to true, the web container stops reading the remaining POST data if there is an exception before or during the parsing of POST data.
This property must be used in pair with the preventRequestBodyPurge channel custom property set to true.
Name Default value com.ibm.ws.webcontainer.skipInputStreamReadOnError false com.ibm.ws.webcontainer.SkipMetaInfResourcesProcessing
The web container searches for static files and JavaServer Pages (JSP) files in different locations, depending on application configuration. A web fragment comprises a JAR file in an application WEB-INF/lib directory. The JAR file might include static resources in a META-INF/resources directory defined within the JAR file. To prevent the web container from searching the META-INF/resources directories, set the com.ibm.ws.webcontainer.SkipMetaInfResourcesProcessing web container custom property to true.
The default value for the custom property is false.
Name Default value com.ibm.ws.webcontainer.SkipMetaInfResourcesProcessing false com.ibm.ws.webcontainer.suppressheadersinrequest
Suppress the inclusion of request headers that start with special characters, such as "$" or "_". Some applications do not handle request headers that start with special characters.
The value specified for this custom property is a delimited list of the header prefixes to be suppressed.
Example:
com.ibm.ws.webcontainer.suppressheadersinrequest=$WS,_WS
Name Default value com.ibm.ws.webcontainer.suppressheadersinrequest none com.ibm.ws.webcontainer.suppressHtmlRecursiveErrorOutput
During a recursive error an application-specified error page cannot handle, the stack trace and error message are output as an HTML page. This information includes class names and program information that the application developer does not want expose to the user.
We can set the com.ibm.ws.webcontainer.suppressHtmlRecursiveErrorOutput web container custom property to suppress the HTML output of the error text, without changing the internal logging of the message. Set the custom property com.ibm.ws. webcontainer.suppressHtmlRecursiveErrorOutput to true to disable the HTML output of the error message to the user and present the user with blank page with a 500 error code.
Name Default value com.ibm.ws.webcontainer.suppressHtmlRecursiveErrorOutput false com.ibm.ws.webcontainer.suppressLastZeroBytePackage
Typically, the last zero-byte chunk is used to indicate to a client the end of the response data in a chunked encoded transmission. Some applications use this last zero to determine when the response data is received, and they can start processing it. If an error occurs in the application after the response headers are sent, the last chunk of data is still sent to the client. The client might not realize an error occurred, and attempt to process incomplete data.
If we set the com.ibm.ws.webcontainer.suppressLastZeroBytePackage custom property to true, if an error occurs in the application after the response headers are sent, the last chunk of data is not sent to the client.
Name Default value com.ibm.ws.webcontainer.suppressLastZeroBytePackage false com.ibm.ws.webcontainer.suppressLoggingFileNotFoundExceptions
The web container generates a severe error message with a FileNotFoundException stack trace in the JVM logs when a missing file is requested. This might not be a severe error if the wrong file was accidentally requested. Set to true to generate a warning message in the JVM logs instead of a severe error message when a file is not found.
Name Default value com.ibm.ws.webcontainer.suppressLoggingFileNotFoundExceptions false com.ibm.ws.webcontainer.suppressLoggingWebGroupVhostNotFound
Set to true to suppress the SRVE0255E message in the SystemOut.log.
This custom property is only supported on string with no wildcard (*) character.
Name Default value com.ibm.ws.webcontainer.suppressLoggingWebGroupVhostNotFound none com.ibm.ws.webcontainer.suppressServletExceptionLogging
If a servlet creates an exception, it is logged to the system console. If we do not want the web container to log servlet-created exceptions, add the com.ibm.ws.webcontainer.suppressServletExceptionLogging custom property to the web container configuration settings, and set the property to true.
Name Default value com.ibm.ws.webcontainer.suppressServletExceptionLogging false com.ibm.ws.webcontainer.throwMissingJspException
Set to true to create a FileNotFoundException when a resource that is included by a JSP file is missing. If this property is not set to true, an error page displays.
Name Default value com.ibm.ws.webcontainer.throwMissingJspException false com.ibm.ws.webcontainer.throwpostconstructexception
Set to true to propagate custom error messages to the error.xhtml file.
For transitioning users: The default value for this custom property changed from v7.0. In v7.0, the default value is false.trns
Name Default value com.ibm.ws.webcontainer.throwpostconstructexception true
(AIX)com.ibm.ws.webcontainer.tolerateLocaleMismatchForServingFiles
We might encounter a FileNotFound 404 error from the web container and the request is not served when the following encodings do not match:
- The file system encoding where an application is installed
- The file name encoding sent in a request URL
For example, if the request is for a double-byte character set (DBCS)-encoded file name and the file system locale is en_US, which is an ISO-8859 encoding, the match fails.
To resolve this issue, set the com.ibm.ws.webcontainer.tolerateLocaleMismatchForServingFiles custom property to true. When we set this custom property, the web container tolerates the mismatch of the file system and requested file name encodings. The web container then serves the request for a valid file.
Name Default value com.ibm.ws.webcontainer.tolerateLocaleMismatchForServingFiles false com.ibm.ws.webcontainer.useOriginalRequestState
If a request is overridden or the application implemented the ServletRequest interface, the application might fail to serve the request because either the overridden or implemented request object, instead of the request object, is being used to handling of the request. To ensure that the request object is used to handle the request, add the com.ibm.ws.webcontainer.useOriginalRequestState custom property to the web container configuration settings, and set it to true.
Name Default value com.ibm.ws.webcontainer.useOriginalRequestState false com.ibm.ws.webcontainer.useSemiColonAsDelimiterInURI
If true, the web container ignores the semi-colon; everything after it is also ignored when calling javax.servlet.http.HttpServletRequest.getPathInfo().
Name Default value com.ibm.ws.webcontainer.useSemiColonAsDelimiterInURI false com.ibm.ws.webcontainer.webgroupvhostnotfound
Error message SRVE0017W states Web Group not found: {0}, and error message SRVE0255 states A WebGroup/Virtual Host to handle {0} is not defined. These messages might be returned when the application called to process the request that is serviced by IBM WAS is not found. Use the com.ibm.ws.webcontainer.webgroupvhostnotfound custom property to change the text of these messages to text that is more suitable for the environment.
Name Default value com.ibm.ws.webcontainer.webgroupvhostnotfound none com.ibm.ws.webcontainer.xPoweredBy
Configure the value of the X-Powered-By header, which supplies the implementation information of the server.
Name Default value com.ibm.ws.webcontainer.xPoweredBy Servlet/3.0 com.ibm.websphere.management.application.sync.deleteSymbolicLinks
Symbolic links that exist in the application installation directory are deleted when the application is uninstalled or updated. To ensure that symbolic links are not deleted, add the com.ibm.websphere.management.application.sync.deleteSymbolicLinks custom property to the JVM and set it to false.
This property must be set at the node agent level.
Name Default value com.ibm.websphere.management.application.sync.deleteSymbolicLinks true com.ibm.wsspi.jsp.allowMultipleAttributeValues
Set to true to allow the web container to store multiple values for a custom tag attribute.
Name Default value com.ibm.wsspi.jsp.allowMultipleAttributeValues false com.ibm.wsspi.jsp.convertAttrValueToString
Set to true to convert start and end attributes of the repeat tag to strings before they are used.
Name Default value com.ibm.wsspi.jsp.convertAttrValueToString false com.ibm.wsspi.jsp.disableElCache
Set to true to disable the commons-el expression cache if we are experiencing out of memory conditions because the hash maps are held by the expression evaluator.
Name Default value com.ibm.wsspi.jsp.disableElCache false com.ibm.wsspi.jsp.disableResourceInjection
The resource injection feature accesses resources in applications differently than it did in earlier versions of the product, and causes the compiled method output to be larger than it was previously. If we have large JSP files that in earlier releases pushed the 65535 byte limit in the translated service method, they might now exceed this limit, causing the compile to fail.
If we encounter this situation, we can either break a large JSP file into smaller JSP files, and use <jsp:include> statements to combine them after they are compiled, or we can add the com.ibm.wsspi.jsp.disableResourceInjection custom property to the web container settings to disable the resource injection function during the JSP translation process. When true, the resource injection function is disabled for all applications.
To disable only the resource injection function for specific applications, we can add the disableResourceInjection JSP attribute to the ibm-web-ext.xmi files for those specific applications.
Name Default value com.ibm.wsspi.jsp.disableResourceInjection false com.ibm.wsspi.jsp.disableTldSearch
Improve application start time. By default, when an application starts, the JSP engine searches the application installation directories for the taglib descriptor (TLD) files. This search process might increase the start time for large applications with many files and directories. To disable this search process, set this property to true.
Name Default value com.ibm.wsspi.jsp.disableTldSearch false com.ibm.wsspi.jsp.enabledoublequotesdecoding
Set to decode an encoded double quotation mark character if it is embedded in a script function within a JavaServer Pages (JSP) file.
The JSP Container does not decode an encoded double quotation mark character during the translation of a JSP file. Instead, there is a dependency on the browser to decode it. However, when an encoded double quotation mark character exists inside a script function of a tag, the browser cannot decode it. Thus, when this custom property is not set, the encoded double quotation mark character causes the script function to malfunction.
When we set this custom property, the value affects all of our deployed applications. To affect an individual application, set the enableDoubleQuotesDecoding JSP attribute to true within the ibm-web-ext.xmi file in the application.
Name Default value com.ibm.wsspi.jsp.enabledoublequotesdecoding false com.ibm.wsspi.jsp.removexmlnsfromoutput
When the web container generates HTML code from a JSP document, the web container does not remove any xmlns attributes specified for tags in the JSP document. Therefore, when the JSP document is rendered on the browser, the xmlns attributes remain in the generated HTML code.
To ensure that the xmlns attributes are always removed from generated HTML code, add the com.ibm.wsspi.jsp.removexmlnsfromoutput custom property to the web container configuration settings and set this property to true.
When we set this custom property, the value affects all of our deployed applications. To affect an individual application, set the removeXmlnsFromOutput JSP attribute to true within the ibm-web-ext.xmi file in the application.
Name Default value com.ibm.wsspi.jsp.removexmlnsfromoutput false
(ZOS) ConnectionResponseTimeout
Use the ConnectionResponseTimeout property to set the maximum amount of time, in seconds, that the server waits for an application component to respond to an HTTP request. Set this variable for each of the HTTP transport channel definitions on the server. We must set this variable for both SSL transport channels and non-SSL transport channels. If the response is not received within the specified length of time, the servant might fail with ABEND EC3 and RSN=04130007. Setting this timer prevents client applications from waiting for a response from an application component that might be deadlocked, looping, or encountering other processing problems that cause the application component to hang.
Use the server custom properties protocol_http_timeout_output_recovery, and protocol_https_timeout_output_recovery, to indicate the recovery action that we want taken on timeouts for requests received over the HTTP and HTTPS transport channels.
Information Value Data type Integer Default 300 seconds
DebugSessionCrossover
The DebugSessionCrossover custom property enables code to do additional checks to verify that only the session associated with the request is accessed or referenced. Messages are logged if any discrepancies are detected.
The use of the DebugSessionCrossover property as a web container custom property is deprecated. We can now define it as a session management custom property.
To enable session data crossover detection, set this property to true
Name Default value DebugSessionCrossover false Refer to the HTTP session problems article for additional information.
DecodeUrlAsUTF8
The UTF-8 encoded URL feature, which provides UTF-8 encoded Uniform Resource Locators (URLs) to support the double-byte characters in URLs is enabled by default. We can prevent the web container from explicitly decoding URLs in UTF-8 and have them use the ISO-8859 standard, as set in the current HTTP specification, by setting this custom property to false.
Name Default value DecodeUrlAsUTF8 true DisableMultiThreadedServletConnectionMgmt
Enable connections to be reused across servlets. Complete the following steps to use this property as a web container custom property from the administrative console:
- Click Application servers > server > Web container > Custom properties.
- Create the DisableMultiThreadedServletConnectionMgmt property and set its value to true.
When this property is enabled, if the connection handle is not closed and the servlet ends, the web container (as part of postinvoke), parks the connection and does not close the connection handle.
Name Default value DisableMultiThreadedServletConnectionMgmt false com.ibm.ws.webcontainer.denyDuplicateFilterinChain
When an inbound request URI maps to multiple URL filter mappings the filter chain is updated with the same filter multiple times, causing the filter to be invoked multiple times for the same URI. If we add denyDuplicateFilterinChain = true, a filter is not added to a filter chain if it is already present in that chain.
Name Default value com.ibm.ws.webcontainer.denyDuplicateFilterinChain false enableInProcessConnections
Reduce response times and to reduce the number of threads used to service a request, which reduces the potential for a deadlock. The custom property applies for JAX-RPC and JAX-WS scenarios, but not for JAX-RS scenarios.
An optimized communication path between a web services client application and a web container are in the same application server process. Requests from the web services client that are normally sent to the web container using a network connection are delivered directly to the web container using an optimized local path. The local path is available because the web services client application and the web container run in the same process. This optimized communication path is disabled by default. Before this property is enabled, make sure that wildcards are not specified for the web container ports. Use specific ports for the web container when the optimized communication path is enabled.
To enable the optimized communication path, set this property to true.
Name Default value enableInProcessConnections false Refer to Web services client to web container optimized communication in the product documentation for additional information.
Some web services applications cannot safely share threads. If errors occur, also set the jaxws.useSafeIPC JVM property to true.fileServingEnabled, directoryBrowsingEnabled, and serveServletsByClassnameEnabled
fileServingEnabled, directoryBrowsingEnabled, and similar properties are global settings for internal servlets. Web application archive (WAR) files that are packaged using third-party tools cannot specify behavior for the services exposed by the web container internal servlets.
Use the fileServingEnabled, directoryBrowsingEnabled, and serveServletsByClassnameEnabled properties to globally enable and disable the fileServing, directoryBrowsing, and serveServletsByClassname functions for internal servlets for all web applications at the web container level.
- Setting the fileServingEnabled, property to false disables the fileServing function.
- Setting the directoryBrowsingEnabled, property to true enables the directoryBrowsing function.
- Setting the serveServletsByClassnameEnabled property to true enables the serveServletsByClassnameEnabled function.
Name Default value fileServingEnabled true directoryBrowsingEnabled false serveServletsByClassnameEnabled false Sets defined in an assembly tool take precedence over the global settings that are set through the custom properties at the web container level.
Web application deployment extensions continue to hold configuration information for the services provided by the internal servlets, and take precedence over the global settings that are set through the custom properties at the web container level.
ForceSessionIdLengthCheck
Newly generated session IDs are, by default, 23 characters in length, unless we use the HttpSessionIdLength custom property to specify a different maximum length for our session IDs.
When an incoming request has a session ID that is longer than the expected session ID length, and whose prefix is identical to a pre-existing session ID, the longer ID is used to return a new session. If the length of the session ID on the incoming request is larger, then the maximum length specified for our system, such that it exceeds the width of the ID column in the session table column used in database persistence, an SQL0302 error occurs.
To prevent the occurrence of these SQL0302 errors, we can add the ForceSessionIdLengthCheck custom property to the web container custom properties and set it to true. When this custom property is set to true, the length of a session ID cannot exceed 23 characters. If an incoming request has a session ID that is longer than 23 characters, the first 23 characters are used to return a new session.
Name Default value ForceSessionIdLengthCheck false ForceSessionInvalidationMultiple
The ForceSessionInvalidationMultiple custom property indicates whether the session manager waits indefinitely for a request to complete before it attempts to invalidate the session, or attempts to invalidate a session after the specified time limit elapses.
- If we specify 0 (zero) for this custom property, the session manager waits indefinitely until a request is complete before it attempts to invalidate the session.
If our requests normally are not bound by a response time limit, specify 0 for this property.
- If we specify a positive integer, such as 1, 2, or 3 for this custom property, even if a session is not known to have completed, the session manager attempts to invalidate the session if the indicated time period since the last access occurred elapses. This time period is the result of multiplying the value specified for this property and the value specified for the Session Timeout property. For example, if we specify 2 minutes for the Session Timeout property and 2 for the ForceSessionInvalidationMultiple property, the session manager attempts to invalidate the session after 4 minutes.
To invalidate your sessions after a certain amount of time elapses, specify the appropriate positive integer for this property.
Name Default value ForceSessionInvalidationMultiple 1 httpsIndicatorHeader
The custom property httpsIndicatorHeader manages HTTPS requests that are forwarded to an application server from an SSL offloader used in front of WAS. When an HTTPS request is received by an SSL offloader, it is redirected over HTTP to an application server using WAS. The SSL offloader must be configured to add a special header that indicates that the original request was over HTTPS. The httpsIndicatorHeader property specifies the request header key name added by the SSL box. The application server checks this indicator to determine whether SSL is required. If it determines the request is SSL over HTTP, an HTTPS scheme is chosen.
Name Default value httpsIndicatorHeader none HttpSessionIdReuse
The custom property HttpSessionIdReuse determines whether the session manager can use the session ID sent from a browser to preserve session data across web applications running in an environment that is not configured for session persistence. In a multi-JVM environment, that is not configured for session persistence, setting this property to true enables the session manager to use the same session information for all of a user's requests, even if the web applications that are handling these requests are governed by different JVM files. The default value for this property is false.
The use of the HttpSessionIdReuse property as a web container custom property is deprecated. You now define this functionality as a session management custom property.
To enable the session manager to use the session ID sent from a browser to preserve session data across web applications running in an environment that is not configured for session persistence, set this property to true.
Name Default value HttpSessionIdReuse false listeners
The servlet specification supports applications that register listeners for servlet-related events on an individual application basis through the web.xml descriptor. However, using the listeners custom property, we can enable a server to listen to servlet events across web applications.
To implement global listening, a listener is registered at the web container level and is propagated to all of the installed and new web applications. This global behavior of internal servlet listeners is controlled by the listeners custom property using the following name-value pair format.
listeners=listener_class
Name Default value listeners none The value for this property is a string, specifying a comma-separated list of listener classes. The listener supplied must implement standard listener classes from the Java Servlet API or IBM listener extension classes.
(ZOS) MutualAuthCBindCheck
This property is only valid on the z/OS platform. Use the MutualAuthCBindCheck property to specify whether a client certificate is resolved to a SAF principal.
Use the MutualAuthCBindCheck property to specify whether a client certificate is resolved to a SAF principal. If set to true, all SSL connections from a browser must have a client certificate, and the user ID associated with that client certificate must have RACF CONTROL authority for CB.BIND.servername. Regardless whether client certificate authentication is being used in an SSL connection, if these conditions are not met, the connection is closed. Issue the following RACF command to give the user ID associated with that client certificate RACF CONTROL authority:
PERMIT CB.BIND.<optional SAF profile prefix>.clustername CLASS(CBIND) ID(clientCertUserid) ACCESS(CONTROL)
Name Default value MutualAuthCBindCheck false prependSlashToResource
WAS 5.x supports Uniform Resource Locators (URLs) without leading front slashes ( / ). To preserve compatibility, we can set this custom property to true. When true, the web container ignores the specification and considers URLs without the leading front slash, use the following name-value pair.
Name Default value prependSlashToResource false com.ibm.ws.webcontainer.suppressLoggingServiceRuntimeExcep
Suppress the logging of any RuntimeException that occurs during service of a servlet.
By default, the Web container logs the exception of type RuntimeException in the JVM logs, if the exception occurs during the service of a servlet. When true, the web container does not log any type of RuntimeException that occurs during service of a servlet.
Setting this property to true suppresses only the logging of exceptions of the type RuntimeException. Setting this property to true does not affect exceptions that are thrown back to the caller.
Name Default value com.ibm.ws.webcontainer.suppressLoggingServiceRuntimeExcep false trusted
The trusted custom property enables the application server to use inbound private headers from the web server plug-in. These inbound private headers notify the application server about the connection to the web server. When we set the custom property to true, the application server uses the asserted information on the client certificates. These client certificates are used by the user to connect to the web server and establish the client information, which is treated as the certificate for the user. Then, the application server uses the certificate information for authentication purposes when client certificate authentication is used or when the application code accesses the javax.net.ssl.peer_certificates certificates. Because this information is asserted, it is insecure and potentially vulnerable to an attacker that is able to connect directly to the application server and bypass the web server.
If we allow direct connections to the application server and use client certificates, we must set this custom property to false.
Name Default value trusted true
(Dist)UseOracleBLOB
The UseOracleBLOB custom property creates the HTTP session database table using the Binary Large Object (BLOB) data type for the medium column. This property increases performance of persistent sessions when Oracle databases are used.
Because of an Oracle restriction, BLOB support requires use of the oci database driver for Oracle for more than 4000 bytes of data. We must also ensure that a new sessions table is created before the server is restarted by dropping our old sessions table or by changing the datasource definition to reference a database that does not contain a sessions table.
To create a sessions table using the BLOB data type, set this property to true.
The use of the UseOracleBLOB property as a web container custom property is deprecated. You now define this function as a session management custom property.
Name Default value UseOracleBLOB false
(Dist)setContentLengthOnClose
Toggle whether or not the content length should be set when an application explicitly closes the response.
The default and recommended value is true. However, set the value to false if an application response contains double-byte characters.
Name Default value setContentLengthOnClose true com.ibm.ws.webcontainer.servlet30compatibility
When this custom property is set to true, behavior changes that are made for servlet 3.1 revert to the following servlet 3.0 behavior:
- If we invoke AsyncContext.getRequest() or AsyncContext.getResponse() after AsyncContext.dispatch() or AsyncContext.complete(), the server does not throw an IllegalStateException.
- If we invoke ServletResponse.reset(), the status of calling getWriter() or getOutputStream() is not cleared.
- If we invoke the following ServletContext methods, the server does not throw an UnsupportedOperationException:
- ServletContext.getClassLoader()
- ServletContext.getEffectiveMajorVersion()
- ServletContext.getEffectiveMinorVersion()
- ServletContext.getFilterRegistration()
- ServletContext.getFilterRegistrations()
- ServletContext.getServletRegistration()
- ServletContext.getServletRegistrations()
- ServletContext.declareRoles()
- ServletContext.getVirtualServerName()
- The WebContainer does not stop the registration of a servlet with a duplicate url mapping. An existing application starts normally. However, deploying a new application containing conflicts with multiple servlets that are mapped to the same url-pattern still fails to deploy.
- The value set in the com.ibm.ws.webcontainer.RedirectWithPathInfo WebContainer custom property is not ignored.
- If a servlet throws an IOException and there is a filter configured for that request, the WebContainer throws a ServletException.
The default and recommended value is false. However, we can set the value to true to revert to 3.0 behavior.
Name Default value com.ibm.ws.webcontainer.servlet30compatibility false
Related:
Enablement and migration considerations of Security hardening features Modify the default web container configuration Configure transport chains HTTP session problems Web services client to web container optimized communication JavaServer Pages specific web container custom properties Cookie settings HTTP transport channel custom properties