Type to start searching...
A Server specifies it's type (e.g. WebSphere) and various other settings to support deployment.
anyAttribute
Any attribute
anonRPC : boolean
True to enable anonymous access to HTTP/soap, HTTP/text, HTTP/web and HTTP/xml RPC protocols; false to disable.
Anonymous requests will be processed in an invocation context where the user is the user specified in the "anonUser" property. The HTTP/text RPC protocol is used by all the clients except for the flat page client.anonUser : string
The user that anonymous HTTP requests will be authenticated as.
Set this property to enable anonymous access to the server. Details on how this works can be found in the httpAnonymousURL documentation. The Domain is appended to the user by the framework when SPNEGO used.anonWeb : boolean
True to enable anonymous access to the flat page client.
Anonymous requests will be processed in an invocation context where the user is the user specified in the "anonUser" property.authCacheTimeout : nonNegativeLong
Number of milliseconds for which a security context should be cached.
Valid values based on“long”. | |
---|---|
0 (minInclusive) |
authCert : boolean
True to enable client certificate authentication access to all RPC and UI endpoints.
authComponent : string
Authentication interceptor component.
authDebug : boolean
True to enable authentication debugging.
authDomain : string
Authentication domain or Kerberos realm, usually DOMAIN.EXT in capital letters.
EXAMPLE.COM
authGroup : string
Authentication group/role granting server request privileges.
All application users must be in this group, as received from the authentication layer.
nexjusers
authNaming : authNaming
Authentication principal naming: long to append the domain, short to remove, default to keep unchanged.
Valid values based on“string”. | |
---|---|
default | |
short | |
long |
authProtocol : authProtocol
Authentication protocol.
Valid values based on“string”. | |
---|---|
basic |
Basic user name/password authentication |
form |
Login form-based user name/password authentication |
spnego |
SPNEGO authentication - http://en.wikipedia.org/wiki/SPNEGO |
certificate |
Client certificate authentication |
perimeter |
Token-based SSO authentication |
container |
Container-specific authentication |
custom |
Interceptor component authentication |
authRPC : boolean
True to enable basic and SPNEGO authentication access to generic RPC protocols; false to disable.
Generic RPC protocols are HTTP/soap, HTTP/text, HTTP/web, HTTP/xml and EJB. They are used by all the clients except for the flat page client. If authProtocol is "certificate" and "trust" is not set, setting authRPC to "false" disables the generic RPC protocols altogether.authService : string
Authentication Kerberos service principal name (SPN), usually HTTP/host.domain.ext.
HTTP/localhost.example.com
buildBanner : string
Information to be displayed in the banner.
channelWarningTimeout : nonNegativeLong
Timeout in milliseconds before a warning is generated, 0 for infinite timeout.
Valid values based on“long”. | |
---|---|
0 (minInclusive) |
clientPerfStatusEnabled : boolean
True if Flat client deployments support logging performance metrics.
clusterAvailabilityTimeout : nonNegativeLong
The minimum time in milliseconds that must elapse before a node is considered unavailable in a cluster.
When the session manager detects a node as unavailable, it redirects requests aways from that node. When the object queue dispatcher detects a node as unavailable, it recovers all the persistent messages that were assigned to that node and stops delivering messages to it.Valid values based on“long”. | |
---|---|
0 (minInclusive) |
clusterCPUThreshold : percentage
The CPU usage at which a node is considered busy.
This value is used as a secondary metric for determining the most available node.Valid values based on“nonNegativeInt”. | |
---|---|
100 (maxInclusive) |
clusterKeystore : string
The base64 encoded keystore (inline) to be used for inter-cluster communication.
clusterMemoryLimit : percentage
The memory usage at which a node is considered overloaded. It is expressed as the percentage of utilization of the total heap.
This is the maximum memory usage allowed before session passivation is forced. When the object queue dispatcher node becomes overloaded, it initiates pre-emptive failover and a new non-busy node is selected to be the dispatcher.Valid values based on“nonNegativeInt”. | |
---|---|
100 (maxInclusive) |
clusterMemoryThreshold : percentage
The memory usage at which a node is considered busy. It is expressed as the percentage of utilization of the allocated heap.
This value is used as the primary metric for determining the most available node.Valid values based on“nonNegativeInt”. | |
---|---|
100 (maxInclusive) |
clusterPassword : password
The password for the clusterKeystore.
Valid values based on“string”. | |
---|---|
concurrentLoadingEnabled : boolean
True to enable concurrent metadata loading.
description : string
A meaningful description of what the deployment environment represents.
diagnosticLeakTimeout : nonNegativeLong
The minimum time in seconds that a pool resource must stay in use before a warning is logged about it being possibly hung.
Valid values based on“long”. | |
---|---|
0 (minInclusive) |
diagnosticRepeatTimeout : nonNegativeLong
The minimum time in seconds that must elapse before repeated system-triggered dumps on the same pool are logged.
A system-triggered dump occurs when a pool that has already allocated its maximum number of resources and fails to return a resource within its configured wait period.Valid values based on“long”. | |
---|---|
0 (minInclusive) |
diagnosticTrace : boolean
True to enable diagnostic object tracing on pool resources.
distributed : boolean
Enable clustering services.
dynamic : boolean
True to enable dynamic metadata deployment.
eventAudit : boolean
True to enable event triggered audit logging.
hideErrorValveReport : boolean
Flag to determine if the error report (custom error message and/or stack trace) is presented when an error occurs.
If set to true, then the error report is not returned in the HTML response. Default value: false See org.apache.catalina.valves.ErrorReportValve.hideErrorValveServerInfo : boolean
Flag to determine if server information is presented when an error occurs.
If set to true, then the server version is not returned in the HTML response. Default value: true See org.apache.catalina.valves.ErrorReportValve.httpAnonymousURL : string
HTTP server anonymous content URL.
To enable anonymous access you must specify a user in the environment's "anonUser" property.
The anonymous URL defaults to "/nexj/<env>/anon" where <env> is either specified in the "name" property or derived from the metadata namespace. This value can be overridden.
Requests made under this context are authenticated as the user specified in the environment's "anonUser" property. Flat web client is exposed if "anonWeb" is true. HTTP RPC protocols are exposed on anon if the "anonRPC" property is true. HTTP integration channels are exposed on anon if their "authentication" is "none".
To make static content from the web folder available over the anonymous channel you must first enable anonymous access as above, then whitelist the content. The way to add items to be whitelisted is to customize the "HTTPServer.Static" component and add your path to the "anon" Collection. It is currently populated with a few that are known to be needed for form authentication. Using the * wildcard character can be used in case a directory would like to be whitelisted (ex /fonts/*) or you can specify the full path to the static resource to be exposed (/document.pdf).
You must set the "anonUser" property and a channels "authentication" to "none".
http://server.example.com:port/myapp/anon (Yields Contact App URL: http://server.exmple.com:port/myapp/anon/channel/myChannelName)
httpAuthCookie : string
The HTTP authentication cookie name.
httpForbiddenEnabled : boolean
True to enable the HTTP 403 Forbidden response for a permanent authentication failure.
Otherwise HTTP 404 Not Found is used to hide the existence of an HTTP resource, as a deterrent. Defaults to false, as a deterrent on a security hardened server.httpFormErrorPage : string
Path from root of WAR to the login error page. Must start with "/".
httpFormLoginPage : string
Path from root of WAR to the login page. Must start with "/".
The login page is displayed when an unauthenticated request is made to any secured resource under the form-based-authentication URL. There should be a login form on this page, allowing the user to authenticate.
The login form should submit to the same URL from which it was served, i.e. action="". The POST request should have the username passed in the text field "j_username" and the password in "j_password".
httpGZip : boolean
Compress the HTTP traffic to minimize the network bandwidth
This does come with a substantial performance cost.httpLockTimeout : nonNegativeInt
HTTP session lock timeout in seconds (0 is unlimited).
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
httpLoginURL
The relative HTTP login URL.
Defaults to "/channel/sso:Login".httpLogoutDateCookie : string
The HTTP logout date cookie name.
This cookie stores the time at which the server will log out the user.httpLogoutURL
The relative HTTP logout URL.
Defaults to "/channel/sso:Logout".httpMaxSize : nonNegativeInt
Maximum HTTP request size in bytes (0 is unlimited).
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
httpPingURL
The relative HTTP ping URL.
Defaults to "/channel/sso:Ping".httpPrincipalCookie : string
The HTTP principal cookie name.
This cookie stores the login name of the user. This is used for debugging purposes only and no security features are dependent on it.httpReportURL : string
Reporting Base URL, to specify an external server to provide reporting functionality.
http://server.example.com:port/nexj/reports
httpSSOURL : httpURL
The root HTTP URL of the SSO Application.
Valid values based on“anyURI”. | |
---|---|
http[s]?://.* |
httpURL : string
HTTP server URL, if non-default.
If URL contains no HTTP context path, then context defaults to "/nexj/<env>" where <env> is either specified in the "name" property or derived from the metadata namespace.
If a port number is not specified, a default HTTP port number based on the value of the secureTransport attribute is used:
If secureTransport="false", the default port is 7080. If secureTransport="true", the default port is 7443. If a port number is specified, the system either uses that number or replaces it, depending on the following:
If the URL scheme aligns with the secureTransport value, meaning the URL scheme is "https" when secureTransport="true" and "http" when secureTransport="false", the specified port number is used.
If there is a mismatch between the URL scheme and the secureTransport value, the port number is replaced as follows:
If the URL scheme is "http" and secureTransport="true", the last three digits of the specified port are replaced with 443. This applies regardless of the number of digits in the port number. For example, 80 or 123 would be replaced with 443; 8441 would be replaced with 8443; and 12345 would be replaced with 12443.
If the URL scheme is "https" and secureTransport="false", the last three digits of the specified port are replaced with 080.
http://server.domain:port (Yields Contact App URL: http://server.domain:port/nexj/finance/ui/portlet)
http://server.domain:port/ (Yields Contact App URL: http://server.domain:port/ui/portlet)
http://server.domain:port/crm/ (Yields Contact App URL: http://server.domain:port/crm/ui/portlet)
/ (Yields Contact App URL: http://<default>/ui/portlet)
/crm (Yields Contact App URL: http://<default>/crm/ui/portlet)
installRoot : string
Websphere-specific property specifying absolute paths of AppServer locations separated by comma. The value is used by the deployment tool to push server config files and jars.
jnlpEnabled : boolean
True if Java Web Start deployment of the Rich Desktop Client is enabled.
jnlpPrivate : boolean
Restrict the Java Web Start download of the Rich Desktop Client to the private intranet.
journalDirectory : string
The directory in which to store the transactional journal.
If a relative path is specified then the journal directory is placed under the server data directory. The journal files are placed in a subdirectory named after the node name.
tx${test.clone}
journalEnabled : boolean
True to enable use of the transactional journal.
keystorePassword : password
The password for the SSL keystore that holds server certificates.
The password used for the application server's ssl.keystore file.
text:keypass
Valid values based on“string”. | |
---|---|
ldapAuthProtocol
The authentication protocol for connecting to the LDAP server.
Valid values based on“string”. | |
---|---|
kerberos |
Kerberos authentication http://en.wikipedia.org/wiki/Kerberos_%28protocol%29 |
simple |
Simple authentication |
ldapCacheTimeout : nonNegativeLong
Duration (in seconds) to cache LDAP query results; 0 to disable.
Valid values based on“long”. | |
---|---|
0 (minInclusive) |
ldapDomain : string
The user's domain. May contain: ${user_domain}, ${server_domain}, and ${default_domain}.
${user_domain}: Domain formed from the user's DN: "DC=a,DC=b,DC=c" becomes "a.b.c". ${server_domain}: Authentication domain in the .server file. ${default_domain}: Default realm from the krb5 configuration file.
ldapDomain="${user_domain}"
ldapDomain="${default_domain}"
ldapExpandParents : boolean
True to perform nested group search; false to return only direct parent groups.
ldapGroupContextDN : string
The DN to search for groups. May contain: ${user_domain}, ${server_domain}, and ${default_domain}.
${user_domain}: DN formed from the user principal's domain: "user@a.b.c" becomes "DC=a,DC=b,DC=c". ${server_domain}: DN of the authentication domain in the .server file. ${default_domain}: DN of the default realm from the krb5 configuration file.
ldapGroupContextDN="OU=Security Groups,OU=NexJ Systems,${user_domain}"
ldapGroupContextDN="${default_domain}"
ldapGroupFilter : string
The filter to use when querying groups.
(objectCategory=group)
ldapGroupNameAttribute : string
The group attribute that holds the group's name.
sAMAccountName
ldapGroupParentMap : string
List of "group attribute:group attribute" pairs for mapping groups to their parent groups.
Format is "child_attr1:parent_attr1;child_attr2:parent_attr2;...;child_attrN:parent_attrN".ldapGroupSearchScope : ldapScope
The scope to use when searching for groups.
Valid values based on“string”. | |
---|---|
oneLevel | |
object | |
subtree |
ldapPassword : password
The password to use to connect to the LDAP server corresponding to the ldapUser.
Valid values based on“string”. | |
---|---|
ldapURL : string
LDAP server URL for determining user group membership.
ldapUser : string
The user id to use to connect to the LDAP server.
Unspecified for silent sign on.ldapUserContextDN : string
The DN to search for users. May contain: ${user_domain}, ${server_domain}, and ${default_domain}.
${user_domain}: DN formed from the user principal's domain: "user@a.b.c" becomes "DC=a,DC=b,DC=c". ${server_domain}: DN of the authentication domain in the .server file. ${default_domain}: DN of the default realm from the krb5 configuration file.
ldapUserContextDN="OU=Users,OU=NexJ Systems,${user_domain}"
ldapUserContextDN="${default_domain}"
ldapUserDNAttribute : string
The user attribute that holds the user DN.
ldapUserFilter : string
The filter to use when querying users.
(objectCategory=user)
ldapUserGroupMap : string
List of "user attribute:group attribute" pairs for mapping users to groups.
Format is "user_attr1:group_attr1;user_attr2:group_attr2;...;user_attrN:group_attrN".ldapUserLoginAttribute : string
The user attribute that holds the login id.
userPrincipalName
ldapUserPrincipalAttribute : string
The user attribute that holds the Kerberos principal name without the realm.
ldapUserSearchScope : ldapScope
The scope to use when searching for users.
Valid values based on“string”. | |
---|---|
oneLevel | |
object | |
subtree |
location : string
Container-specific deployment location for the model.
For information about additional locations, see the topic Deploying NexJ Server.
For Model Server, the location could be: C:\java\container\deploy
loggingPlatformAdapter : string
Java class implementing logging platform adaptation.
maxLoginAttempts : string
Maximum login attempts (0 is unlimited) allowed before user is locked out.
maxMessageReceivers : nonNegativeInt
Maximum number of threads used by object queueing engine.
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
maxMessageSenders : nonNegativeInt
Maximum number of connections to the object queueing engine.
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
messagePort : nonNegativeInt
TCP/IP port to use for intra-cluster communication with the ObjectQueue engine.
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
name : string
The environment name to use for deployments. Derived from repository namespace if not specified.
nodes : string
Space-separated list of IP addresses with sign-separated port offsets of initial cluster members. Used by unicast cluster discovery protocols only. If unspecified, centralized persistent storage is used for obtaining the addresses.
10.0.0.2+1
password : password
Deployment administrator password.
Valid values based on“string”. | |
---|---|
passwordHashAlgorithm : string
The hash algorithm used to encrypt user's password.
persistenceCompression : boolean
Compress the persisted session state for reduced persistent storage (~5 times) at the cost of increased CPU utilization.
persistenceDirDepth : nonNegativeInt
Number of subdirectory levels created under the persistence directory.
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
persistenceDirectory : string
Shared directory for storing the persisted session state. If not specified, the sessions are persisted to the SessionDatabase data source.
persistentSession : boolean
Enable session persistence and advanced load balancing.
Session information is stored using a file system or a database.pixelPerfectReportsAudit : boolean
True to audit execution of pixel perfect reports to the report audit table in the audit datasource.
pollPeriod : nonNegativeLong
The time interval in ms for the client to poll the server for updates.
Default is 300000 (5 min).Valid values based on“long”. | |
---|---|
0 (minInclusive) |
previewThreshold : nonNegativeInt
Maximum document size in bytes for automatic preview.
202400
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
pushDisconnectDelay : nonNegativeLong
The time in ms for the push redirector to wait between client disconnections when dropping clients due to an error connecting to the push server. Default is 50.
Valid values based on“long”. | |
---|---|
0 (minInclusive) |
pushHeartbeat : nonNegativeInt
The time in ms of the period with which heartbeats are sent from the push server to the push redirector in order to detect stale or unresponsive connections (after 3 missed heartbeats). Default is 10000 (10 s).
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
pushPassword : password
The password with which the push redirector will authenticate with the push server node(s).
Specifies the password of the push user when used with the Push User property or the keystore password when used with the Push Certificate property.Valid values based on“string”. | |
---|---|
pushRedirectorURL : string
The URL (full path - host, port, and context path) of the push redirector.
http://localhost:port/nexj/pushRedirect
pushServerURLs : string
List of space separated push server node URLs (full path) to which the push redirector should connect.
http://app1.local:8080/nexj/push http://app2.local:8080/nexj/push
pushTimeout : nonNegativeLong
The time in ms after which the connection from client to push redirector will timeout and cause a heartbeat to be sent to the client. Default is 300000 (5 min).
Valid values based on“long”. | |
---|---|
0 (minInclusive) |
pushTrust : string
The push server SSL certificate that the push redirector should trust.
pushType : pushType
The type of Comet to use for push notifications. If the selected type isn't supported by the client web browser, polling is used.
Valid values based on“string”. | |
---|---|
streaming |
Uses "streaming" type Comet for notifications. |
long |
Uses "long polling" type Comet for notifications |
none |
The default push mode. Does not use the push server for notifications - periodic polling is used. |
pushUser : string
The user name with which the push redirector will authenticate with the push server node(s).
readAudit
Specifies the read auditing level. Supported levels are "access", "attributes", "values", and "none" (default).
none - Disable creation of read audit logs.
access - Record the user and time a record was accessed.
attributes - Record above plus a list of attributes that were accessed.
values - Record above plus each attribute's current value.
Valid values based on“string”. | |
---|---|
none | |
access | |
attributes | |
values |
rpcPrivilege : string
Privilege required for access to generic RPC protocols. If not set, the access is unrestricted and a validation warning is generated.
Generic RPC protocols are HTTP/soap, HTTP/text, HTTP/web, HTTP/xml and EJB. Generic RPC is used by all the clients except for the flat page client.
InternalManage
secureTransport : boolean
Use SSL for encrypted communication and server authentication.
sessionCookie : string
The session cookie name.
If using mod_jk the workers.properties must be updated to include the session_cookie directive. Reference: https://tomcat.apache.org/connectors-doc/reference/workers.htmlsessionTimeout : nonNegativeInt
Logon session timeout in minutes (0 is unlimited). With persistent sessions, it is the period of inactivity before the session is persisted.
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
soaURLRewritePattern : string
The URL rewrite pattern for outgoing SOA connections. For use together with soaURLRewriteReplacement.
Defaults to "".
E.g. ^(.*)://webserver.com/nexj(.*) to match webserver URLs going to the "nexj" cluster.
soaURLRewriteReplacement : string
The URL rewrite replacement for outgoing SOA connections. For use together with soaURLRewritePattern.
Defaults to "".
E.g. $1://localhost:8080/nexj$2 to direct requests to localhost to avoid a roundtrip to the webserver.
statPersistenceEnabled : boolean
Whether persisting of statistics is enabled.
statPersistenceTimeout : long
The amount of time in minutes that persisted statistics are kept before being deleted.
Very long timeouts may reduce the performance of the database instance hosting the "StatDatabase" database.statSamplingInterval : long
The frequency of sampling statistics in seconds.
Higher frequencies will have a negative impact on the performance of the application.stuckThreadThreshold : nonNegativeInt
Minimum duration in seconds after which a web request thread is considered stuck.
NexJ Model Server only. If set to 0, stuck thread detection is disabled. See org.apache.catalina.valves.StuckThreadDetectionValve.Valid values based on“int”. | |
---|---|
0 (minInclusive) |
test : boolean
Flag set to specify if the server may be used for testing.
transactionTimeout : nonNegativeInt
The default transaction timeout in seconds, 0 for infinite timeout.
Valid values based on“int”. | |
---|---|
0 (minInclusive) |
trust : string
The X.509 certificate, or signer's certificate thereof, for the remote system.
The CN from the certificate presented by the remote system is used as the user principal for which the invocation context will be created. This allows support of multiple external systems authenticating to an HTTP channel, mapped to different users based on the certificates they present. http://en.wikipedia.org/wiki/X.509type : serverType
Container type - Generic (Model Server) or WebSphere..
One of Generic (Model Server) or WebSphere.Valid values based on“string”. | |
---|---|
Generic |
NexJ Application Server NJAS (also known as TEEE). This server type is used for local execution, debugging and unit testing. |
JBoss |
JBoss Application Server www.jboss.com |
WebSphere |
IBM WebSphere Application Server www.ibm.com/websphere |
WebSphere 7 |
IBM WebSphere Application Server Version 7 www.ibm.com/websphere |
WebSphere 8 |
IBM WebSphere Application Server, Version 8 www.ibm.com/websphere |
updateAudit : boolean
True to enable attribute triggered audit logging for create, update and delete.
Determines whether create, update, and delete actions that users perform on objects are logged, for example, changing a contact name.user : string
Deployment administrator user name.
The ID that must be provided to the server before allowing metadata to be deployed.Sequence of:
ValidConnections [0..1]
Sequence of:
CipherKey [0..1]
Sequence of:
Mixins [0..1] - A collection of metadata repository references. The referenced repositories must have the "module" attribute set in their "Metadata" descriptor. In addition to the primary repository, these additional repositories will be loaded into the same server. This allows a highly-modularized application to be deployed in a compact form.
PKIKeyPairs [0..1]
Hosts [0..1]
Notes [0..1]