Skip to content

Commit

Permalink
PAYARA-2586 Added new different domain.xml files for embedded (#2720)
Browse files Browse the repository at this point in the history 
* PAYARA-2586 embedded-web now uses standard domain.xml

* PAYARA-2586 Added new domain.xml files for embedded distributions

* PAYARA-2586 Updated copyright
  • Loading branch information
@Cousjava @smillidge
Cousjava authored and smillidge committed May 16, 2018
1 parent bcd5a1c commit baa8a9f
Show file tree
Hide file tree
Showing 6 changed files with 657 additions and 264 deletions.
297 changes: 297 additions & 0 deletions appserver/extras/embedded/all/src/main/resources/config/domain.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,297 @@
<!--
DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
Copyright (c) 2012-2014 Oracle and/or its affiliates. All rights reserved.
The contents of this file are subject to the terms of either the GNU
General Public License Version 2 only ("GPL") or the Common Development
and Distribution License("CDDL") (collectively, the "License"). You
may not use this file except in compliance with the License. You can
obtain a copy of the License at
https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
or packager/legal/LICENSE.txt. See the License for the specific
language governing permissions and limitations under the License.
When distributing the software, include this License Header Notice in each
file and include the License file at packager/legal/LICENSE.txt.
GPL Classpath Exception:
Oracle designates this particular file as subject to the "Classpath"
exception as provided by Oracle in the GPL Version 2 section of the License
file that accompanied this code.
Modifications:
If applicable, add the following below the License Header, with the fields
enclosed by brackets [] replaced by your own identifying information:
"Portions Copyright [year] [name of copyright owner]"
Contributor(s):
If you wish your version of this file to be governed by only the CDDL or
only the GPL Version 2, indicate your decision by adding "[Contributor]
elects to include this software in this distribution under the [CDDL or GPL
Version 2] license." If you don't indicate a single choice of license, a
recipient has the option to distribute your version of this file under
either the CDDL, the GPL Version 2 or to extend the choice of license to
its licensees as provided above. However, if you add GPL Version 2 code
and therefore, elected the GPL Version 2 license, then the option applies
only if the new code is made subject to such option by the copyright
holder.
-->

<!-- Portions Copyright [2017-2018] [Payara Foundation and/or its affiliates] -->

<domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="10.0">
<hazelcast-runtime-configuration></hazelcast-runtime-configuration>
<security-configurations>
<authentication-service default="true" name="adminAuth" use-password-credential="true">
<security-provider name="spcrealm" type="LoginModule" provider-name="adminSpc">
<login-module-config name="adminSpecialLM" control-flag="sufficient" module-class="com.sun.enterprise.admin.util.AdminLoginModule">
<property name="config" value="server-config"></property>
<property name="auth-realm" value="admin-realm"></property>
</login-module-config>
</security-provider>
<security-provider name="filerealm" type="LoginModule" provider-name="adminFile">
<login-module-config name="adminFileLM" control-flag="sufficient" module-class="com.sun.enterprise.security.auth.login.FileLoginModule">
<property name="config" value="server-config"></property>
<property name="auth-realm" value="admin-realm"></property>
</login-module-config>
</security-provider>
</authentication-service>
<authorization-service default="true" name="authorizationService">
<security-provider name="simpleAuthorization" type="Simple" provider-name="simpleAuthorizationProvider">
<authorization-provider-config support-policy-deploy="false" name="simpleAuthorizationProviderConfig"></authorization-provider-config>
</security-provider>
</authorization-service>
</security-configurations>
<system-applications />
<resources>
<jdbc-resource pool-name="__TimerPool" jndi-name="jdbc/__TimerPool" object-type="system-all" />
<jdbc-resource pool-name="DerbyPool" jndi-name="jdbc/__derby" object-type="system-all" />
<jdbc-resource pool-name="H2Pool" jndi-name="jdbc/__default" object-type="system-all" />
<jdbc-connection-pool name="__TimerPool" datasource-classname="org.apache.derby.jdbc.EmbeddedXADataSource" res-type="javax.sql.XADataSource">
<property value="${com.sun.aas.instanceRoot}/lib/databases/ejbtimer" name="databaseName" />
<property value=";create=true" name="connectionAttributes" />
</jdbc-connection-pool>
<jdbc-connection-pool is-isolation-level-guaranteed="false" name="DerbyPool" datasource-classname="org.apache.derby.jdbc.ClientDataSource" res-type="javax.sql.DataSource">
<property value="1527" name="PortNumber" />
<property value="APP" name="Password" />
<property value="APP" name="User" />
<property value="localhost" name="serverName" />
<property value="sun-appserv-samples" name="DatabaseName" />
<property value=";create=true" name="connectionAttributes" />
</jdbc-connection-pool>
<jdbc-connection-pool is-isolation-level-guaranteed="false" name="H2Pool" datasource-classname="org.h2.jdbcx.JdbcDataSource" res-type="javax.sql.DataSource">
<property name="URL" value="jdbc:h2:${com.sun.aas.instanceRoot}/lib/databases/embedded_default;AUTO_SERVER=TRUE" />
</jdbc-connection-pool>
</resources>
<servers>
<server name="server" config-ref="server-config">
<resource-ref ref="jdbc/__TimerPool" />
<resource-ref ref="jdbc/__default" />
<resource-ref ref="jdbc/__derby" />
</server>
</servers>
<nodes>
<node name="localhost-domain1" type="CONFIG" node-host="localhost" install-dir="${com.sun.aas.productRoot}"/>
</nodes>
<configs>
<config name="server-config">
<system-property name="JMS_PROVIDER_PORT" value="7676" description="Port Number that JMS Service will listen for remote clients connection." />
<payara-executor-service-configuration/>
<http-service>
<access-log/>
<virtual-server id="server" network-listeners="http-listener-1,http-listener-2"/>
<virtual-server id="__asadmin" network-listeners="admin-listener"/>
</http-service>
<iiop-service>
<orb use-thread-pool-ids="thread-pool-1" />
<iiop-listener address="0.0.0.0" port="3700" id="orb-listener-1" lazy-init="true"/>
<ssl ssl3-enabled="false" />
<iiop-listener security-enabled="true" address="0.0.0.0" port="3820" id="SSL">
<ssl ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" />
</iiop-listener>
<iiop-listener security-enabled="true" address="0.0.0.0" port="3920" id="SSL_MUTUALAUTH">
<ssl ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true" />
</iiop-listener>
</iiop-service>
<admin-service auth-realm-name="admin-realm" type="das-and-server" system-jmx-connector-name="system">
<jmx-connector auth-realm-name="admin-realm" security-enabled="false" address="0.0.0.0" port="8686" name="system" />
<property value="/admin" name="adminConsoleContextRoot" />
<property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
<property value="${com.sun.aas.installRoot}/.." name="ipsRoot" />
</admin-service>
<connector-service shutdown-timeout-in-seconds="30">
</connector-service>
<transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" />
<asadmin-recorder-configuration></asadmin-recorder-configuration>
<request-tracing-service-configuration>
<log-notifier></log-notifier>
</request-tracing-service-configuration>
<notification-service-configuration enabled="true">
<log-notifier-configuration enabled="true"></log-notifier-configuration>
</notification-service-configuration>
<hazelcast-config-specific-configuration></hazelcast-config-specific-configuration>
<monitoring-service-configuration></monitoring-service-configuration>
<microprofile-metrics-configuration></microprofile-metrics-configuration>
<diagnostic-service />
<security-service>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property value="${com.sun.aas.instanceRoot}/config/admin-keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property value="${com.sun.aas.instanceRoot}/config/keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
<property value="false" name="auditOn" />
</audit-module>
<message-security-config auth-layer="SOAP">
<provider-config provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
<provider-config provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
</message-security-config>
<message-security-config auth-layer="HttpServlet">
<provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule">
<request-policy auth-source="sender"></request-policy>
<response-policy></response-policy>
<property name="loginPage" value="/login.jsf"></property>
<property name="loginErrorPage" value="/loginError.jsf"></property>
</provider-config>
</message-security-config>
<property value="SHA-256" name="default-digest-algorithm" />
</security-service>
<java-config classpath-suffix="" system-classpath="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9009">
<jvm-options>-client</jvm-options>
<jvm-options>-Xbootclasspath/p:${com.sun.aas.installRoot}/lib/grizzly-npn-bootstrap.jar</jvm-options>
<jvm-options>-Djava.awt.headless=true</jvm-options>
<jvm-options>-Djdk.corba.allowOutputStreamSubclass=true</jvm-options>
<jvm-options>-Djavax.xml.accessExternalSchema=all</jvm-options>
<jvm-options>-Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder</jvm-options>
<jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
<jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
<jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
<jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
<jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
<jvm-options>-Xmx512m</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
<jvm-options>-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext</jvm-options>
<jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options>
<jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
<jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options>
<!-- Configure post startup bundle list here. This is a comma separated list of bundle sybolic names. -->
<jvm-options>-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall</jvm-options>
<!-- Configuration of various third-party OSGi bundles like
Felix Remote Shell, FileInstall, etc. -->
<!-- Port on which remote shell listens for connections.-->
<jvm-options>-Dosgi.shell.telnet.port=6666</jvm-options>
<!-- How many concurrent users can connect to this remote shell -->
<jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
<!-- From which hosts users can connect -->
<jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
<!-- Gogo shell configuration -->
<jvm-options>-Dgosh.args=--nointeractive</jvm-options>
<!-- Directory being watched by fileinstall. -->
<jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
<!-- Time period fileinstaller thread in ms. -->
<jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
<!-- log level: 1 for error, 2 for warning, 3 for info and 4 for debug. -->
<jvm-options>-Dfelix.fileinstall.log.level=2</jvm-options>
<!-- should new bundles be started or installed only?
true => start, false => only install
-->
<jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
<!-- should watched bundles be started transiently or persistently -->
<jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options>
<!-- Should changes to configuration be saved in corresponding cfg file? false: no, true: yes
If we don't set false, everytime server starts from clean osgi cache, the file gets rewritten.
-->
<jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options>
<!-- End of OSGi bundle configurations -->
<jvm-options>-XX:NewRatio=2</jvm-options>
<!-- Woodstox property needed to pass StAX TCK -->
<jvm-options>-Dcom.ctc.wstx.returnNullForDefaultNamespace=true</jvm-options>
<jvm-options>-Djdk.tls.rejectClientInitiatedRenegotiation=true</jvm-options>
<jvm-options>-Dorg.jboss.weld.serialization.beanIdentifierIndexOptimization=false</jvm-options>
<jvm-options>-Dorg.glassfish.grizzly.DEFAULT_MEMORY_MANAGER=org.glassfish.grizzly.memory.HeapMemoryManager</jvm-options>
<jvm-options>-Dorg.glassfish.grizzly.nio.DefaultSelectorHandler.force-selector-spin-detection=true</jvm-options>
</java-config>
<network-config>
<protocols>
<protocol name="http-listener">
<http default-virtual-server="server" max-connections="250">
<file-cache enabled="false"></file-cache>
</http>
<ssl ssl3-enabled="false" />
</protocol>
<protocol security-enabled="true" name="https-listener">
<http default-virtual-server="server" max-connections="250">
<file-cache enabled="false"></file-cache>
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as"></ssl>
</protocol>
<protocol name="admin-listener">
<http default-virtual-server="__asadmin" max-connections="250" encoded-slash-enabled="true" >
<file-cache enabled="false"></file-cache>
</http>
</protocol>
</protocols>
<network-listeners>
<network-listener port="8080" protocol="http-listener" transport="tcp" name="http-listener" thread-pool="http-thread-pool"></network-listener>
<network-listener port="8181" protocol="https-listener" transport="tcp" name="https-listener" thread-pool="http-thread-pool"></network-listener>
<network-listener port="4848" protocol="admin-listener" transport="tcp" name="admin-listener" thread-pool="admin-thread-pool"></network-listener>
</network-listeners>
<transports>
<transport name="tcp"></transport>
</transports>
</network-config>
<thread-pools>
<thread-pool name="admin-thread-pool" max-thread-pool-size="15" min-thread-pool-size="1" max-queue-size="256"></thread-pool>
<thread-pool name="http-thread-pool" max-queue-size="4096"></thread-pool>
<thread-pool name="thread-pool-1" max-thread-pool-size="200"/>
</thread-pools>
</config>
</configs>
<property name="administrative.domain.name" value="domain1"/>
<secure-admin special-admin-indicator="8a6fe012-6608-450d-b747-e9316405ad14">
<secure-admin-principal dn="CN=localhost,OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK"></secure-admin-principal>
<secure-admin-principal dn="CN=localhost-instance,OU=Payara,O=Payara Foundation,L=Great Malvern,ST=Worcestershire,C=UK"></secure-admin-principal>
</secure-admin>
</domain>
Loading

0 comments on commit baa8a9f

Please sign in to comment.