<web-app-default>
<prologue>
<!--
- Extension library for common jar files. The ext is safe
- even for non-classloader aware jars. The loaded classes
- will be loaded separately for each web-app, i.e. the class
- itself will be distinct.
-->
<class-loader>
<tree-loader path="${resin.root}/ext-webapp-lib"/>
</class-loader>
<!--
- Enable EL expressions in Servlet and Filter init-param
-->
<allow-servlet-el/>
</prologue>
<!--
- Sets timeout values for cacheable pages, e.g. static pages.
-->
<cache-mapping url-pattern="/" expires="5s"/>
<cache-mapping url-pattern="*.gif" expires="60s"/>
<cache-mapping url-pattern="*.jpg" expires="60s"/>
<cache-mapping url-pattern="*.png" expires="60s"/>
<!--
- for security, disable session URLs by default.
-->
<!--
- For security, set the HttpOnly flag in cookies.
- <cookie-http-only/>
-->
<!--
- Some JSP packages have incorrect .tld files. It's possible to
- set validate-taglib-schema to false to work around these packages.
-->
<servlet-mapping servlet-class='com.caucho.servlets.ResinStatusServlet'>
<url-pattern>/resin-status</url-pattern>
<init enable="read"/>
</servlet-mapping>
<security-constraint>
<web-resource-collection url-pattern="/resin-status/*"/>
<!--
<ip-constraint>
<allow>127.0.0.1/32</allow>
</ip-constraint>
-->
<auth-constraint role-name='admin' />
</security-constraint>
<authenticator type="com.caucho.server.security.XmlAuthenticator">
<init>
<user name='admin' password='admin!@#' roles='admin' />
<password-digest>none</password-digest>
</init>
</authenticator>
<jsp>
<validate-taglib-schema>true</validate-taglib-schema>
<fast-jstl>true</fast-jstl>
<fast-jsf>true</fast-jsf>
</jsp>
</web-app-default>