The auth-constraint element indicates the user roles that shouldbe permitted access to this resource collection. The role-nameused here must either correspond to the role-name of one of thesecurity-role elements defined for this web application, or bethe specially reserved role-name "*" that is a compact syntax forindicating all roles in the web application. If both "*" androlenames appear, the container interprets this as all roles.If no roles are defined, no user is allowed access to the portion ofthe web application described by the containing security-constraint.The container matches role names case sensitively when determiningaccess.
The ID mechanism is to allow tools that produce additional deploymentinformation (i.e., information beyond the standard deploymentdescriptor information) to store the non-standard information in aseparate file, and easily refer from these tool-specific files to theinformation in the standard deployment descriptor.Tools are not allowed to add the non-standard information into thestandard deployment descriptor.
The auth-method element is used to configure the authenticationmechanism for the web application. As a prerequisite to gaining access to any web resources which are protected by an authorizationconstraint, a user must have authenticated using the configuredmechanism. Legal values for this element are "BASIC", "DIGEST","FORM", or "CLIENT-CERT".
The description element is used to provide text describing the parentelement. The description element should include any information thatthe web application war file producer wants to provide to the consumer ofthe web application war file (i.e., to the Deployer). Typically, the toolsused by the web application war file consumer will display the descriptionwhen processing the parent element that contains the description.
The distributable element, by its presence in a web applicationdeployment descriptor, indicates that this web application isprogrammed appropriately to be deployed into a distributed servletcontainer
The ejb-link element is used in the ejb-ref or ejb-local-refelements to specify that an EJB reference is linked to anenterprise bean.The name in the ejb-link element is composed of apath name specifying the ejb-jar containing the referenced enterprisebean with the ejb-name of the target bean appended and separated fromthe path name by "#". The path name is relative to the war filecontaining the web application that is referencing the enterprise bean.This allows multiple enterprise beans with the same ejb-name to beuniquely identified.
Used in: ejb-local-ref, ejb-refExamples:<ejb-link>EmployeeRecord</ejb-link><ejb-link>../products/product.jar#ProductEJB</ejb-link>
The ejb-local-ref element is used for the declaration of a reference toan enterprise bean's local home. The declaration consists of:- an optional description- the EJB reference name used in the code of the web application that's referencing the enterprise bean- the expected type of the referenced enterprise bean- the expected local home and local interfaces of the referenced enterprise bean- optional ejb-link information, used to specify the referenced enterprise bean
The ejb-ref element is used for the declaration of a reference toan enterprise bean's home. The declaration consists of:- an optional description- the EJB reference name used in the code of the web application that's referencing the enterprise bean- the expected type of the referenced enterprise bean- the expected home and remote interfaces of the referenced enterprise bean- optional ejb-link information, used to specify the referenced enterprise bean
The ejb-ref-name element contains the name of an EJB reference. TheEJB reference is an entry in the web application's environment and isrelative to the java:comp/env context. The name must be uniquewithin the web application.It is recommended that name is prefixed with "ejb/".
The ejb-ref-type element contains the expected type of thereferenced enterprise bean.The ejb-ref-type element must be one of the following:<ejb-ref-type>Entity</ejb-ref-type><ejb-ref-type>Session</ejb-ref-type>
The env-entry element contains the declaration of a web application'senvironment entry. The declaration consists of an optionaldescription, the name of the environment entry, and an optionalvalue. If a value is not specified, one must be suppliedduring deployment.
The env-entry-name element contains the name of a web applications'senvironment entry. The name is a JNDI name relative to thejava:comp/env context. The name must be unique within a web application.
The env-entry-type element contains the fully-qualified Java type ofthe environment entry value that is expected by the web application'scode.The following are the legal values of env-entry-type:java.lang.Booleanjava.lang.Bytejava.lang.Characterjava.lang.Stringjava.lang.Shortjava.lang.Integerjava.lang.Longjava.lang.Floatjava.lang.Double
The env-entry-value element contains the value of a web application'senvironment entry. The value must be a String that is valid for theconstructor of the specified type that takes a single Stringparameter, or for java.lang.Character, a single character.
Declares a filter in the web application. The filter is mapped toeither a servlet or a URL pattern in the filter-mapping element, usingthe filter-name value to reference. Filters can access theinitialization parameters declared in the deployment descriptor atruntime via the FilterConfig interface.
Declaration of the filter mappings in this web application. Thecontainer uses the filter-mapping declarations to decide which filtersto apply to a request, and in what order. The container matches therequest URI to a Servlet in the normal way. To determine which filtersto apply it matches filter-mapping declarations either on servlet-name,or on url-pattern for each filter-mapping element, depending on whichstyle is used. The order in which filters are invoked is the order inwhich filter-mapping declarations that match a request URI for aservlet appear in the list of filter-mapping elements.The filter-namevalue must be the value of the <filter-name> sub-elements of one of the<filter> declarations in the deployment descriptor.
The form-error-page element defines the location in the web appwhere the error page that is displayed when login is not successfulcan be found. The path begins with a leading / and is interpretedrelative to the root of the WAR.
The form-login-config element specifies the login and error pagesthat should be used in form based login. If form based authenticationis not used, these elements are ignored.
The form-login-page element defines the location in the web appwhere the page that can be used for login can be found. The pathbegins with a leading / and is interpreted relative to the root of the WAR.
The icon element contains small-icon and large-icon elements thatspecify the file names for small and a large GIF or JPEG icon imagesused to represent the parent element in a GUI tool.
The large-icon element contains the name of a filecontaining a large (32 x 32) icon image. The filename is a relative path within the web application'swar file.The image may be either in the JPEG or GIF format.The icon can be used by tools.
The listener-class element declares a class in the application must beregistered as a web application listener bean. The value is the fully qualified classname of the listener class.
The load-on-startup element indicates that this servlet should beloaded (instantiated and have its init() called) on the startupof the web application. The optional contents ofthese element must be an integer indicating the order in whichthe servlet should be loaded. If the value is a negative integer,or the element is not present, the container is free to load theservlet whenever it chooses. If the value is a positive integeror 0, the container must load and initialize the servlet as theapplication is deployed. The container must guarantee thatservlets marked with lower integers are loaded before servletsmarked with higher integers. The container may choose the orderof loading of servlets with the same load-on-start-up value.
The location element contains the location of the resource in the webapplication relative to the root of the web application. The value ofthe location must have a leading `/'.
The login-config element is used to configure the authenticationmethod that should be used, the realm name that should be used forthis application, and the attributes that are needed by the form loginmechanism.
The res-auth element specifies whether the web application code signson programmatically to the resource manager, or whether the Containerwill sign on to the resource manager on behalf of the web application. In thelatter case, the Container uses information that is supplied by theDeployer.The value of this element must be one of the two following:<res-auth>Application</res-auth><res-auth>Container</res-auth>
The res-ref-name element specifies the name of a resource managerconnection factory reference. The name is a JNDI name relative to thejava:comp/env context. The name must be unique within a web application.
The res-sharing-scope element specifies whether connections obtainedthrough the given resource manager connection factory reference can beshared. The value of this element, if specified, must be one of thetwo following:<res-sharing-scope>Shareable</res-sharing-scope><res-sharing-scope>Unshareable</res-sharing-scope>The default value is Shareable.
The res-type element specifies the type of the data source. The typeis specified by the fully qualified Java language class or interfaceexpected to be implemented by the data source.
The resource-env-ref element contains a declaration of a web application'sreference to an administered object associated with a resourcein the web application's environment. It consists of an optionaldescription, the resource environment reference name, and anindication of the resource environment reference type expected bythe web application code.
The resource-env-ref-name element specifies the name of a resourceenvironment reference; its value is the environment entry name used inthe web application code. The name is a JNDI name relative to thejava:comp/env context and must be unique within a web application.
The resource-env-ref-type element specifies the type of a resourceenvironment reference. It is the fully qualified name of a Javalanguage class or interface.
The resource-ref element contains a declaration of a web application'sreference to an external resource. It consists of an optionaldescription, the resource manager connection factory reference name,the indication of the resource manager connection factory typeexpected by the web application code, the type of authentication(Application or Container), and an optional specification of theshareability of connections obtained from the resource (Shareable orUnshareable).
The role-link element is a reference to a defined security role. Therole-link element must contain the name of one of the security rolesdefined in the security-role elements.
The run-as element specifies the run-as identity to be used for theexecution of the web application. It contains an optional description, andthe name of a security role.
The security-role element contains the definition of a securityrole. The definition consists of an optional description of thesecurity role, and the security role name.
Used in: web-app
Example:
<security-role><description> This role includes all employees who are authorized to access the employee service application.</description><role-name>employee</role-name> </security-role>
The security-role-ref element contains the declaration of a securityrole reference in the web application's code. The declaration consistsof an optional description, the security role name used in the code,and an optional link to a security role. If the security role is notspecified, the Deployer must choose an appropriate security role.The value of the role-name element must be the String used as theparameter to the EJBContext.isCallerInRole(String roleName) methodor the HttpServletRequest.isUserInRole(String role) method.
The servlet element contains the declarative data of aservlet. If a jsp-file is specified and the load-on-startup element ispresent, then the JSP should be precompiled and loaded.
The session-timeout element defines the default session timeoutinterval for all sessions created in this web application. Thespecified timeout must be expressed in a whole number of minutes.If the timeout is 0 or less, the container ensures the defaultbehaviour of sessions is never to time out.
The small-icon element contains the name of a filecontaining a small (16 x 16) icon image. The filename is a relative path within the web application'swar file.The image may be either in the JPEG or GIF format.The icon can be used by tools.
the taglib-location element contains the location (as a resourcerelative to the root of the web application) where to find the TagLibary Description file for the tag library.
The transport-guarantee element specifies that the communicationbetween client and server should be NONE, INTEGRAL, orCONFIDENTIAL. NONE means that the application does not require anytransport guarantees. A value of INTEGRAL means that the applicationrequires that the data sent between the client and server be sent insuch a way that it can't be changed in transit. CONFIDENTIAL meansthat the application requires that the data be transmitted in afashion that prevents other entities from observing the contents ofthe transmission. In most cases, the presence of the INTEGRAL orCONFIDENTIAL flag will indicate that the use of SSL is required.
The web-resource-collection element is used to identify a subsetof the resources and HTTP methods on those resources within a webapplication to which a security constraint applies. If no HTTP methodsare specified, then the security constraint applies to all HTTPmethods.