GlassFish主配置文件domain.xml介绍

最新推荐文章于 2022-03-30 14:22:28 发布

庚庚911

最新推荐文章于 2022-03-30 14:22:28 发布

阅读量1.7k

点赞数

分类专栏： glassfish

本文链接：https://blog.csdn.net/yetugeng/article/details/105725201

版权

本文详细介绍了GlassFish服务器的主配置文件domain.xml，包括Admin Console、Default domain.xml和MyAPP domain.xml的各个配置部分，如security-configurations、system-applications、resources、servers等，帮助读者理解GlassFish的配置结构和工作原理。

摘要由CSDN通过智能技术生成

刚开始接触GlassFish时，觉得它好麻烦，配置也复杂，WEB管理端内容也繁多，其实还是自己对Java相关知识不了，再熟悉了这些之后，现在回头来看看，其实GlassFish的配置文件也是挺简单的。

推荐先去看看官方文档《GlassFish Server 4.0 Documentation》，英文版的。由于GlassFish的资料很少，中文版的更少，所以还是老老实实去看英文的官方文档吧。本文基于GlassFish 4.0来讲解。

首先创建一个域

[root@backup domains]# ../bin/asadmin -W password.txt -u admin  create-domain G098_Domain
Using default port 4848 for Admin.
Using default port 8080 for HTTP Instance.
Using default port 7676 for JMS.
Using default port 3700 for IIOP.
Using default port 8181 for HTTP_SSL.
Using default port 3820 for IIOP_SSL.
Using default port 3920 for IIOP_MUTUALAUTH.
Using default port 8686 for JMX_ADMIN.
Using default port 6666 for OSGI_SHELL.
Using default port 9009 for JAVA_DEBUGGER.
Distinguished Name of the self-signed X.509 Server Certificate is:
[CN=backup,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US]
Distinguished Name of the self-signed X.509 Server Certificate is:
[CN=backup-instance,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US]
Domain G098_Domain created.
Domain G098_Domain admin port is 4848.
Domain G098_Domain admin user is "admin".
Command create-domain executed successfully.

上面显示的是一些默认参数。

1 Admin Console

在web管理端查看GlassFish的主要内容有如下一些：

展开的内容比较多，我们就看看一二级内容

上面的这些内容，在《GlassFish Server Open Source Edition Administration Guide Release 4.0》官方文档里都有详细介绍，看过之后，再看看这些就十分清晰了。

2 Default domain.xml

此时的配置文件domain.xml还都是默认值，完整的domain.xml见附录A。

对附录A的domain.xml进行折叠之后显示如下：

<domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="10.0">

    <!-- 1.1 -->
    <security-configurations>
    ...
    </security-configurations>
    
    <!-- 1.2 -->
    <system-applications />
    
    <!-- 1.3 -->
    <resources>
    ...
    </resources>

    <!-- 1.4 -->
    <servers>
    ...
    </servers>

    <!-- 1.5 -->
    <nodes>
    ...
    </nodes>
    
    <!-- 1.6 -->
    <configs>
        <config name="server-config">
        ...
        </config>
        <config name="default-config" dynamic-reconfiguration-enabled="true" >
        ...
        </config>
    </configs>

    <!-- 1.7 -->
    <property name="administrative.domain.name" value="G098_Domain"/>
    
    <!-- 1.8 -->
    <secure-admin special-admin-indicator="9652ef41-72c9-4e23-8284-d643fd692bc9">
    ...
    </secure-admin>

</domain>

2.1 security-configurations

security-configurations 主要保存的是安全相关的配置，对应图1中

这里有两个authentication-service，第一个authentication-service是admin用户认证的adminAuth，第二个应该是通用的认证服务authorizationService。

第一个authentication-service又分为两个security-provider，除了name和module-class不一样，其他都相同，即这里通过两个Java类来提供了两种安全认证：adminSpecialLM和adminFileLM。

<security-configurations>

    <authentication-service default="true" name="adminAuth" use-password-credential="true">

        <security-provider name="spcrealm" type="LoginModule" provider-name="adminSpc">
            <login-module-config name="adminSpecialLM" control-flag="sufficient" module-class="com.sun.enterprise.admin.util.AdminLoginModule">
                <property name="config" value="server-config"></property>
                <property name="auth-realm" value="admin-realm"></property>
            </login-module-config>
        </security-provider>

        <security-provider name="filerealm" type="LoginModule" provider-name="adminFile">
            <login-module-config name="adminFileLM" control-flag="sufficient" module-class="com.sun.enterprise.security.auth.login.FileLoginModule">
                <property name="config" value="server-config"></property>
                <property name="auth-realm" value="admin-realm"></property>
            </login-module-config>
        </security-provider>

    </authentication-service>

    <authorization-service default="true" name="authorizationService">
        <security-provider name="simpleAuthorization" type="Simple" provider-name="simpleAuthorizationProvider">
            <authorization-provider-config support-policy-deploy="false" name="simpleAuthorizationProviderConfig"></authorization-provider-config>
        </security-provider>
    </authorization-service>

</security-configurations>

2.2 system-applications

<system-applications />

在未发布应用之前，此类元素为空。

2.3 resources

<resources>
    <jdbc-resource pool-name="__TimerPool" jndi-name="jdbc/__TimerPool" object-type="system-admin" />
    <jdbc-resource pool-name="DerbyPool" jndi-name="jdbc/__default" object-type="system-all" />

    <jdbc-connection-pool name="__TimerPool" datasource-classname="org.apache.derby.jdbc.EmbeddedXADataSource" res-type="javax.sql.XADataSource">
        <property value="${com.sun.aas.instanceRoot}/lib/databases/ejbtimer" name="databaseName" />
        <property value=";create=true" name="connectionAttributes" />
    </jdbc-connection-pool>
    <jdbc-connection-pool is-isolation-level-guaranteed="false" name="DerbyPool" datasource-classname="org.apache.derby.jdbc.ClientDataSource" res-type="javax.sql.DataSource">
        <property value="1527" name="PortNumber" />
        <property value="APP" name="Password" />
        <property value="APP" name="User" />
        <property value="localhost" name="serverName" />
        <property value="sun-appserv-samples" name="DatabaseName" />
        <property value=";create=true" name="connectionAttributes" />
    </jdbc-connection-pool>
</resources>

有两个jdbc资源：__TimerPool和DerbyPool。

对应的还有两个jdbc连接池：__TimerPool和DerbyPool。

这两个默认的jdbc资源我们一般都没有用，后面在我的测试环境下会用到我们自己创建的jdbc。

2.4 servers

<servers>
    <server name="server" config-ref="server-config">
        <resource-ref ref="jdbc/__TimerPool" />
        <resource-ref ref="jdbc/__default" />
    </server>
</servers>

当我们创建一个域时，默认会创建一个名为server的服务器，其引用的配置文件为server-config，后面的第2.6节将会介绍到。

这里的server有两个资源引用，即2.3节讲到的两个默认的jdbc资源。

2.5 nodes

<nodes>
    <node name="localhost-G098_Domain" type="CONFIG" node-host="localhost" install-dir="${com.sun.aas.productRoot}"/>
</nodes>

我们是在单node环境下，所以只有一个名为localhost-G098_Domain(主机名+域名)的node，还指定了其安装目录。

2.6 configs

configs下有两个config，分别为server-config和default-config。

server-config对应2.4节说到的server服务器，这就是它的配置内容。

另外需要说的是，每个GlassFish默认会有一个__asadmin服务器，这个admin服务器就是我们登陆4848这个web页面所使用的，是用来其他domain的，所以这个__asadmin服务器的配置文件内容就在default-config部分。

2.6.1 server-config

完整内容参见附录A，我们折叠一下，主要包含了几种服务，配置和线程池。

<config name="server-config">
    ...
    <!-- 属性 -->
    <system-property name="JMS_PROVIDER_PORT" value="7676" description="Port Number that JMS Service will listen for remote clients connection." />

    <!-- 服务 -->
    <http-service>
        ...
    </http-service>

    <iiop-service>
        ...
    </iiop-service>

    <admin-service auth-realm-name="admin-realm" type="das-and-server" system-jmx-connector-name="system">
        ...
    </admin-service>

    <connector-service shutdown-timeout-in-seconds="30"></connector-service>


    <transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" />

    <diagnostic-service />

    <security-service>
        ...
    </security-service>

    <!-- 配置 -->
    <java-config classpath-suffix="" system-classpath="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9009">
        ...
    </java-config>

    <network-config>
        ...
    </network-config>

    <!-- 线程池 -->
    <thread-pools>
        ...
    </thread-pools>

</config>

2.6.1.1 system-property

<system-property name="JMS_PROVIDER_PORT" value="7676" description="Port Number that JMS Service will listen for remote clients connection." />

系统属性，这里显示的是JMS的端口和描述。

2.6.1.2 http-service

<http-service>
    <access-log/>
    <virtual-server id="server" network-listeners="http-listener-1,http-listener-2"/>
    <virtual-server id="__asadmin" network-listeners="admin-listener"/>
</http-service>

包含访问日志(空)和虚拟服务器server和__asasdmin的网络监听。

2.6.1.3 iiop-service

<iiop-service>
    <orb use-thread-pool-ids="thread-pool-1" />
    <iiop-listener address="0.0.0.0" port="3700" id="orb-listener-1" lazy-init="true"/>
    <iiop-listener security-enabled="true" address="0.0.0.0" port="3820" id="SSL">
        <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" />
    </iiop-listener>
    <iiop-listener security-enabled="true" address="0.0.0.0" port="3920" id="SSL_MUTUALAUTH">
        <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true" />
    </iiop-listener>
</iiop-service>

使用线程池 thread-pool-1，监听3700和两个启用了SSL的3820，3920端口。

2.6.1.4 admin-service

<admin-service auth-realm-name="admin-realm" type="das-and-server" system-jmx-connector-name="system">
    <jmx-connector auth-realm-name="admin-realm" security-enabled="false" address="0.0.0.0" port="8686" name="system" />
    <property value="/admin" name="adminConsoleContextRoot" />
    <property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
    <property value="${com.sun.aas.installRoot}/.." name="ipsRoot" />
</admin-service>

配置了jmx监听8686，以及一些其他属性。

2.6.1.5 connector-service

<connector-service shutdown-timeout-in-seconds="30"></connector-service>

就只有一个关闭超时配置。

2.6.1.6 transaction-service

<transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" />

事务的日志路径。（启用了事务才有日志）

2.6.1.7 diagnostic-service

<diagnostic-service />

诊断服务为空。

2.6.1.8 security-service

<security-service>
    <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
        ...
    <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
        ...
    <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />

    <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
        ...
    <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />

    <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
        ...
        
    <message-security-config auth-layer="SOAP">
        ...
    <message-security-config auth-layer="HttpServlet">
        ...
    <property value="SHA-256" name="default-digest-algorithm" />
</security-service>

详细展示如后面

2.6.1.8.1 auth-realm

<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
    <property value="${com.sun.aas.instanceRoot}/config/admin-keyfile" name="file" />
    <property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
    <property value="${com.sun.aas.instanceRoot}/config/keyfile" name="file" />
    <property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />

安全服务配置了三个安全领域(auth-realm):admin-realm,file,certificate.

其中admin-realm的认证文件为config/admin-keyfile，file的认证文件为config/keyfile，而certificate应该是使用证书吧？

2.6.1.8.2 jacc-provider

<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
    <property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />

接着是两个jacc-provider：default和simple。

2.6.1.8.3 audit-module

<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
    <property value="false" name="auditOn" />
</audit-module>

然后是一个audit-module审计模块，默认关闭。

2.6.1.8.4 message-security-config

<message-security-config auth-layer="SOAP">
    <provider-config provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
        <request-policy auth-source="content" />
        <response-policy auth-source="content" />
        <property value="s1as" name="encryption.key.alias" />
        <property value="s1as" name="signature.key.alias" />
        <property value="false" name="dynamic.username.password" />
        <property value="false" name="debug" />
    </provider-config>
    <provider-config provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
        <request-policy auth-source="content" />
        <response-policy auth-source="content" />
        <property value="s1as" name="encryption.key.alias" />
        <property value="s1as" name="signature.key.alias" />
        <property value="false" name="dynamic.username.password" />
        <property value="false" name="debug" />
        <property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
    </provider-config>
    <provider-config provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
        <request-policy auth-source="content" />
        <response-policy auth-source="content" />
        <property value="s1as" name="encryption.key.alias" />
        <property value="s1as" name="signature.key.alias" />
        <property value="false" name="debug" />
    </provider-config>
    <provider-config provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
        <request-policy auth-source="content" />
        <response-policy auth-source="content" />
        <property value="s1as" name="encryption.key.alias" />
        <property value="s1as" name="signature.key.alias" />
        <property value="false" name="debug" />
        <property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
    </provider-config>
</message-security-config>

<message-security-config auth-layer="HttpServlet">
    <provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule">
        <request-policy auth-source="sender"></request-policy>
        <response-policy></response-policy>
        <property name="loginPage" value="/login.jsf"></property>
        <property name="loginErrorPage" value="/loginError.jsf"></property>
    </provider-config>
</message-security-config>

再然后是两个message-security-config，分别在SOAP层和HttpServlet层进行认证。SOAP提供的是client类型认证，而HttpServlet提供的是server类型认证。

2.6.1.8.5 property

<property value="SHA-256" name="default-digest-algorithm" />

最后是一个默认加密算法SHA-256。

2.6.1.9 java-config

<java-config classpath-suffix="" system-classpath="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=9009">
    <jvm-options>-XX:MaxPermSize=192m</jvm-options>
    <jvm-options>-client</jvm-options>
    <jvm-options>-Djava.awt.headless=true</jvm-options>
    <jvm-options>-Djdk.corba.allowOutputStreamSubclass=true</jvm-options>
    <jvm-options>-Djavax.xml.accessExternalSchema=all</jvm-options>
    <jvm-options>-Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder</jvm-options>
    <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
    <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
    <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
    <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
    <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
    <jvm-options>-Xmx512m</jvm-options>
    <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
    <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
    <jvm-options>-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext</jvm-options>
    <jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options>
    <jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
    <jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options>
    <!-- Configure post startup bundle list here. This is a comma separated list of bundle sybolic names. -->
    <jvm-options>-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall</jvm-options>
    <!-- Configuration of various third-party OSGi bundles like Felix Remote Shell, FileInstall, etc. -->
    <!-- Port on which remote shell listens for connections.-->
    <jvm-options>-Dosgi.shell.telnet.port=6666</jvm-options>
    <!-- How many concurrent users can connect to this remote shell -->
    <jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
    <!-- From which hosts users can connect -->
    <jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
    <!-- Gogo shell configuration -->
    <jvm-options>-Dgosh.args=--nointeractive</jvm-options>
    <!-- Directory being watched by fileinstall. -->
    <jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
    <!-- Time period fileinstaller thread in ms. -->
    <jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
    <!-- log level: 1 for error, 2 for warning, 3 for info and 4 for debug. -->
    <jvm-options>-Dfelix.fileinstall.log.level=2</jvm-options>
    <!-- should new bundles be started or installed only? 
    true => start, false => only install 
    -->
    <jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
    <!-- should watched bundles be started transiently or persistently -->
    <jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options>
    <!-- Should changes to configuration be saved in corresponding cfg file? false: no, true: yes
    If we don't set false, everytime server starts from clean osgi cache, the file gets rewritten.
    -->
    <jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options>
    <!-- End of OSGi bundle configurations -->
    <jvm-options>-XX:NewRatio=2</jvm-options>
    <!-- Woodstox property needed to pass StAX TCK -->
    <jvm-options>-Dcom.ctc.wstx.returnNullForDefaultNamespace=true</jvm-options>
</java-config>

debug端口9009，以及一些JVM相关的参数。发布的应用就是运行在这些参数下的JVM中。

2.6.1.10 network-config

<network-config>
    <protocols>
        <protocol name="http-listener-1">
            <http default-virtual-server="server" max-connections="250">
                <file-cache enabled="false"></file-cache>
            </http>
        </protocol>
        <protocol security-enabled="true" name="http-listener-2">
            <http default-virtual-server="server" max-connections="250">
                <file-cache enabled="false"></file-cache>
            </http>
            <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as"></ssl>
        </protocol>
        <protocol name="admin-listener">
            <http default-virtual-server="__asadmin" max-connections="250" encoded-slash-enabled="true" >
                <file-cache enabled="false"></file-cache>
            </http>
        </protocol>
    </protocols>
    <network-listeners>
        <network-listener port="8080" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool"></network-listener>
        <network-listener port="8181" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool"></network-listener>
        <network-listener port="4848" protocol="admin-listener" transport="tcp" name="admin-listener" thread-pool="admin-thread-pool"></network-listener>
    </network-listeners>
    <transports>
        <transport name="tcp"></transport>
    </transports>
</network-config>

首先是协议，配置了名为http-listener-1的协议和名为http-listener-2协议，还有一个admin-listener协议。前两个为发布的应用所用（8080端口和8181端口），而最后一个为__asadmin虚拟服务器所用(4848)。都没有启用文件缓存。http-listener-2还多了一个名为s1as的证书昵称，在keystore.jks和cacerts.jks配置时会用到这个昵称。

然后是网络监听，就是针对上面三个协议的监听：8080，8181，4848。还指定了使用的传输层协议tcp，线程池(前两个为http-thread-pool，后一个为admin-thread-pool)，即应用的虚拟服务器server和管理端的虚拟服务器__asadmin之间的线程互不干扰。

最后定义的是传输层协议，即前面用到的tcp。

2.6.1.11 thread-pools

<thread-pools>
    <thread-pool name="admin-thread-pool" max-thread-pool-size="50" max-queue-size="256"></thread-pool>
    <thread-pool name="http-thread-pool" max-queue-size="4096"></thread-pool>
    <thread-pool name="thread-pool-1" max-thread-pool-size="200"/>
</thread-pools>

定义的是线程池，默认有三个：admin-thread-pool，http-thread-pool，thread-pool-1。前两个线程池在上面已经使用到。

2.6.2 default-config

<config name="default-config" dynamic-reconfiguration-enabled="true" >
    <http-service>
        ...

    <iiop-service>
        ...

    <admin-service system-jmx-connector-name="system" type="server">
        ...

    <web-container>
        ...

    <ejb-container session-store="${com.sun.aas.instanceRoot}/session-store">
        ...

    <mdb-container />
    
    <jms-service type="EMBEDDED" default-jms-host="default_JMS_host" addresslist-behavior="priority">
        ...

    <log-service log-rotation-limit-in-bytes="2000000" file="${com.sun.aas.instanceRoot}/logs/server.log">
        ...

    <security-service>
        ...

    <transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" automatic-recovery="true" />
    
    <diagnostic-service />
    
    <java-config debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${JAVA_DEBUGGER_PORT}" system-classpath="" classpath-suffix="">
        ...

    <availability-service>
        ...

    <network-config>
        ...

    <thread-pools>
        ...

    <group-management-service/>
    
    <system-property name="JMS_PROVIDER_PORT" value="27676" description="Port Number that JMS Service will listen for remote clients connection." />
    <system-property name="ASADMIN_LISTENER_PORT" value="24848"/>
    <system-property name="HTTP_LISTENER_PORT" value="28080"/>
    <system-property name="HTTP_SSL_LISTENER_PORT" value="28181"/>
    <system-property name="IIOP_LISTENER_PORT" value="23700"/>
    <system-property name="IIOP_SSL_LISTENER_PORT" value="23820"/>
    <system-property name="IIOP_SSL_MUTUALAUTH_PORT" value="23920"/>
    <system-property name="JMX_SYSTEM_CONNECTOR_PORT" value="28686"/>
    <system-property name="OSGI_SHELL_TELNET_PORT" value="26666"/>
    <system-property name="JAVA_DEBUGGER_PORT" value="29009"/>
    
</config>

default-config的参数配置都是立即生效的。

2.6.2.1 http-service

<http-service>
    <access-log/>
    <virtual-server id="server" network-listeners="http-listener-1, http-listener-2" >
        <property name="default-web-xml" value="${com.sun.aas.instanceRoot}/config/default-web.xml"/>
    </virtual-server>
    <virtual-server id="__asadmin" network-listeners="admin-listener" />
</http-service>

在虚拟服务器server 中指定了default-web.xml文件。

2.6.2.2 iiop-service

<iiop-service>
    <orb use-thread-pool-ids="thread-pool-1" />
    <iiop-listener port="${IIOP_LISTENER_PORT}" id="orb-listener-1" address="0.0.0.0" />
    <iiop-listener port="${IIOP_SSL_LISTENER_PORT}" id