Tomcat server configuration reference defaultContext component
Introduction
The DefaultContext element represents a subset of configuration settings for the Context element, which can nested in Engine or Host elements, indicating the default configuration properties of the automatically created Context.
In this case, Catalina will automatically create context? For more information on this, refer to the application automatic publishing and user web applications.
Attributes
Public property
All DEFAULTCONTEXT implementation supports the following properties:
Property Description Cookies If you want to use cookies to deliver session Identifier (requiring client support cookies), set to TURE. Otherwise, in this case, it can only rely on the URL REWRITING to pass the session Identifier. CrossContext is set to TRUE if you want to call servletContext.getContext () to run in the application. In an important environment, set to False, make getContext () always returns NULL. The default is false. Reloadable If you want Catalina monitoring / web-inf / class, if you change, you will automatically overload the Web Application when you change, set to True. This feature is useful in the development phase, but it also greatly increases the overhead of the server. Therefore, after the release, it is not recommended. However, you can use the Manager to trigger your application's overload when necessary. Wrapperclassorg.apache.catalina.wrapper implements the name of the class for servlets managed by this context. If there is no specified, the standard default value is used.
Standard implementation
DefaultContext's standard implementation is org.apache.catalina.core.defaultContext, which also supports the following additional properties:
Property Description Swallowoutput If this value is true, system.out and system.err output is redirected to the web application Logger. If not specified, the default value is falseusenaming. If you want Catalina to enable a JNDI InitialContext object for the web application, set to True. The initialialContext meets the J2EE platform agreed, the default value is TRUE.
Nested component
Special characteristics
Contxt parameter (Context parameters)
You can nesce
...
OVERRIDE = "false" /> ... This is equal to the following elements in /Web-inf/web.xml: The difference is that the former does not need to modify deployment descriptor to customize this value. The valid attribute value of the Property Description Description Description of this Context Initialization Parameters (Optional) Name The name of the Context initialization parameter to be created Override If you do not want /Web-inf/web.xml Environmental entry You can nest in Context, configure naming values, which are visible to the entire Web application as an Environment Entry Resource, which is visible to the Environment Entry Resource. For example, you can create an environment entry as follows: ... TYPE = "java.lang.integer" override = "false" /> ... This is equivalent to the following elements in /Web-inf/web.xml: But does Not Require Modification of the Deployment Descriptor To Customize is that the former does not need to modify deployment descriptor to customize this value. The valid properties of the Property Description Description Description of the Description Environment Entries (Optional) Name Environment Environment Name, relative to Java: Comp / ENV Context. OVERRIDE If you do not want /Web-inf/web.xml to overwrite the value specified here, set to False. The default is TRUE. The Type environment entry JAVA class name. In /Web-inf/web.xml, Life period Listeners (Lifecycle Listener) If a Java object needs to know when Context starts, when stopping, you can nest a Listener element in this object. The Listener element must implement the org.apache.catalina.lifeCyCleListener interface, informing the Listener when the corresponding life-end event occurs. You can configure such Listener: ... ... Note that an Listener can have any more additional properties. The property name corresponds to the property name of the JavaBean, using a standard attribute naming method. Resource Definitions You can define the characteristics of resources in /web-inf/web.xml. These features are returned when using JNDI to find For example, you can create a resource definition as follows: ... TYPE = "javax.sql.datasource" Description = "Employees Database for HR Applications" /> ... This is equivalent to containing the following elements in /Web-inf/web.xml: The difference is that the former does not need to modify deployment descriptor to customize this value. The valid properties of the Property Description Auth Specifies whether the web application code itself Sign ON to the corresponding Resource Manger, or by the Container represents the web application Sign ON to Resource Manager. The value of this attribute must be Application or Container. If Resource parameters are used to configure resource manager (Resource Manager, or Object Factory, Object Factory). When doing JNDI lookup, the Explorer returns the object of the lookup. Before resources can be accessed, each The resource parameter is different from the name definition, the useful resource manager (or Object Factory) is different, and the collection of parameter names is different. These parameter names correspond to the factory-class JavaBeans property. JNDI implementation configures a specific factory class by calling the corresponding JavaBeans property setting function, and then calls the instance to be visible via the lookup (). The resource parameters of a JDBC data source can be defined as follows: ... JDBC: Hypersonicsql: Database ... If you need to specify the Java class name in the factory for a specific resource type, nested a The valid properties of the Resource Links Resource connection is used to create a connection to global JNDI resources. The JNDI query is returned to the connected Global resource on the connection name. For example, you can create a resource connection as follows: ... Global = "SimpleValue" TYPE = "java.lang.integer" ... The valid properties of the The property describes the name of the resource connection created by Global Connected Global Resource Name Name, relative to Java: Comp / Env ContextType When the web application is found on this resource connection, the return Java class name GlobalnamingResources components Overview GlobalnamingResources defines the global JNDI resource for the server. Special characteristics Environmental entry You can nest in GlobalnamingResources, configure naming values, which are visible to the entire web app for Environment Entry Resource. For example, you can create an environment entry as follows: ... TYPE = "java.lang.integer" override = "false" /> ... This is equivalent to the following elements in /Web-inf/web.xml: The difference is that the former does not need to modify deployment descriptor to customize this value. The valid properties of the Property Description Description Description of the Description Environment Entries (Optional) Name Environment Environment Name, relative to Java: Comp / ENV Context. OVERRIDE If you do not want /Web-inf/web.xml to overwrite the value specified here, set to False. The default is TRUE. The Type environment entry JAVA class name. In /Web-inf/web.xml, You can define the characteristics of resources in /web-inf/web.xml. These features are returned when using JNDI to find For example, you can create a resource definition as follows: ... TYPE = "javax.sql.datasource" Description = "Employees Database for HR Applications" /> ... This is equivalent to containing the following elements in /Web-inf/web.xml: The difference is that the former does not need to modify deployment descriptor to customize this value. The valid properties of the AttributeScriptionAuth specifies whether the web application code itself Sign ON to the corresponding resource manager, or by Container represents the web application Sign ON to Resource Manager. The value of this attribute must be Application or Container. If Resource parameters are used to configure resource manager (Resource Manager, or Object Factory, Object Factory). When doing JNDI lookup, the Explorer returns the object of the lookup. Before resources can be accessed, each The resource parameter is different from the name definition, the useful resource manager (or Object Factory) is different, and the collection of parameter names is different. These parameter names correspond to the factory-class JavaBeans property. JNDI implementation configures a specific factory class by calling the corresponding JavaBeans property setting function, and then calls the instance to be visible via the lookup (). The resource parameters of a JDBC data source can be defined as follows: ... JDBC: Hypersonicsql: Database ... If you need to specify the Java class name in the factory for a specific resource type, nested a The property describes the resource name configured by Name, relative to Java: Comp / ENV Context. This name must match the resource name defined in a Loader components Overview The Loader element represents a class loader used to load Java classes and resources. The class loader must meet the requirements of Servlet Specification, which is loaded from the following location: Web Application / Web-INF / CLASS directory; JAR file under the / web-inf / lib directory of the web application; resources available to all web applications by Catalina; Loader can embed the Context component. If this component is not included, a default Loader configuration is automatically generated, which can meet most of the needs. If you want to get a deeper description of the class loader hierarchy realized by Catalina, refer to Fixme. The following description uses variable $ CATALINA_HOME to refer to the directory where Tomcat 5 is installed. Most relative paths are based on this directory. However, by setting the Catalina_Base directory, you can run multiple Tomcat 5 instances, then you should use $ Catalina_Base as a directory benchmark, not to use $ Catalina_home. Attributes Public property All Loader implementation supports the following properties: The property describes the Java class name implemented by ClassName. This class must implement the org.apache.catalina.Loader interface. If there is no specified, the standard implementation is used. Delegate If you want Class Loader to follow the Java 2 Delegation model, first load the father's class loader class before loading the web application class, set to true. The default value is false, first load the web application class, and then ask his father Class Loader to find the requested class or resource. Reloadable If you want Catalina monitoring / web-inf / class, if you change, you will automatically overload the Web Application when you change, set to True. This feature is useful in the development phase, but it also greatly increases the overhead of the server. Therefore, after the release, it is not recommended. However, you can use the Manager application to trigger your application overload. Note: This property is inherited from the reloadable attribute of the Context element to which the Loader belongs. Any value set here will be replaced. Standard implementation The standard implementation of Loader is org.apache.catalina.Loader.Webapploader. It also supports the following accessory properties: Property Description CheckInterval If reloadable is true, check whether the class and resource are modified. The default is 15 seconds. Detalation of the output information of the Logger associated with this Engine. The larger the number, the more detailed output. If not specified, the default is 0. LoaderClass implements Java class names for java.lang.classloader. If there is no specified, the default is org.apache.catalina.Loader.WebAppClassLoader Nested component Nesting any component is not allowed in the Loader Element Loader elements do not have any proprietary features Logger components Overview Catalina container (Engine, Host or Context) uses Logger to log information, debug information, and error message. In addition, the Logger of Engine and Host is automatically inherited by low-layer container unless it is clearly covered. If you want to create access logs like Web Server (for example, for clicking rate analysis software), you need to configure an Access Log Valve in Engine, Host or Context elements. Want to get more information about the Class Loader hierarchy of Catalina, refer to FixMe-Reference. The following description uses variable $ CATALINA_HOME to refer to the directory where Tomcat 5 is installed. Most relative paths are based on this directory. However, by setting the Catalina_Base directory, you can run multiple Tomcat 5 instances, then you should use $ Catalina_Base as a directory benchmark, not to use $ Catalina_home. Attributes Public property All Logger implementations support the following properties: The property describes the Java class name implemented by ClassName. This class must implement org.apache.catalina.logger interface verbosityLogger's detailed level. If the level of the message requested is high than the specified value, the message is simply ignored. The optional level is 0 (only a deadly message only), 1 (error), 2 (warning), 3 (information), 4 (debug). If there is no specified, the default is 1, that is, the error message is logged. Note - The value is only compared to this value only if the message is clearly specified. Messages do not have a specified level are recorded unconditionally. Standard implementation Different from most Catalina components, logger has several standard implementations. So, you must use the className property to indicate the implementation you want to use. File logger (org.apache.catalina.logger.filelogger) FILE Logger records all messages in the disk file in the specified directory. The actual name of the log file consists of a prefix, the current date (in YYYY-MM-DD format) and the suffix. To close the current log file, create a new log file for the new date after the first log message after each night of midnight. The switching of the log file does not need to close Catalina. FILE Logger supports the following properties: The property describes the directory of the Directory stores the log file, which can be a relative path or an absolute path. If the relative path is used, it means the path to the $ CATALINA_HOME. If the Directory property is not specified, the default is the prefix of "logs" (relative to the $ catalina_home) prefix log file name. If not specified, the default is "Catalina". If you do not want to use a prefix, use a string of length 0. The suffix of the SUFFIX log file name. If not specified, the default is ".log". If you don't want to use a suffix, use a string of length 0. TimeSTAMP If true, all messages will add a date and timestamp. The default is false. Standard error logger (org.apache.catalina.logger.systemrlogger) Standard ERROR Logger records all messages to standard error outputs used by Catalina. By default, Catalina uses logs / catalina.out relative to $ Catalina_Home as a standard error output. This Logger does not have an attribute of an attachment. Standard Output Logger (Org.apache.catalina.logger.systemoutLogger) Standard Outpout Logger records all messages to the standard output used by Catalina. By default, Catalina uses logs / catalina.out relative to $ Catalina_home as a standard output. This Logger does not support additional properties. Nested component Nesting any components are not allowed in loggr elements Special characteristics Logger elements do not have any proprietary features Manager components Overview The Manger element represents Session Manager for the HTTP Session. The Manager element can be nested in the Context component. If it does not contain it, a default Manager configuration is automatically created, which is enough for most requirements. Attributes Public property All Manager's implementation supports the following properties: The property describes the Java class name implemented by ClassName. This class must implement the org.apache.catalina.manager interface. If you do not specify, use the standard value. Distributable In distributed applications, if you want to add the limitations described in Servlet Specification, set to TRUE. This means that all the session attributes must implement the java.io.serializable interface. If you don't want to add these restrictions, set to false Note: Is there any Standard implementation Tomcat provides two standard implementations for Manger. The default implementation of the SESSION of the store activity, optionally stores the exchanged activity session (session before and after the Tomcat restart), the stored position is defined by the nested Store element. Standard Manager implementation The standard implementation of Manger is org.apache.catalina.session.standardmanger. It supports additional properties as follows: The property describes the message summary algorithm for Algorithm to calculate the session identifier. This value must be supported by Java.security.MessageDigest class. If not specified, the default is "MD5" checkinterval check whether session expired time interval, in seconds, the default value is the detailed level of the debugging information of 60 second Debug and Manager's debugging information, the larger, output The more detailed. If not specified, the default is 0. Entropy Seeds of the random number generator in the SESSION identifier. String value. If not specified, calculate an incomplete useful value. In an environment with a high security requirement, you should specify a long string. The maximum number of active session is generated by MaxActiveSsSessionS. If it is -1, there is no limit. Pathname If possible, when the application is restarted, the absolute or relative path used to save the SESSION state. The default is "sessions.ser". Refer to RESTART PERSISTENCE to get more information of randomclass to implement java.util.random's Java class name. If not specified, default is java.security.securerandom Persisten Manager implementation WARNING - This implementation has not been meticulously testing and can only be used for experimental purposes. Manger's persistent implementation is org.apache.catalina.session.PersistentManager. In addition to the usual creation and deletion of Session, PersistentManger can also exchange idle activity sess on the permanent storage medium. When Tomcat is restarted, you can save the session. The actual storage mechanism is defined by the nested Store element. When using the PersistentManager, the Store element must be defined. This implementation of Manager supports additional properties: Property Description Algorithm The name of the message summary algorithm for Session Identifier. This value must be supported by Java.security.MessageDigest class. If not specified, the default value is "MD5". CheckInterval checks if the session expired time interval, in seconds, the default is 60 seconds. ClassName implemented Java class name. This class must implement the org.apache.catalina.manager interface. For the Persistent Manager implementation, you must be specified as org.apache.catalina.session.PersistentManager. Detalation of the logger record information associated with the Manager. The larger the number, the more detailed output. If not specified, the default is 0. Entropy Seeds of the random number generator in the SESSION identifier. String value. If not specified, calculate an incomplete useful value. In an environment with a high security requirement, you should specify a long string. The maximum number of active session is generated by MaxActiveSsSessionS. If it is -1, there is no limit. MaxIdleBackup Since the last session to this session can be saved to the time interval on the storage medium. In seconds, if it is -1, the disable is characterized. By default, this feature is disable. Maxidleswap Since the last visit, a session to the session should be saved to the storage medium and exchange the time interval between the server's memory. If it is -1, the disable is characterized. If this feature is enabled, the specified value should be greater or equal to MaxIdleBackup. By default, this feature is disable. MINIDLESWAP Since the last visit, a session to the session can be saved to the storage medium and exchange between the time interval between the server's memory. If it is -1, the description can be exchanged at any time. The specified value should be less than MaxIdleswap. By default, this feature is disable. Randomclass implements Java class names for java.util.random. If not specified, the default is java.security.securerandomsaveonrestart when Tomcat is closed, do you save all sessions? Whether the Tomcat restarts (or apply reload), all Session should be restored. By default TRUE. In order to successfully use the PersistentManager, you must nest a Nested element Standard Manager implementation If you use the Standard Manager implementation, you don't need nested any elements in Persistent Manager implementation If you are implemented using a Persistent Manager, you must nest a File-based storage implementation Single SESSION is stored in a single file in the specified directory (naming according to the session Identifier). Therefore, when the number of active session increases, the problem of scalability may be encountered, which should be mainly used in the experimental system. In order to configure file-based storage, nested a Property Description CHECKInterval Checks if the currently exchanged session expired time interval, the default is 60 seconds. ClassName implemented Java class name. This class must implement org.apache.catalina.store interface. When using a file-based storage, this property must be specified as org.apache.catalina.session.FileStore.Debug's detailed level of debugging information associated with the Store element. The larger the number, the more detailed output. If not specified, the default is 0. Directory is used to store a directory of a single session file, which can be absolute or relative path (relative to the temporary work directory relative to this web application). If not specified, use the temporary work directory specified by Container. JDBC-based storage The JDBC-based storage implementation will be swapped in a pre-configured database table, and each row is stored a session. If there is a lot of session needs to be exchanged, this implementation is better than file-based storage performance. In order to use JDBC-based storage, nested a Property Description CHECKInterval Checks if the currently exchanged session expired time interval, the default is 60 seconds. ClassName implemented Java class name. This class must implement org.apache.catalina.stroe interface. In order to use JDBC-based storage, this referring must be specified as org.apache.catalina.session.jdbcStore.ConnectionURL to establish a URL of the database connection to the JDBC driver. The detailed level of debugging information associated with the Store element is detailed. The larger the number, the more detailed output. If not specified, the default is 0. DRIVERNAME Used JDBC Driven Java Class Database column name in the sessionappcolsession table, contains the name of Engine, Host, and Web Application context, format is the database column name in / Engine / Host / ContextSessionDatacolsession table, all of which contains all SESSION The inability is in the form of sequences. The column type must be able to accept the binary object (called the BLOB) sessionidColsession table, containing the SESSION identifier of the exchanged session. This column must accept string data, and at least install all characters (usually 32) SessionLastAccessedColsession table names in all characters (usually 32) SessionLastAccessedColsession tables, containing the lastaccessedTime properties of the session. This column must accept the database column name in the Java long integer data (64bits) SessionMaxInactiveColsession table, which contains the MaxInactiveInterval property of the session. This column must accept Java Integer Data (32BITS) sessionTable to store the table name of the exchanged session. This table must contain at least the column listed above. The column name in the SessionValidColsession table contains a flag, whether the session exchanged in the table name is valid. This column must accept a single character. Before using JDBC-based storage, you must create a table that stores the session. The specific SQL command depends on the database you use, but in general, it has the format below: CREATE TABLE TOMCAT_SESSIONS Session_id varchar (100) Not Null Primary Key, Valid_session char (1) Not null, Max_INACTIVE INT NOT NULL, Last_access Bigint Not Null, App_name varchar (255), Session_data Mediumblob, Key Kapp_name (app_name) ); In order for JDBC-based storage to successfully connect to your database, JDBC driver's built-in Class Loader for Tomcat must be visible. In general, this means you have to put the driverful JAR file in $ catalina_home / server / lib (if your application does not need to use JDBC driver) or put below $ catalina_home / circon / lib directory (if you want Driver and web application sharing) Special characteristics Restart personistence Whenever Catalina is restarted after normal shutdown, or the application is reloaded, the standard Manager implementation will try all current activity session to a disk file, pass the PathName property. When the application is overloaded, all stored session is deserialized, activated (assuming the session has not expired); in order to successfully restore the status of the session attribute, all properties must implement the java.io.Serializable interface. By including the Realm components Overview The Realm element is a database containing username, password, and user role. The role is similar to Unix Group. Different implementations of Realm allow the CataLina to be integrated into an environment where the authentication information has been created and maintained, and then uses this information to implement Container Management Security, such as described in the servlet specification. You can nest in any Catalina container (Engine, Host or Context). In addition, Engine or Host's Realm will automatically inherit with low-level container unless it is clearly covered. More information about Container Managed Security in web applications, refer to the connection of the "Container Managed Security Guide" in this section of the application developer; more information about configuration and standard Realm implementation, refer to the Fixme-Administrator "Realm Configuration How-to" connection. The following description uses variable $ CATALINA_HOME to refer to the directory where Tomcat 5 is installed. Most relative paths are based on this directory. However, by setting the Catalina_Base directory, you can run multiple Tomcat 5 instances, then you should use $ Catalina_Base as a directory benchmark, not to use $ Catalina_home. Attributes Public property All Realm implementations support the following properties: The property describes the Java class name implemented by ClassName. This class must implement org.apache.catalina.realm interface. Standard implementation And most Catalina components are different, Realm has several standard implementations. Therefore, you must use the classname property to select the implementation you want to use. JDBC Database Realm (Org.apache.catalina.Realm.jdbcrealm) JDBC Database Realm Connect Catalina to a relational database that uses the correct JDBC driver access to query the username, password, and their related roles. Since the query is done when it is necessary, the change in the database will immediately reflect the information used to authenticate the new login. In addition to obtaining database table names and column names for required information, there are many additional properties to be configured to configure the database: Property Description ConnectionName establishes a database Username When the database username used by JDBC ConnectionPassword Create a database password ConnectionURL to establish a database connection to the JDBC-driven connection URLDigeST to the "message summary" algorithm for user password encoding in the database . If not specified, the password is stored in a clear text. DRIVERNAME Connect to the full JDBC driver of the authentication database, the column name in the Java Class Name RoleNamecol "User Role" table, contains the name of the role specified to the corresponding user. The column name in the UsercredCol "User" table contains trusted data (for example, password). If the Digest property is set, it is assumed that the password has been encoded with the specified algorithm. Otherwise, it is assumed that the password is a plain text password. UserNameCol "User" table, the column name in the User Role table, contains the user's usernroletable "User Role" table name, must contain the columns specified by UserNamecol and RoleNameCol. UserTable user table, must contain more information specified by usernamecol and usercredcol properties for more information on using the JDBC Database Realm component, refer to Fixme - Nested Pointer Into How-To DataSource Database Realm (Org.Apache.catalina.Realm.DataSourceRealm) DataSource Database Realm connects Catalina to a relational database that accesses the JDBC Datasource, query the username, password, and their corresponding roles. Since the query is performed at each time, the database changes will be immediately reflected to the information used to authenticate new login. JDBC Realm uses a single database connection. This requires synchronization between Realm-based authentication, for example, only one authentication is allowed at the same time. This is a bottleneck for applications that require a lot of authentication. DataSource Database Realm supports concorpting Realm-based authentication, allowing JDBC DataSource to process optimization, such as database connection pools. There are many options to configure the name of JNDI JDBC DataSource, including database table names and column names for obtaining the necessary information. Property Description DataSourceNameRealm's JNDI JDBC DataSource's name DiGest is used to encode the name of the message summary algorithm stored in the database. If not specified, assume that the user password is stored in a clear text. The column name in the ROLENAMECOL "User Role" table contains the name of the role specified to the corresponding user. The column name in the UsercredCol "User" table contains trusted data (such as password). If the Digest property is set, it is assumed that the password has been encoded with the specified algorithm. Otherwise, it is assumed that the password is a plain text password. The UserNameCol "User" table and the column name in the User Role table contain the user's username. The Userroletable user role table name must contain the columns specified by usernamecol and rolenamecol. UserTable user table must contain the columns specified by usernamecol and usercredcol properties. For more information on configuring Container Managed Security for more information on DataSource Database Realm components, refer to DataSource Realm How-To. JNDI Directory Realm (Org.apache.catalina.Realm.jndireAlM) JNDI Directory Realm connects Catalina to an LDAP directory and is accessed by the correct JNDI. The LDAP directory stores username, password, and their corresponding roles. Modifications to the directory are immediately reflected to the data used to authenticate new login. Directory Realm supports many ways to authenticate using LDAP: Realm can use the mode to determine the unique name of the user directory entry, or search the directory to locate the entry; Realm can bind the unique names of the user entry and the password given to the directory to the directory, authenticate the user; Alternatively, the password is removed from the user entry, comparing locally; in the directory, the role can be present in a separate entry (such as the group entry to which the user belongs), or the role can be an attribute of the user entry, or two situations All; In addition to the directory connection, the user gets the element and the attribute name of the information from the directory, Directory Realm also supports many other additional properties: The property describes the authentication type used by Authentication, the string type. Other types that can be "none", "simple", "strong", or provider definition, if there is no value, use the default value provided by the provider. ConnectionName Create a directory username used by a directory connection. If you don't specify, use anonymous connection, which is enough in most cases unless you specify the directory password used by the userpassword property ConnectionPassword creation. If you don't specify, use anonymous connection, which is enough in most cases unless you specify the userpassword properties. When ConnectionURL creates a directory connection, passed to the JNDI-driven connection URL. ContextFactory is used to get JAVA class names of the factory class of JNDI InitialContext. By default, a standard JNDI LDAP provider is assumed. Protocol uses the security protocol. If not specified, use the default value provided by the provider. RoleBase is used for role-looking reference directory entries. If not specified, use the top level of the directory context. RoleName In role lookup, contains the name of the property of the character name. In addition, in the user entry, you can use UserRoleName to specify the name of the attribute name that contains the name of the extra role. If not specified, the role is not searched, the role exists in the user entry. RoleSearch is used to perform a role lookup LDAP filter expression. Use {0} instead of the user's unique name, {1} instead of the username. If you do not specify, you don't search the role, the role is obtained from the properties specified by the user entry in the user entry. Rolesubtree When looking up the role associated with the user, if you want to search the entire subtree of the element specified by the rolebase property, set to True. The default is false, and only the top elements are searched. Userbase is a reference element when using the userSearch expression to search for the user. If you do this property if you search using the UserPattern expression, this property is not used. UserPassword contains the properties name of the user password in the user entry. If this value is specified, JNDIREALM uses the value specified by the ConnectionName and the ConnectionPassword property to the directory, remove the corresponding attribute, compare the value given by the authenticated user. If this value is not specified, JNDireAlM will try to use the unique name of the user entry and the password given to the user to bind to the directory. If the binding is successful, the authentication is successful. The unique name of the UserPattern user directory entry, {0} represents the actual username. When the unique name contains the username, other items are the same, this property can be used instead of using the usernamenAmename user directory entry, which contains zero or more assignments. The value of the user's role name. In addition, if the role exists in a separate entry, you can use the ROLENAME attribute to specify the attribute name. This property can be obtained when searching the directory. If you do not specify UserRoleName, all the characters of the user are searched by the role; Userch Search User Catalog Entry, use the LDAP filter expression, {0} represents the actual username, you can use the userSearch, UserBase, and Usersubtree properties to replace USERPATTERN Search table of Contents. UserSubtree If you want to search for the entire subtree of the element specified by the UserBase property, set to true, the default value is false, that is, only the top element is searched. If you use UserPattern expressions, this property is not used. For more information on using the JNDI Directory Realm component, refer to Fixme - Nested Pointer Into How-to Memory based realm (org.apache.catalina.realm.MemoryRealm) Memory Based Realm is a simple Realm implementation that reads user information from the XML file, identifies the information as a collection of Java objects in memory. This implementation is just used to launch Container Managed Security instead of in the product. Therefore, when the data file changes, there is no mechanism to update the collection of users in memory. Memory Based Realm implements the following additional properties: The property describes the absolute or relative path of the XML file of the user information. The format of the XML file is defined below. If this property is not specified, the default is conf / tomcat-users.xml The XML document referenced by the Pathname property must meet the following requirements: The root element must be Name - User Name (must be unique in the file). Password - User password (clear text). Roles - User role list, separated by commas; For more information on using the Memory Based Realm component, refer to Fixme - Nested Pointer Into How-To Nested element Realm elements cannot nested any elements Special characteristics Reference Single Login to get more information on the single login on the virtual host Resource component Overview Resources elements represent static resources for web applications, which are used for class loading and serve HTML, JSP, and other static pages. This allows web applications in other media in addition to the file system, such as compressed in a WAR file, JDBC database, or a more advanced version of the Warehouse (Versioning Repository). All access to WebApp resources provides a unified cache engine. Resources can be accessed by Servlet Container, web applications can use the mechanism provided by Container to access specific resources, such as accessing Class Loader through the servletContext interface, via the DirectoryContext interface for local access (Native Access). Note: If a WebApp uses a non-file system-based resources implementation, this is only accessible to its own resources in WebApp, which is not dependent on the file system, but uses the methods provided in the ServletContext interface to access them. The Resources element can be embedded in the Context component. If there is no resource, it will generate a default file-based resources, which is enough for most requirements. Attributes Public property All resources implementation supports the following properties: The property describes the Java class name implemented by ClassName. This class must implement a javax.naming.directory.dircontext interface. Consider the optimization of functions and performance, recommend such inheritance org.apache.naming.resources.basedirContext. But this is not necessary. In addition, it is recommended to use the special object type provided in Org.apache.naming.Resources as the return object. If you do not specify, use the standard value. Standard implementation The standard implementation of Resources is org.apache.naming.resources.filedirContext. It also supports the following additional properties: The property describes whether the Cached resource needs to be cached, default is true. CacheMaxSize If cached is true, the maximum of the cache is in KB. The default is 10240 (10M) CaseSensitive whether the resource on the Windows platform is case sensitive. Default as true DOCBase equivalent to the document reference directory of Context (Document Base) Nested any components are not allowed in nested components resource elements Special characteristics The resources element does not have any proprietary features. Valve components Overview The Valve element is a component inserted into the Catalina container (including Engine, Host, or Context) process. Different components have different processing capabilities. Each Valve component will be described below The following description uses variables $ Catalina_Home refers to the directory installed in Tomcat 5. Most relative paths are based on this directory. However, by setting the Catalina_Base directory, you can run multiple Tomcat 5 instances, then you should use $ Catalina_Base as a directory benchmark, not to use $ Catalina_home. Access log Valve Overview Access log valve is used to create log files, format is the same as the standard Web Server log file. You can use the log analysis tool to analyze, track the number of page clicks, and the activities of the user session. Many configuration and behavioral features of Access Log Valve are the same as FILE Logger, including automatic switch log files per night. Access Log Valve can be associated with any CataLina container, record all requests for the container processing. Attributes Access Log Valve supports the following configuration properties: The property describes the Java class name implemented by ClassName. Must be set to org.apache.catalina.valves.accessLogvalve. Directory stores the directory of the log file, which can be a relative path or an absolute path. If the relative path is used, it means the path to the $ CATALINA_HOME. If the Directory property is not specified, the default is "logs" (relative to $ catalina_home) Pattern needs to record the request / response to the format layout of different information fields. If it is "common" or "combine", the selection of standard formats will be described. The following will be more information about configuring this property. Prefix log file name prefix. If not specified, the default is "Access_log.". If you do not want to use a prefix, use a string of length 0. ResolveHosts converts the IP address of the remote host through the DNS query to the host name, set to True. If false, ignore the DNS query, report the remote IP address. The suffix of the SUFFIX log file name. If not specified, the default is "" ". If you don't want to use a suffix, use a string of length 0. The RotATable default is true to determine if the log is flipped. If false, the log file will never flip and ignore the FileDataFormat. Be cautious. Condition opens the condition log. If this property is set, only the log will be created for the request when servletRequest.GetaTribute () is Null. For example, if Condition is set to Junk, this request will only be recorded when servlet.getattribute ("junk") == null. Using filters, you can easily set (or cancel settings) different requests. FileDateFormat allows the use of custom date formats to be used in the log file name. The format of the log also determines the frequency of the log file flip. If you want to flip every hour, set this value to the YYYY-mm-dd.hpattern property value by the string constance and the Pattern identifier plus the prefix "%" combination. The Pattern identifier adds prefix "%" to replace the corresponding variables in the current request / response. The following Pattern is currently supported: % a - remote IP address% a - Local IP address% B - The number of bytes transmitted, does not include http header, if 0, use "-"% B - the number of bytes sent, does not include http header% h - Remote hostname (if resolvehost = false, remote IP address)% h - request protocol% L - method (always returned '-')% M - request from IdentD (Get) , POST, etc.)% p - receive the requested local port number% q - query string (if present, with '?' Start)% R-request, the first line of request, includes the request method and URI% S - Response status code% S - User's session ID% T - log and time, using the usual log format% U - the remote user after authentication (if present, otherwise '-')% u - request URI path % V - Name% D - Processing Request Time, in milliseconds per unit% T - processing request time, in seconds Access Log Valve can also record information in cookie, message head, session, or servletRequest. Using the syntax similar to apache:% {xxx} i message header% {xxx} C Specific cookie% {xxx} r xxx is a attribute in servletRequest% {xxx} s xxx is an attribute in httpsession The "CommON" mode (also default mode) is actually a simple representation of "% h% l% u% t"% r "% s% b" The "Common" mode is later plus the "User-agent headers", which is the "combined" mode mentioned earlier. Remote address filter (Remote Address Filter) Overview The remote address filter compares the IP address of the client's client and one or more regular expressions to determine or reject this request. The remote address filter can be nested in any Catalina container (Engine, Host or Contxt). The container must accept all requests before the filter functions. Attributes The remote address filter supports the following configuration properties: The property describes the Java class name implemented by the classname. It must be set to org.apache.catalina.valves.RemoteAddrvalve.Allow Separate a string regular expression with a comma, and the client's IP address is compared to these regular expressions. If this property is specified, the client's address must match these expressions, and the request will be processed. If this property is not specified, all requests are accepted unless the client address matches a Deny mode. DENY is a comma-separated string regular expression, and the client's IP address is compared to these regular expressions. If this property is specified, the client's address must not match these expressions, and the request will be accepted. If this property is not specified, just determine whether this request is accepted by the "accept" property. Remote host filter (Remote Host Filter) Overview The remote host filter compares the host name of the initiating request and one or more regular expressions to determine or reject this request. The remote host filter can be nested in any Catalina container (Engine, Host or Context). The container must accept all requests before the filter functions. Attributes Remote host filters support the following properties: Attribute describes the Java class name implemented by ClassName. It must be set to org.apache.catalina.Valves.RemoteHostValve.Allow with a comma-separated string regular expression, the client's host name is compared to these regular expressions. If this property is specified, the host name of the client must match these expressions and the request will be processed. If this property is not specified, all requests are accepted unless the client hostname matches a Deny mode. Deny is a comma-separated a string regular expression that compares the client's hostname with these regular expressions. If this property is specified, the client's hostname must not match these expressions, and the request will be accepted. If this property is not specified, just determine whether this request is accepted by the "accept" property. REQUEST DUMPER VALVE Overview Request Dumper Valve is very useful in debugging with the client's interaction. If configured, it uses the details of each request with the logger logger of the container (Engine, Host or Context). Attributes Request Dumper Valve supports the following configuration properties: Property Description ClassName implemented Java class name, must be set to org.apache.catalina.valves.RequestDumperVal. Single login VALVE (Single Sign on Valve) Overview If you want users to log in to any of the web applications in the virtual host, and all other web applications can be used after logging in, you can use the user's identity information (ie, you don't need to log in), you can use a single login VALVE. There are more information about single login VALVE in the Host element. Attributes Single login VALVE supports the following configuration properties: The attribute describes the Java class name implemented by the classname. It must be set to: org.apache.catalina.AuthenTicator.SingLesignon.debug Detail of the debugging information of this component, the default is 0, that is, no debug output.
