urn:infinispan:server:10.0

server

interfaces

interface*

NameTypeDefaultDescription
namestring

inet-address

NameTypeDefaultDescription
valuestring

global

link-local

loopback

non-loopback

site-local

match-interface

NameTypeDefaultDescription
valueFIXME

match-address

NameTypeDefaultDescription
valueFIXME

socket-bindings

NameTypeDefaultDescription
default-interfacestring
port-offsetstring

socket-binding*

security

security-realms

security-realm+

NameTypeDefaultDescription
namestring

server-identities?

ssl

keystore

NameTypeDefaultDescription
pathstring
relative-tostring
keystore-passwordstring
aliasstring
key-passwordstring
generate-self-signed-certificate-hoststring

engine?

NameTypeDefaultDescription
enabled-protocols
enabled-ciphersuitesstring

filesystem-realm?

NameTypeDefaultDescription
namestringfilesystem
pathstring
relative-tostringinfinispan.server.data.path
levelsint0
encodedbooleantrue

kerberos-realm?

NameTypeDefaultDescription
keytab-pathstring
relative-tostring

ldap-realm?

NameTypeDefaultDescription
namestring
urlstring
principalstring
credentialstring
direct-verificationboolean
page-sizeint
search-dnstring
rdn-identifierstring

identity-mapping?

NameTypeDefaultDescription
rdn-identifierstring
search-dnstring

attribute-mapping?

attribute+

NameTypeDefaultDescription
filterstring
filter-dnstring
fromstring
tostring

user-password-mapper?

NameTypeDefaultDescription
fromstring
verifiableboolean
writableboolean

local-realm?

NameTypeDefaultDescription
namestringlocal

properties-realm?

NameTypeDefaultDescription
groups-attributestring

user-properties

NameTypeDefaultDescription
pathstring
relative-tostring
digest-realm-namestring
plain-textbooleanfalse

group-properties

NameTypeDefaultDescription
pathstring
relative-tostring

token-realm?

NameTypeDefaultDescription
namestringtoken
principal-claimstringusername

jwt

NameTypeDefaultDescription
issuer
audience
public-keystring
jku-timeoutlong
client-ssl-contextstring

oauth2-introspection

NameTypeDefaultDescription
client-idstring
client-secretstring
introspection-urlstring
client-ssl-contextstring
host-name-verification-policystring

truststore-realm?

NameTypeDefaultDescription
pathstring
providerstring
keystore-passwordstring
relative-tostringinfinispan.server.data.path

endpoints

NameTypeDefaultDescription
socket-bindingstringThe socket on which the endpoint connector will bind itself
security-realmstringThe name of the security realm to use for authentication/authorization/encryption

hotrod-connector?

NameTypeDefaultDescription
external-hoststringSets the external address of this node, i.e. the address which clients will connect to. Defaults to the server's socket-binding address
external-portintSets the external port of this node, i.e. the port which clients will connect to. Defaults to the server's socket-binding port

topology-state-transfer?

NameTypeDefaultDescription
lock-timeoutintConfigures the lock acquisition timeout for the topology cache. Defaults to 10 seconds
replication-timeoutintConfigures the replication timeout for the topology cache. Defaults to 10 seconds
lazy-retrievalbooleanfalseConfigures whether to enable state transfer for the topology cache. If enabled, a ClusterCacheLoader will be used to lazily retrieve topology information from the other nodes. Defaults to false.
await-initial-retrievalboolean${Server.TopologyStateTransfer.await-initial-retrieval}Configures whether to initial state retrieval should happen immediately at startup. Only applies when lazy-retrieval is false. Defaults to true.

authentication?

NameTypeDefaultDescription
security-realmstringThe name of the security realm to use for authentication/authorization.

sasl?

The configuration of the SASL authentication layer for this server. The optional nested "include-mechanisms" element contains a whitelist of allowed SASL mechanism names. No mechanisms will be allowed which are not present in this list. The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference. The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference. The optional nested "policy" boolean element specifies a policy to use to narrow down the available set of mechanisms. The optional nested "property" elements specify additional properties required by the specified mechanisms
NameTypeDefaultDescription
server-context-namestringThe name of the login context to be used to retrieve a server subject for certain SASL mechs (i.e. GSSAPI)
server-namestringThe name the server which is exposed to clients
mechanisms
qop
strength

policy?

Policy criteria items to use in order to choose a SASL mechanism. The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions. The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny. The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny. The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny. The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny. The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.

forward-secrecy?

An element specifying a boolean value.
NameTypeDefaultDescription
valueboolean

no-active?

An element specifying a boolean value.
NameTypeDefaultDescription
valueboolean

no-anonymous?

An element specifying a boolean value.
NameTypeDefaultDescription
valueboolean

no-dictionary?

An element specifying a boolean value.
NameTypeDefaultDescription
valueboolean

no-plain-text?

An element specifying a boolean value.
NameTypeDefaultDescription
valueboolean

pass-credentials?

An element specifying a boolean value.
NameTypeDefaultDescription
valueboolean

property*

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Server.Encryption.require-ssl-client-auth}Whether to require client certificate authentication. Defaults to false.
security-realmstringThe name of the security realm to use for obtaining the SSL keystore

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringThe logical name to give to this connector. This attribute is required when there are more connectors of the same type defined.
NameTypeDefaultDescription
socket-bindingstringThe socket on which this connector will bind itself. If missing, the server will not listen to TCP connections
cache-containerstringThe name of the cache container which will be exposed by this connector
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores
worker-threadsintSets the number of worker threads. Defaults to 160
idle-timeoutintSpecifies the maximum time in seconds that connections from clients will be kept open without activity. Defaults to 0 (no timeout)
tcp-nodelaybooleanAffects TCP NODELAY on the TCP stack. Defaults to enabled
tcp-keepalivebooleanAffects TCP KEEPALIVE on the TCP stack. Defaults to disabled
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.

rest-connector

NameTypeDefaultDescription
context-pathstringThe context path on which to register the REST connector. Defaults to '' (the root context)
extended-headers
NEVERNever return extended headers
ON_DEMANDReturn extended headers on demand (i.e. when the 'extendend' query parameter is present on the request)
ON_DEMANDWhether to enable extended headers. Can be NEVER or ON_DEMAND. Defaults to ON_DEMAND
max-content-lengthintSets the maximum allowed content length.
compression-levelintSets the compression level when using compressed requests and responses.

authentication?

NameTypeDefaultDescription
security-realmstringThe security realm to use for authentication/authorization purposes. Defaults to none (no authentication)
mechanismsNONEThe authentication method to require. Can be NONE, BASIC, DIGEST, CLIENT_CERT, SPNEGO. Defaults to NONE. Setting it to a different value requires enabling a security-realm.

cors-rules?

Configures CORS (Cross Origin Resource Sharing) for the REST Server. Contains one or more rules that specify the permissions for cross-domain requests based on the origin.

cors-rule+

A Cors rule for one or more origins
NameTypeDefaultDescription
namestringThe rule name
allow-credentialsbooleanfalseSets the CORS 'Access-Control-Allow-Credentials' response header to true. Enable CORS requests to use credentials
max-age-secondsint0Sets the CORS 'Access-Control-Max-Age' response header with the amount of time CORS preflight request headers can be cached

allowed-origins

A comma separated list used to set the CORS 'Access-Control-Allow-Origin' to indicate the response can be shared with a certain origin

allowed-methods

A comma separated list used to set the CORS 'Access-Control-Allow-Methods' in the preflight response to specify the methods allowed for the configured origin(s)

allowed-headers?

A comma separated list used to set the CORS 'Access-Control-Allow-Headers' in the preflight response to specify which headers can be used by the configured origin(s)

expose-headers?

A comma separated list used to set the CORS 'Access-Control-Expose-Headers' in the preflight response to specify which headers can be exposed to the configured origin(s)

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Server.Encryption.require-ssl-client-auth}Whether to require client certificate authentication. Defaults to false.
security-realmstringThe name of the security realm to use for obtaining the SSL keystore

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringThe logical name to give to this connector. This attribute is required when there are more connectors of the same type defined.
NameTypeDefaultDescription
socket-bindingstringThe socket on which this connector will bind itself. If missing, the server will not listen to TCP connections
cache-containerstringThe name of the cache container which will be exposed by this connector
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores
worker-threadsintSets the number of worker threads. Defaults to 160
idle-timeoutintSpecifies the maximum time in seconds that connections from clients will be kept open without activity. Defaults to 0 (no timeout)
tcp-nodelaybooleanAffects TCP NODELAY on the TCP stack. Defaults to enabled
tcp-keepalivebooleanAffects TCP KEEPALIVE on the TCP stack. Defaults to disabled
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.

memcached-connector?

NameTypeDefaultDescription
cachestringThe name of the cache to use for the Memcached connector. Defaults to memcachedCache
client-encodingstringThe client encoding for the values, only applicable to the memcached text protocol.
NameTypeDefaultDescription
namestringThe logical name to give to this connector. This attribute is required when there are more connectors of the same type defined.
NameTypeDefaultDescription
socket-bindingstringThe socket on which this connector will bind itself. If missing, the server will not listen to TCP connections
cache-containerstringThe name of the cache container which will be exposed by this connector
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores
worker-threadsintSets the number of worker threads. Defaults to 160
idle-timeoutintSpecifies the maximum time in seconds that connections from clients will be kept open without activity. Defaults to 0 (no timeout)
tcp-nodelaybooleanAffects TCP NODELAY on the TCP stack. Defaults to enabled
tcp-keepalivebooleanAffects TCP KEEPALIVE on the TCP stack. Defaults to disabled
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
NameTypeDefaultDescription
socket-bindingstringThe socket on which this connector will bind itself. If missing, the server will not listen to TCP connections
cache-containerstringThe name of the cache container which will be exposed by this connector
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores
worker-threadsintSets the number of worker threads. Defaults to 160
idle-timeoutintSpecifies the maximum time in seconds that connections from clients will be kept open without activity. Defaults to 0 (no timeout)
tcp-nodelaybooleanAffects TCP NODELAY on the TCP stack. Defaults to enabled
tcp-keepalivebooleanAffects TCP KEEPALIVE on the TCP stack. Defaults to disabled
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
Expand/Collapse All