urn:infinispan:server:13.0

server

interfaces

interface*

NameTypeDefaultDescription
namestring

inet-address?

NameTypeDefaultDescription
valuestring

global?

link-local?

loopback?

non-loopback?

site-local?

match-interface?

NameTypeDefaultDescription
valueFIXME

match-address?

NameTypeDefaultDescription
valueFIXME

socket-bindings

NameTypeDefaultDescription
default-interfacestring
port-offsetstring

socket-binding*

security?

credential-stores?

Complex type to contain the definitions of the credential stores.

credential-store*

An individual credential store definition.
NameTypeDefaultDescription
namestring The name of this credential store.
relative-tostring A reference to a previously defined path that the file name is relative to.
pathstring File name of credential store storage.
typestringpkcs12 The type of the credential store file. Can be either pkcs12 or jceks. Defaults to pkcs12.

clear-text-credential

Credential to be used by as protection parameter for the Credential Store.

A clear-text credential.
NameTypeDefaultDescription
clear-textstring The clear-text password.

credential-reference

Credential to be used by as protection parameter for the Credential Store.

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

security-realms

security-realm+

NameTypeDefaultDescription
namestring
cache-max-sizeint256 The maximum size for the identity cache for this realm. If the size is less than 1, the cache will be disabled. Defaults to 256.
cache-lifespanlong-1 The lifespan of entries in the identity cache after which they expire and are reloaded from the realm provider. Defaults to -1 (never expires).

server-identities?

ssl?

keystore

NameTypeDefaultDescription
pathstring
relative-tostring
keystore-passwordstring
passwordstring
aliasstring
key-passwordstring
generate-self-signed-certificate-hoststring
providerstring

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

truststore?

NameTypeDefaultDescription
pathstring
relative-tostring
passwordstring
providerstring

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

engine?

NameTypeDefaultDescription
enabled-protocols
enabled-ciphersuitesstring

kerberos*

NameTypeDefaultDescription
principalstring Specifies the principal that the KeyTab represents.
keytab-pathstring Sets the path to the KeyTab for retrieving credentials.
relative-tostring Specifies the name of a named path or a standard path that the system provides. If set, the value of the "path" attribute becomes relative to this path.
minimum-remaining-lifetimeint0 Specifies, in seconds, how long a cached credential can remain before it is recreated.
request-lifetimeint Specifies, in seconds, how much lifetime to request for newly created credentials.
fail-cacheint Specifies the amount of time, in seconds, to wait before attempting to obtain server credential if the previous attempt failed. Prevents long waiting periods on every authentication attempt if the KDC is unavailable.
serverbooleantrue Specifies if the realm is server-side (default) or client-side.
obtain-kerberos-ticketbooleanfalse Controls if a KerberosTicket is also obtained and associated with the credential. The value must be true if credentials are delegated to the server.
debugbooleanfalse Defines if the JAAS step to obtain the credential has debug logging enabled.
wrap-gss-credentialbooleanfalse Specifies if generated GSS credentials are wrapped to prevent improper disposal.
requiredbooleanfalse Specifies if the keytab file with adequate principal must exist when the service starts.
mechanism-namesKRB5 SPNEGO Defines the mechanism names with which the credential can be used. Names are converted to OIDs and used together with OIDs from the mechanism-oids attribute.
mechanism-oids Defines the mechanism OIDs with which the credential can be used. Used with OIDs derived from names from the mechanism-names attribute.

filesystem-realm?

NameTypeDefaultDescription
namestringfilesystem
pathstring
relative-tostringinfinispan.server.data.path
levelsint0
encodedbooleantrue

ldap-realm?

Defines an LDAP security realm.
NameTypeDefaultDescription
namestring Names the security realm to logically separate multiple realms of the same type.
urlstring Specifies the URL for LDAP server connections in the format ldap[s]://{hostname}:{port}.
principalstring Specifies the user principal for LDAP server connections.
credentialstring Specifies the user credential for LDAP server connections.
direct-verificationboolean Configures the realm to verify credentials by connecting to LDAP servers with the account. Values are true / false (default).
page-sizeint50 Sets the page size for realm iteration. The default value is 50.
search-dnstring Names the context for query execution. This option provides a useful method to authenticate users based on names that do not use X.500 format, such as "plainUser". In this case, you must also specify the rdn-identifier. If names to authenticate users are based on the X.500 format, you can suppress this configuration. You should also note that this option lets realms authenticate users based on simple, or X.500, names.
rdn-identifierstring Specifies an LDAP attribute that contains the user name and appears in the path of new entries.
enable-connection-poolingbooleanfalse Enables connection pooling.
referral-modefollow Specifies if LDAP server referrals are followed and corresponds to the REFERRAL ("java.naming.referral") environment property. Values are "ignore", "follow" (default), and "throw".
connection-timeoutinteger5000 Sets the timeout, in milliseconds, for LDAP server connections. The default value is 5 seconds.
read-timeoutinteger60000 Sets the read timeout, in milliseconds, for LDAP server operations. The default value is 1 minute.

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

name-rewriter?

Specifies a LDAP name rewriter that transforms names returned by LDAP servers.

regex-principal-transformer

Specifies a PrincipalTransformer definition using regular expressions and Matcher based replacement.
NameTypeDefaultDescription
patternstring Specifies the regular expression for this PrincipalTransformer.
replacementstring Specifies the replacement string for the PrincipalTransformer.
replace-allbooleanfalse Replaces all occurrences instead of the first occurrence.
Specifies the base type for all PrincipalTransformer definitions.
NameTypeDefaultDescription
namestring Deprecated. Will be ignored.

identity-mapping*

Specifies configuration options that define how principals are mapped to corresponding entries in LDAP servers.
NameTypeDefaultDescription
rdn-identifierstring Specifies the RDN for the principal DN to retrieve the principal name from an LDAP entry.
search-dnstring Sets the base DN for query execution.
search-recursivebooleanfalse Performs recursive queries.
filter-namestring(rdn_identifier={0}) Specifies the LDAP filter that retrieves an identity by name. In the default value, "{0}" is replaced with the searched identity name and "rdn_identifier" is replaced with the value of the "rdn-identifier" attribute.

attribute-mapping?

Specifies the attribute mappings defined for this resource.

attribute

NameTypeDefaultDescription
filterstring The filter to use to obtain the values for a specific attribute. String "{0}" will be replaced by username, "{1}" by user identity DN.
NameTypeDefaultDescription
filter-dnstring The name of the context where the filter should be performed.
fromstring The name of the LDAP attribute to map to an identity attribute. If not defined, DN of the whole entry is used as value.
tostring The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.
search-recursivebooleantrue Indicates if attribute LDAP search queries are recursive.
role-recursionint0 Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)
role-recursion-namestringcn Determine LDAP attribute of role entry which will be substitute for "{0}" in filter-name when searching roles of role. Used only when role-recursion is set.
extract-rdnstring The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.

attribute-reference

NameTypeDefaultDescription
referencestring The name of an LDAP attribute containing DN of entry to obtain value from.
NameTypeDefaultDescription
filter-dnstring The name of the context where the filter should be performed.
fromstring The name of the LDAP attribute to map to an identity attribute. If not defined, DN of the whole entry is used as value.
tostring The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.
search-recursivebooleantrue Indicates if attribute LDAP search queries are recursive.
role-recursionint0 Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)
role-recursion-namestringcn Determine LDAP attribute of role entry which will be substitute for "{0}" in filter-name when searching roles of role. Used only when role-recursion is set.
extract-rdnstring The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.

user-password-mapper?

Specifies the user password credential mapping defined for this resource.
NameTypeDefaultDescription
fromstring The name of the LDAP attribute to map to an identity user password credential.
verifiableboolean If the password credential is verifiable.
writableboolean If the password credential is writable.

local-realm?

NameTypeDefaultDescription
namestringlocal

properties-realm?

NameTypeDefaultDescription
groups-attributestring

user-properties

NameTypeDefaultDescription
pathstring
relative-tostring
digest-realm-namestring
plain-textbooleanfalse

group-properties

NameTypeDefaultDescription
pathstring
relative-tostring

token-realm?

NameTypeDefaultDescription
namestring
auth-server-urlstring
client-idstring
principal-claimstringusername

jwt

NameTypeDefaultDescription
issuer
audience
public-keystring
jku-timeoutlong
client-ssl-contextstring

oauth2-introspection

NameTypeDefaultDescription
client-idstring
client-secretstring
introspection-urlstring
client-ssl-contextstring
host-name-verification-policystring

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

truststore-realm?

NameTypeDefaultDescription
namestring

data-sources?

data-source*

NameTypeDefaultDescription
nametokenName for the datasource (used for management)
jndi-nametokenJNDI name for the datasource
statisticsbooleanfalseEnable statistics for this datasource

connection-factory

Configuration for the connection factory

NameTypeDefaultDescription
drivertokenUnique reference to the JDBC driver
urltokenJDBC driver connection URL (e.g. "jdbc:h2:tcp://localhost:1234")
transaction-isolation
NONE
READ_UNCOMMITTED
READ_COMMITTED
REPEATABLE_READ
SERIALIZABLE
READ_COMMITTEDSet the java.sql.Connection transaction isolation level to use. Defaults to READ_COMMITTED
new-connection-sqltokenSQL statement to be executed on a connection after creation
usernametokenUsername to use for basic authentication with the database
passwordtokenPassword to use for basic authentication with the database

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

connection-property?

Properties for the JDBC driver

connection-pool

Configuration for the connection pool

NameTypeDefaultDescription
max-sizenonNegativeIntegerMaximum number of connections in the pool
min-sizenonNegativeIntegerMinimum number of connections the pool should hold
initial-sizenonNegativeIntegerInitial number of connections the pool should hold
blocking-timeoutnonNegativeInteger0 Maximum time in milliseconds to block while waiting for a connection before throwing an exception This will never throw an exception if creating a new connection takes an inordinately long period of time Default is 0 meaning that a call will wait indefinitely
background-validationnonNegativeInteger Time in milliseconds between background validation runs. A duration of 0 means that this feature is disabled.
validate-on-acquisitionnonNegativeInteger Connections idle for longer than this time, specified in milliseconds, are validated before being acquired (foreground validation). A duration of 0 means that this feature is disabled.
leak-detectionnonNegativeInteger Time in milliseconds a connection has to be held before a leak warning
idle-removalnonNegativeInteger Time in minutes a connection has to be idle before it can be removed

endpoints

NameTypeDefaultDescription
socket-bindingstringSpecifies the socket the endpoint connector binds to.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

endpoint*

NameTypeDefaultDescription
socket-bindingstringSpecifies the socket the endpoint connector binds to.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.
adminbooleantrueEnable administrative features on this endpoint. Defaults to true.
metrics-authbooleantrueEnable metrics authentication on this endpoint. Defaults to true.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring

hotrod-connector*

NameTypeDefaultDescription
external-hoststringSets an external address for this node to accept client connections. Defaults to the server socket binding address.
external-portintSets an external port for this node. Defaults to the server socket binding port.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

topology-state-transfer?

NameTypeDefaultDescription
lock-timeoutintConfigures lock acquisition timeouts, in seconds, for topology caches. Defaults to 10.
replication-timeoutintConfigures replication timeouts, in seconds, for topology caches. Defaults to 10.
lazy-retrievalbooleanfalseEnables lazy retrieval of cluster topology from nodes via a ClusterCacheLoader. Values are true / false (default).
await-initial-retrievalboolean${TopologyCache.awaitInitialRetrieval}Configures whether initial state retrieval should happen immediately at startup. Applies only when lazy-retrieval is false. Values are true (default) / false.

authentication?

NameTypeDefaultDescription
security-realmstringNames the security realm to use for authentication and authorization. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sasl?

The configuration of the SASL authentication layer for this server. The optional "include-mechanisms" attribute contains a list of allowed SASL mechanism names. No mechanisms will be allowed which are not present in this list. The optional "qop" attribute contains a list of quality-of-protection values, in decreasing order of preference. The optional "strength" attribute contains a list of cipher strength values, in decreasing order of preference. The optional "policy" attribute contains a list of policies to use to narrow down the available set of mechanisms. The optional nested "property" elements specify additional properties required by the specified mechanisms
NameTypeDefaultDescription
server-principalstringThe principal to use as the server identity. The principal must be present in the security realm. This is required for Kerberos-based SASL mechs (e.g. GSSAPI, GS2_KRB5)
server-namestringNames the server that is exposed to clients.
mechanisms
qop
strength
policy

property*

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Encryption.requireSslClientAuth} Requires clients to use certificates for authentication.
security-realmstring Names the security realm that contains the SSL keystore. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

rest-connector*

NameTypeDefaultDescription
context-pathstring Sets the context path for REST connectors and defaults to the root context. The command line interface (CLI) and other internal components use the root context. For this reason, you should not change the default value or set a custom context path.
extended-headers
NEVERNever return extended headers
ON_DEMANDReturn extended headers on demand (i.e. when the 'extendend' query parameter is present on the request)
ON_DEMANDEnables extended headers. Values are NEVER / ON_DEMAND (default).
max-content-lengthintSets the maximum allowed content length.
compression-levelintSets the level for compressed requests and responses.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

authentication?

NameTypeDefaultDescription
security-realmstringThe security realm to use for authentication/authorization purposes. Defaults to none (no authentication). Deprecated since 12.1. Use the security-realm attribute on the connector instead.
mechanismsNONEThe authentication method to require. Can be NONE, BASIC, DIGEST, CLIENT_CERT, SPNEGO. Defaults to NONE. Setting it to a different value requires enabling a security-realm.
server-principalstringThe principal to use as the server identity. The principal must be present in the security realm. This is required for Kerberos-based SASL mechs (e.g. SPNEGO).

cors-rules?

Configures CORS (Cross Origin Resource Sharing) for the REST Server. Contains one or more rules that specify the permissions for cross-domain requests based on the origin.

cors-rule+

Defines a CORS rule for one or more origins.
NameTypeDefaultDescription
namestring Defines a name for a CORS rule.
allow-credentialsbooleanfalse Configures if CORS requests use credentials and sets the CORS 'Access-Control-Allow-Credentials' response header.
max-age-secondsint0 Configures how long CORS preflight request headers can be caches and sets the CORS 'Access-Control-Max-Age' response header.
allowed-originsstring Specifies the CORS 'Access-Control-Allow-Origin' header that controls which origins can access resources.
allowed-methods Specifies the CORS 'Access-Control-Allow-Methods' header in the preflight response. Controls the methods that origins can access.
allowed-headers Specifies the CORS 'Access-Control-Allow-Headers' header in the preflight response. Controls the headers that origins can access.
expose-headers Specifies the CORS 'Access-Control-Expose-Headers' header in the preflight response. Controls the headers that are exposed to origins.

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Encryption.requireSslClientAuth} Requires clients to use certificates for authentication.
security-realmstring Names the security realm that contains the SSL keystore. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

memcached-connector*

NameTypeDefaultDescription
cachestringNames the cache that the Memcached connector exposes. Defaults to memcachedCache.
client-encodingstringSets client encoding for values. Applies to memcached text protocol only.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

interfaces

interface*

NameTypeDefaultDescription
namestring

inet-address?

NameTypeDefaultDescription
valuestring

global?

link-local?

loopback?

non-loopback?

site-local?

match-interface?

NameTypeDefaultDescription
valueFIXME

match-address?

NameTypeDefaultDescription
valueFIXME

data-sources

data-source*

NameTypeDefaultDescription
nametokenName for the datasource (used for management)
jndi-nametokenJNDI name for the datasource
statisticsbooleanfalseEnable statistics for this datasource

connection-factory

Configuration for the connection factory

NameTypeDefaultDescription
drivertokenUnique reference to the JDBC driver
urltokenJDBC driver connection URL (e.g. "jdbc:h2:tcp://localhost:1234")
transaction-isolation
NONE
READ_UNCOMMITTED
READ_COMMITTED
REPEATABLE_READ
SERIALIZABLE
READ_COMMITTEDSet the java.sql.Connection transaction isolation level to use. Defaults to READ_COMMITTED
new-connection-sqltokenSQL statement to be executed on a connection after creation
usernametokenUsername to use for basic authentication with the database
passwordtokenPassword to use for basic authentication with the database

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

connection-property?

Properties for the JDBC driver

connection-pool

Configuration for the connection pool

NameTypeDefaultDescription
max-sizenonNegativeIntegerMaximum number of connections in the pool
min-sizenonNegativeIntegerMinimum number of connections the pool should hold
initial-sizenonNegativeIntegerInitial number of connections the pool should hold
blocking-timeoutnonNegativeInteger0 Maximum time in milliseconds to block while waiting for a connection before throwing an exception This will never throw an exception if creating a new connection takes an inordinately long period of time Default is 0 meaning that a call will wait indefinitely
background-validationnonNegativeInteger Time in milliseconds between background validation runs. A duration of 0 means that this feature is disabled.
validate-on-acquisitionnonNegativeInteger Connections idle for longer than this time, specified in milliseconds, are validated before being acquired (foreground validation). A duration of 0 means that this feature is disabled.
leak-detectionnonNegativeInteger Time in milliseconds a connection has to be held before a leak warning
idle-removalnonNegativeInteger Time in minutes a connection has to be idle before it can be removed

security

credential-stores?

Complex type to contain the definitions of the credential stores.

credential-store*

An individual credential store definition.
NameTypeDefaultDescription
namestring The name of this credential store.
relative-tostring A reference to a previously defined path that the file name is relative to.
pathstring File name of credential store storage.
typestringpkcs12 The type of the credential store file. Can be either pkcs12 or jceks. Defaults to pkcs12.

clear-text-credential

Credential to be used by as protection parameter for the Credential Store.

A clear-text credential.
NameTypeDefaultDescription
clear-textstring The clear-text password.

credential-reference

Credential to be used by as protection parameter for the Credential Store.

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

security-realms

security-realm+

NameTypeDefaultDescription
namestring
cache-max-sizeint256 The maximum size for the identity cache for this realm. If the size is less than 1, the cache will be disabled. Defaults to 256.
cache-lifespanlong-1 The lifespan of entries in the identity cache after which they expire and are reloaded from the realm provider. Defaults to -1 (never expires).

server-identities?

ssl?

keystore

NameTypeDefaultDescription
pathstring
relative-tostring
keystore-passwordstring
passwordstring
aliasstring
key-passwordstring
generate-self-signed-certificate-hoststring
providerstring

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

truststore?

NameTypeDefaultDescription
pathstring
relative-tostring
passwordstring
providerstring

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

engine?

NameTypeDefaultDescription
enabled-protocols
enabled-ciphersuitesstring

kerberos*

NameTypeDefaultDescription
principalstring Specifies the principal that the KeyTab represents.
keytab-pathstring Sets the path to the KeyTab for retrieving credentials.
relative-tostring Specifies the name of a named path or a standard path that the system provides. If set, the value of the "path" attribute becomes relative to this path.
minimum-remaining-lifetimeint0 Specifies, in seconds, how long a cached credential can remain before it is recreated.
request-lifetimeint Specifies, in seconds, how much lifetime to request for newly created credentials.
fail-cacheint Specifies the amount of time, in seconds, to wait before attempting to obtain server credential if the previous attempt failed. Prevents long waiting periods on every authentication attempt if the KDC is unavailable.
serverbooleantrue Specifies if the realm is server-side (default) or client-side.
obtain-kerberos-ticketbooleanfalse Controls if a KerberosTicket is also obtained and associated with the credential. The value must be true if credentials are delegated to the server.
debugbooleanfalse Defines if the JAAS step to obtain the credential has debug logging enabled.
wrap-gss-credentialbooleanfalse Specifies if generated GSS credentials are wrapped to prevent improper disposal.
requiredbooleanfalse Specifies if the keytab file with adequate principal must exist when the service starts.
mechanism-namesKRB5 SPNEGO Defines the mechanism names with which the credential can be used. Names are converted to OIDs and used together with OIDs from the mechanism-oids attribute.
mechanism-oids Defines the mechanism OIDs with which the credential can be used. Used with OIDs derived from names from the mechanism-names attribute.

filesystem-realm?

NameTypeDefaultDescription
namestringfilesystem
pathstring
relative-tostringinfinispan.server.data.path
levelsint0
encodedbooleantrue

ldap-realm?

Defines an LDAP security realm.
NameTypeDefaultDescription
namestring Names the security realm to logically separate multiple realms of the same type.
urlstring Specifies the URL for LDAP server connections in the format ldap[s]://{hostname}:{port}.
principalstring Specifies the user principal for LDAP server connections.
credentialstring Specifies the user credential for LDAP server connections.
direct-verificationboolean Configures the realm to verify credentials by connecting to LDAP servers with the account. Values are true / false (default).
page-sizeint50 Sets the page size for realm iteration. The default value is 50.
search-dnstring Names the context for query execution. This option provides a useful method to authenticate users based on names that do not use X.500 format, such as "plainUser". In this case, you must also specify the rdn-identifier. If names to authenticate users are based on the X.500 format, you can suppress this configuration. You should also note that this option lets realms authenticate users based on simple, or X.500, names.
rdn-identifierstring Specifies an LDAP attribute that contains the user name and appears in the path of new entries.
enable-connection-poolingbooleanfalse Enables connection pooling.
referral-modefollow Specifies if LDAP server referrals are followed and corresponds to the REFERRAL ("java.naming.referral") environment property. Values are "ignore", "follow" (default), and "throw".
connection-timeoutinteger5000 Sets the timeout, in milliseconds, for LDAP server connections. The default value is 5 seconds.
read-timeoutinteger60000 Sets the read timeout, in milliseconds, for LDAP server operations. The default value is 1 minute.

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

name-rewriter?

Specifies a LDAP name rewriter that transforms names returned by LDAP servers.

regex-principal-transformer

Specifies a PrincipalTransformer definition using regular expressions and Matcher based replacement.
NameTypeDefaultDescription
patternstring Specifies the regular expression for this PrincipalTransformer.
replacementstring Specifies the replacement string for the PrincipalTransformer.
replace-allbooleanfalse Replaces all occurrences instead of the first occurrence.
Specifies the base type for all PrincipalTransformer definitions.
NameTypeDefaultDescription
namestring Deprecated. Will be ignored.

identity-mapping*

Specifies configuration options that define how principals are mapped to corresponding entries in LDAP servers.
NameTypeDefaultDescription
rdn-identifierstring Specifies the RDN for the principal DN to retrieve the principal name from an LDAP entry.
search-dnstring Sets the base DN for query execution.
search-recursivebooleanfalse Performs recursive queries.
filter-namestring(rdn_identifier={0}) Specifies the LDAP filter that retrieves an identity by name. In the default value, "{0}" is replaced with the searched identity name and "rdn_identifier" is replaced with the value of the "rdn-identifier" attribute.

attribute-mapping?

Specifies the attribute mappings defined for this resource.

attribute

NameTypeDefaultDescription
filterstring The filter to use to obtain the values for a specific attribute. String "{0}" will be replaced by username, "{1}" by user identity DN.
NameTypeDefaultDescription
filter-dnstring The name of the context where the filter should be performed.
fromstring The name of the LDAP attribute to map to an identity attribute. If not defined, DN of the whole entry is used as value.
tostring The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.
search-recursivebooleantrue Indicates if attribute LDAP search queries are recursive.
role-recursionint0 Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)
role-recursion-namestringcn Determine LDAP attribute of role entry which will be substitute for "{0}" in filter-name when searching roles of role. Used only when role-recursion is set.
extract-rdnstring The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.

attribute-reference

NameTypeDefaultDescription
referencestring The name of an LDAP attribute containing DN of entry to obtain value from.
NameTypeDefaultDescription
filter-dnstring The name of the context where the filter should be performed.
fromstring The name of the LDAP attribute to map to an identity attribute. If not defined, DN of the whole entry is used as value.
tostring The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.
search-recursivebooleantrue Indicates if attribute LDAP search queries are recursive.
role-recursionint0 Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)
role-recursion-namestringcn Determine LDAP attribute of role entry which will be substitute for "{0}" in filter-name when searching roles of role. Used only when role-recursion is set.
extract-rdnstring The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.

user-password-mapper?

Specifies the user password credential mapping defined for this resource.
NameTypeDefaultDescription
fromstring The name of the LDAP attribute to map to an identity user password credential.
verifiableboolean If the password credential is verifiable.
writableboolean If the password credential is writable.

local-realm?

NameTypeDefaultDescription
namestringlocal

properties-realm?

NameTypeDefaultDescription
groups-attributestring

user-properties

NameTypeDefaultDescription
pathstring
relative-tostring
digest-realm-namestring
plain-textbooleanfalse

group-properties

NameTypeDefaultDescription
pathstring
relative-tostring

token-realm?

NameTypeDefaultDescription
namestring
auth-server-urlstring
client-idstring
principal-claimstringusername

jwt

NameTypeDefaultDescription
issuer
audience
public-keystring
jku-timeoutlong
client-ssl-contextstring

oauth2-introspection

NameTypeDefaultDescription
client-idstring
client-secretstring
introspection-urlstring
client-ssl-contextstring
host-name-verification-policystring

credential-reference?

Credential reference to be used by the configuration.
NameTypeDefaultDescription
storestring Credential store name used to fetch credential with given 'alias' from. Credential store name has to be defined elsewhere.
aliasstring Alias of credential in the credential store.

truststore-realm?

NameTypeDefaultDescription
namestring

socket-bindings

NameTypeDefaultDescription
default-interfacestring
port-offsetstring

socket-binding*

endpoints

NameTypeDefaultDescription
socket-bindingstringSpecifies the socket the endpoint connector binds to.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

endpoint*

NameTypeDefaultDescription
socket-bindingstringSpecifies the socket the endpoint connector binds to.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.
adminbooleantrueEnable administrative features on this endpoint. Defaults to true.
metrics-authbooleantrueEnable metrics authentication on this endpoint. Defaults to true.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring

hotrod-connector*

NameTypeDefaultDescription
external-hoststringSets an external address for this node to accept client connections. Defaults to the server socket binding address.
external-portintSets an external port for this node. Defaults to the server socket binding port.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

topology-state-transfer?

NameTypeDefaultDescription
lock-timeoutintConfigures lock acquisition timeouts, in seconds, for topology caches. Defaults to 10.
replication-timeoutintConfigures replication timeouts, in seconds, for topology caches. Defaults to 10.
lazy-retrievalbooleanfalseEnables lazy retrieval of cluster topology from nodes via a ClusterCacheLoader. Values are true / false (default).
await-initial-retrievalboolean${TopologyCache.awaitInitialRetrieval}Configures whether initial state retrieval should happen immediately at startup. Applies only when lazy-retrieval is false. Values are true (default) / false.

authentication?

NameTypeDefaultDescription
security-realmstringNames the security realm to use for authentication and authorization. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sasl?

The configuration of the SASL authentication layer for this server. The optional "include-mechanisms" attribute contains a list of allowed SASL mechanism names. No mechanisms will be allowed which are not present in this list. The optional "qop" attribute contains a list of quality-of-protection values, in decreasing order of preference. The optional "strength" attribute contains a list of cipher strength values, in decreasing order of preference. The optional "policy" attribute contains a list of policies to use to narrow down the available set of mechanisms. The optional nested "property" elements specify additional properties required by the specified mechanisms
NameTypeDefaultDescription
server-principalstringThe principal to use as the server identity. The principal must be present in the security realm. This is required for Kerberos-based SASL mechs (e.g. GSSAPI, GS2_KRB5)
server-namestringNames the server that is exposed to clients.
mechanisms
qop
strength
policy

property*

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Encryption.requireSslClientAuth} Requires clients to use certificates for authentication.
security-realmstring Names the security realm that contains the SSL keystore. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

rest-connector*

NameTypeDefaultDescription
context-pathstring Sets the context path for REST connectors and defaults to the root context. The command line interface (CLI) and other internal components use the root context. For this reason, you should not change the default value or set a custom context path.
extended-headers
NEVERNever return extended headers
ON_DEMANDReturn extended headers on demand (i.e. when the 'extendend' query parameter is present on the request)
ON_DEMANDEnables extended headers. Values are NEVER / ON_DEMAND (default).
max-content-lengthintSets the maximum allowed content length.
compression-levelintSets the level for compressed requests and responses.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

authentication?

NameTypeDefaultDescription
security-realmstringThe security realm to use for authentication/authorization purposes. Defaults to none (no authentication). Deprecated since 12.1. Use the security-realm attribute on the connector instead.
mechanismsNONEThe authentication method to require. Can be NONE, BASIC, DIGEST, CLIENT_CERT, SPNEGO. Defaults to NONE. Setting it to a different value requires enabling a security-realm.
server-principalstringThe principal to use as the server identity. The principal must be present in the security realm. This is required for Kerberos-based SASL mechs (e.g. SPNEGO).

cors-rules?

Configures CORS (Cross Origin Resource Sharing) for the REST Server. Contains one or more rules that specify the permissions for cross-domain requests based on the origin.

cors-rule+

Defines a CORS rule for one or more origins.
NameTypeDefaultDescription
namestring Defines a name for a CORS rule.
allow-credentialsbooleanfalse Configures if CORS requests use credentials and sets the CORS 'Access-Control-Allow-Credentials' response header.
max-age-secondsint0 Configures how long CORS preflight request headers can be caches and sets the CORS 'Access-Control-Max-Age' response header.
allowed-originsstring Specifies the CORS 'Access-Control-Allow-Origin' header that controls which origins can access resources.
allowed-methods Specifies the CORS 'Access-Control-Allow-Methods' header in the preflight response. Controls the methods that origins can access.
allowed-headers Specifies the CORS 'Access-Control-Allow-Headers' header in the preflight response. Controls the headers that origins can access.
expose-headers Specifies the CORS 'Access-Control-Expose-Headers' header in the preflight response. Controls the headers that are exposed to origins.

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Encryption.requireSslClientAuth} Requires clients to use certificates for authentication.
security-realmstring Names the security realm that contains the SSL keystore. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

memcached-connector*

NameTypeDefaultDescription
cachestringNames the cache that the Memcached connector exposes. Defaults to memcachedCache.
client-encodingstringSets client encoding for values. Applies to memcached text protocol only.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

endpoint

NameTypeDefaultDescription
socket-bindingstringSpecifies the socket the endpoint connector binds to.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.
adminbooleantrueEnable administrative features on this endpoint. Defaults to true.
metrics-authbooleantrueEnable metrics authentication on this endpoint. Defaults to true.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring

hotrod-connector*

NameTypeDefaultDescription
external-hoststringSets an external address for this node to accept client connections. Defaults to the server socket binding address.
external-portintSets an external port for this node. Defaults to the server socket binding port.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

topology-state-transfer?

NameTypeDefaultDescription
lock-timeoutintConfigures lock acquisition timeouts, in seconds, for topology caches. Defaults to 10.
replication-timeoutintConfigures replication timeouts, in seconds, for topology caches. Defaults to 10.
lazy-retrievalbooleanfalseEnables lazy retrieval of cluster topology from nodes via a ClusterCacheLoader. Values are true / false (default).
await-initial-retrievalboolean${TopologyCache.awaitInitialRetrieval}Configures whether initial state retrieval should happen immediately at startup. Applies only when lazy-retrieval is false. Values are true (default) / false.

authentication?

NameTypeDefaultDescription
security-realmstringNames the security realm to use for authentication and authorization. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sasl?

The configuration of the SASL authentication layer for this server. The optional "include-mechanisms" attribute contains a list of allowed SASL mechanism names. No mechanisms will be allowed which are not present in this list. The optional "qop" attribute contains a list of quality-of-protection values, in decreasing order of preference. The optional "strength" attribute contains a list of cipher strength values, in decreasing order of preference. The optional "policy" attribute contains a list of policies to use to narrow down the available set of mechanisms. The optional nested "property" elements specify additional properties required by the specified mechanisms
NameTypeDefaultDescription
server-principalstringThe principal to use as the server identity. The principal must be present in the security realm. This is required for Kerberos-based SASL mechs (e.g. GSSAPI, GS2_KRB5)
server-namestringNames the server that is exposed to clients.
mechanisms
qop
strength
policy

property*

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Encryption.requireSslClientAuth} Requires clients to use certificates for authentication.
security-realmstring Names the security realm that contains the SSL keystore. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

rest-connector*

NameTypeDefaultDescription
context-pathstring Sets the context path for REST connectors and defaults to the root context. The command line interface (CLI) and other internal components use the root context. For this reason, you should not change the default value or set a custom context path.
extended-headers
NEVERNever return extended headers
ON_DEMANDReturn extended headers on demand (i.e. when the 'extendend' query parameter is present on the request)
ON_DEMANDEnables extended headers. Values are NEVER / ON_DEMAND (default).
max-content-lengthintSets the maximum allowed content length.
compression-levelintSets the level for compressed requests and responses.
security-realmstringNames the security realm to use for authentication, cache authorization, and encryption.

authentication?

NameTypeDefaultDescription
security-realmstringThe security realm to use for authentication/authorization purposes. Defaults to none (no authentication). Deprecated since 12.1. Use the security-realm attribute on the connector instead.
mechanismsNONEThe authentication method to require. Can be NONE, BASIC, DIGEST, CLIENT_CERT, SPNEGO. Defaults to NONE. Setting it to a different value requires enabling a security-realm.
server-principalstringThe principal to use as the server identity. The principal must be present in the security realm. This is required for Kerberos-based SASL mechs (e.g. SPNEGO).

cors-rules?

Configures CORS (Cross Origin Resource Sharing) for the REST Server. Contains one or more rules that specify the permissions for cross-domain requests based on the origin.

cors-rule+

Defines a CORS rule for one or more origins.
NameTypeDefaultDescription
namestring Defines a name for a CORS rule.
allow-credentialsbooleanfalse Configures if CORS requests use credentials and sets the CORS 'Access-Control-Allow-Credentials' response header.
max-age-secondsint0 Configures how long CORS preflight request headers can be caches and sets the CORS 'Access-Control-Max-Age' response header.
allowed-originsstring Specifies the CORS 'Access-Control-Allow-Origin' header that controls which origins can access resources.
allowed-methods Specifies the CORS 'Access-Control-Allow-Methods' header in the preflight response. Controls the methods that origins can access.
allowed-headers Specifies the CORS 'Access-Control-Allow-Headers' header in the preflight response. Controls the headers that origins can access.
expose-headers Specifies the CORS 'Access-Control-Expose-Headers' header in the preflight response. Controls the headers that are exposed to origins.

encryption?

NameTypeDefaultDescription
require-ssl-client-authboolean${Encryption.requireSslClientAuth} Requires clients to use certificates for authentication.
security-realmstring Names the security realm that contains the SSL keystore. Deprecated since 12.1. Use the security-realm attribute on the connector instead.

sni*

An element specifying a TLS SNI mapping.
NameTypeDefaultDescription
host-namestringTLS SNI host name
security-realmstringA corresponding security realm. If none is specified, the default will be used.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.

memcached-connector*

NameTypeDefaultDescription
cachestringNames the cache that the Memcached connector exposes. Defaults to memcachedCache.
client-encodingstringSets client encoding for values. Applies to memcached text protocol only.
NameTypeDefaultDescription
namestringLogically names this connector. Use this attribute to separate multiple connector declarations for the same endpoint.

ip-filter?

accept

NameTypeDefaultDescription
fromstring

reject

NameTypeDefaultDescription
fromstring
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.
NameTypeDefaultDescription
socket-bindingstringSpecifies the socket this connector binds to. If no socket binding is declared, the server does not listen to TCP connections.
cache-containerstringNames the cache container this connector exposes.
io-threadsintSets the number of I/O threads. Defaults to 2 * cpu cores.
worker-threadsintSets the number of worker threads. Defaults to 160.
idle-timeoutintSpecifies the maximum time, in seconds, that client connections can remain inactive. Defaults to 0 (no timeout).
tcp-nodelaybooleanEnables TCP NODELAY on the TCP stack. Values are enabled (default) / disabled.
tcp-keepalivebooleanEnables TCP KEEPALIVE on the TCP stack. Values are enabled / disabled (default).
send-buffer-sizeintSets the size of the send buffer.
receive-buffer-sizeintSets the size of the receive buffer.
require-ssl-client-authboolean Requires clients to use certificates for authentication.
Expand/Collapse All