child of: web-app-default, web-app

Specifies Expires times for cacheable pages.

cache-mapping is intended to provide Expires times for pages that have Last-Modified or ETags specified, but do not wish to hard-code the Expires timeout in the servlet. For example, Resin's FileServlet relies on cache-mapping to set the expires times for static pages.

Attribute	Meaning	default
url-pattern	A pattern matching the url: /foo/*, /foo, or *.foo
url-regexp	[TODO: confirm gone for 3.0] A regular expression matching the url
expires	A time interval.

The time interval defaults to seconds, but will allow other periods:

Suffix	Meaning
s	seconds
m	minutes
h	hours
D	days

cache-mapping

<web-app id='/'> <cache-mapping url-pattern='/*' expires='10'/> <cache-mapping url-pattern='*.gif' expires='15m'/> </web-app>

child of: web-app-default, web-app

Specifies configuration files for the web-app.

The use of files like WEB-INF/web.xml and WEB-INF/resin-web.xml are configured using <config-file>. You can add application-specific configuration files using the <config-file> tag.

Configuration files will be read and applied in the order they are specified.

app-default.xml

... <config-file>WEB-INF/web.xml</config-file> <config-file>WEB-INF/resin-web.xml</config-file> ...

child of: host, web-app

Specifies ear expansion.

ear-deploy can be used in web-apps to define a subdirectory for ear expansion.

Attribute	Meaning	default
path	The path to the deploy directory	required
expand-path	directory where ears should be expanded	value of path

child of: web-app-default, web-app

Configures JSP behavior.

Attribute	Meaning	default
auto-compile	Automatically compile changed JSP files	true
el-ignored	Ignore EL expressions in JSP text	false
fast-jstl	Optimize JSTL JSP compilation	true
ignore-el-exception	Ignore exceptions generated in EL expressions	true
is-xml	Default JSP pages to use XML syntax	false
precompile	Try to load precompiled JSP pages	true
recompile-on-error	Recompile the JSP file when an Error occurs in loading	false
require-source	Return 404 when JSP source is deleted	false
dependency-check-interval	How often to check the jsp for changes, -1 disables	inherited
session	Creates sessions for each JSP page	true
velocity-enabled	Enable Velocity statements	false

The class that corresponds to <jsp> is class com.caucho.jsp.cfg.JspPropertyGroup

child of: web-app-default, web-app

Enables multipart-mime for forms and file uploads. multipart-mime is disabled by default.

For an uploaded file with a form name of foo, the parameter value contains the path name to a temporary file containing the uploaded file. foo.filename contains the uploaded filename, and foo.content-type contains the content-type of the uploaded file.

Attribute	Meaning	default
upload-max	maximum size of an upload request (in kb).	no limit

If the upload is larger than the limit or if multipart-form processing is disabled, Resin will not parse the request and will set an error message in the "caucho.multipart.form.error" request attribute. The "caucho.multipart.form.error.size" will contain the attempted upload size.

Requests can set the maximum by setting the request attribute "caucho.multipart.form.upload-max" with an Integer or Long value.

By default, multipart-form is disabled.

child of: web-app-default, web-app

Maps url patterns to real paths. If using a server like IIS, you may need to match the server's path aliases.

Attribute	Meaning	default
url-pattern	A pattern matching the url: /foo/*, /foo, or *.foo
url-regexp	A regular expression matching the url
real-path	The prefix of the real path. When used with url-regexp, allows substitution variables like $1.

<web-app id='/'> <path-mapping url-pattern='/resin/*' real-path='e:\resin'/> <path-mapping url-regexp='/~([^/]*)' real-path='e:\home$1'/> </web-app>

The maximum time Resin will wait for requests to finish before closing the web-app.

default: false, allowing /foo/bar.jsp/foo.

Forces servlet-mapping to follow strict Servlet 2.2, disallowing PATH_INFO. Value is true or false.

<web-app> <strict-mapping>true</strict-mapping> </web-app>

child of: server, host-default, host

Establishes the defaults for a <web-app> .

When initializing a web-app, all the tags in the web-app-defaults sections configure the web-app. In other words, the web-app-default value is essentially a macro that is cut-and-pasted before the web-app configuration.

web-app-default is used for defining server-wide behavior, like *.jsp handling, and for host-wide behavior.

<host> <web-app-default> <servlet servlet-name='test' servlet-class='test.MyServlet'/> <servlet-mapping url-pattern='*.text' servlet-class='test'/> </web-app-default> </host>

child of: host-default, host, WEB-INF/web.xml, WEB-INF/resin-web.xml

web-app configures a web application.

Attribute	Meaning	default
id	The url prefix selecting this application.	n/a
url-regexp	A regexp to select this application.	n/a
document-directory	The document directory for the application, corresponding to a url of /id/. A relative path is relative to the <root-directory> of the containing <host> . Can use regexp replacement variables.	A relative path constricted with the id or the regexp match
startup-mode	`automatic', `lazy', or `manual', see Startup and Redeploy Mode	automatic
redeploy-mode	`automatic' or `manual', see Startup and Redeploy Mode	automatic

When specified by id, the application will be initialized on server start. When specified by url-regexp, the application will be initialized at the first request. This means that load-on-startup servlets may start later than expected for url-regexp applications.

The following example creates a web-app for /apache using the Apache htdocs directory to serve pages.

<host id=''> <web-app id='/apache' document-directory='/usr/local/apache/htdocs'> ... </host>

The following example sets the root web-app to the IIS root directory.

<web-app id='/' document-directory='C:/inetpub/wwwroot'>

When the web-app is specified with a url-regexp, document-directory can use replacement variables ($2).

In the following, each user gets his or her own independent application using ~user.

<host id=''> <web-app url-regexp='/~([^/]*)' document-directory='/home/$1/public_html'> ... </web-app> </host>

child of: host, web-app

Specifies war expansion.

web-app-deploy can be used in web-apps to define a subdirectory for war expansion. The tutorials in the documentation use web-app-deploy to allow servlet/tutorial/helloworld to be an independent war file.

Attribute	Meaning	default
path	The path to the webapps directory	required
url-prefix	url-prefix added to all expanded webapps	""
expand-path	directory where wars should be expanded	value of path
lazy-init	true if web-apps should only be initialized when first used	false
web-app-default	defaults to be applied to expaned web-apps
web-app	overriding configuration for specific web-apps

The web-app-deploy can override configuration for an expanded war with a matching <web-app> inside the <web-app-deploy>. The <document-directory> is used to match web-apps.

overriding web.xml

<web-app-deploy path="webapps"> <web-app context-path="/wiki" document-directory="wiki"> <context-param database="jdbc/wiki"> </web-app> </web-app-deploy>

child of: web-app

Initializes application (ServletContext) variables. context-param defines initial values for application.getInitParameter("foo"). See also method ServletContext.getInitParameter(String) .

context-param

<web-app id='/'> <context-param> <param-name>baz</param-name> <param-value>value</param-value> </context-param> <!-- shortcut --> <context-param foo='bar'/> </web-app>

Defines a filter alias for later mapping.

Attribute	Meaning	default
filter-name	The filter's name (alias)
filter-class	The filter's class (defaults to filter-name), which extends class javax.servlet.Filter
init-param	Initialization parameters, see method FilterConfig.getInitParameter(String)

The following example defines a filter alias 'image'

<web-app id='/'> <filter> <filter-name>image</filter-name> <filter-class>test.MyImage</filter-class> <init-param> <param-name>title</param-name> <param-value>Hello, World</param-value> </init-param> </filter> <filter-mapping> <filter-name>image</filter-name> <url-pattern>/images/*</url-pattern> </filter-mapping> </web-app>

The full Servlet 2.3 syntax for init-param is supported as well as a simple shortcut.

<web-app id='/'> <filter filter-name='test.HelloWorld'> <init-param foo='bar'/> <init-param> <param-name>baz</param-name> <param-value>value</param-value> </init-param> </servlet> </web-app>

Maps url patterns to filters. filter-mapping has two children, url-pattern and filter-name. url-pattern selects the urls which should execute the filter.

filter-name can either specify a servlet class directly or it can specify a servlet alias defined by filter.

Servlet 2.4 definition for filter-mapping

Attribute	Meaning	default
filter-name	The filter name
url-pattern	A pattern matching the url: /foo/*, /foo, or *.foo
dispatcher	[TODO]

Resin extensions to filter-mapping

Attribute	Meaning	default
url-regexp	A regular expression matching the url
filter-name	The filter name can use replacement vars from url-regexp like $1. [TODO: 3.0?:] It can also specify a class name directly like test.HelloWorld	n/a

<web-app> <filter> <filter-name>test-filter</filter-name> <filter-class>test.MyFilter</filter-class> </filter> <filter-mapping> <filter-name>test-filter</filter-name> <url-pattern>/hello/*</url-pattern> </filter-mapping> <servlet> <servlet-name>hello</servlet-name> <servlet-class>test.HelloWorld</servlet-class> </servlet> <servlet-mapping> <servlet-name>hello</servlet-name> <url-pattern>/hello</url-pattern> </servlet-mapping> </web-app>

Defines a servlet alias for later mapping using <servlet-mapping> .

Attribute	Meaning	default
servlet-name	The servlet's name (alias)
servlet-class	The servlet's class (In Resin, defaults to servlet-name)
init-param	Initialization parameters
load-on-startup	Initializes the servlet when the server starts.
run-at	Times to execute the servlet automatically, A Resin extension.

using the <servlet> tag

<web-app id='/'> <servlet> <servlet-name>hello</servlet-name> <servlet-class>test.HelloWorld</servlet-class> <init-param> <param-name>title</param-name> <param-value>Hello, World</param-value> </init-param> </servlet> <!-- using Resin shortcut syntax --> <servlet servlet-name='cron' servlet-class='test.DailyChores'> <init-param title='Daily Chores'/> <load-on-startup/> <run-at>3:00</run-at> </servlet> <!-- mapping a url to use the servlet --> <servlet-mapping url-pattern='/hello.html' servlet-name='hello'/> </web-app>

Several servlet configurations might configure the same servlet class with different init-param values. Each will have a separate servlet-name.

multiple servlets using the same class

<web-app> <servlet servlet-name='foo-a'> <servlet-class>test.FooServlet</servlet-class> <init-param name='foo-a sample'/> </servlet> <servlet servlet-name='foo-b'> <servlet-class>test.FooServlet</servlet-class> <init-param name='foo-b sample'/> </servlet> </web-app>

load-on-startup can specify an (optional) integer value. If the value is 0 or greater, it indicates an order for servlets to be loaded, servlets with higher numbers get loaded after servlets with lower numbers.

There are a number of named servlets that are usually available to a Resin application, as defined in $RESIN_HOME/conf/app-default.xml.

servlet-mapping's in $RESIN_HOME/conf/app-default.xml

<servlet servlet-name="directory" servlet-class="com.caucho.servlets.DirectoryServlet"/> <servlet servlet-name="file" servlet-class="com.caucho.servlets.FileServlet"/> <servlet servlet-name="jsp" servlet-class="com.caucho.jsp.JspServlet"/> <servlet servlet-name="xtp" servlet-class="com.caucho.jsp.XtpServlet"/> <servlet servlet-name="j_security_check" servlet-class="com.caucho.server.security.FormLoginServlet"/>

Maps url patterns to servlets. servlet-mapping has two children, url-pattern and servlet-name. url-pattern selects the urls which should execute the servlet.

Servlet 2.4 definition for servlet-mapping

Attribute	Meaning	default
servlet-name	The servlet name	n/a
url-pattern	A pattern matching the url: /foo/*, /foo, or *.foo	n/a

Resin extensions to servlet-mapping

Attribute	Meaning	default
url-regexp	A regular expression matching the url	n/a
servlet-name	The servlet name can use replacement vars from url-regexp like $1. [TODO: 3.0?:] It can also specify a class name directly like test.HelloWorld	n/a

servlet-mapping

<web-app id='/'> <servlet> <servlet-name>hello</servlet-name> <servlet-class>test.HelloWorld</servlet-class> </servlet> <servlet-mapping> <url-pattern>/hello.html</servlet-class> <servlet-name>hello</servlet-class> </servlet-mapping> <!-- resin shortcut syntax --> <servlet-mapping url-pattern='*.xtp' servlet-name='com.caucho.jsp.XtpServlet'/> </web-app>

In Resin, the special servlet-name `invoker' is used to dispatch servlets by class name.

Warning: Enabling the invoker servlet can create a security hole in your application. Any servlet in the classpath, perhaps even one in a .jar that you are unaware of, could be invoked.

servlet invoker

<web-app id='/'> <!-- used with url like http://localhost:8080/servlets/test.HelloServlet --> <servlet-mapping url-pattern="/servlet/*" servlet-name="invoker"/> </web-app>

There are a number of mappings to servlets that are usually available to a Resin application, as defined in $RESIN_HOME/conf/app-default.xml.

servlet-mapping's in $RESIN_HOME/conf/app-default.xml

<servlet-mapping url-pattern="*.jsp" servlet-name="jsp"/> <servlet-mapping url-pattern="*.xtp" servlet-name="xtp"/> <servlet-mapping url-pattern="/servlet/*" servlet-name="invoker"/> <servlet-mapping url-pattern="/" servlet-name="file"/>

The plugins use servlet-mapping to decide which URLs to send to Resin. The following servlet-name values are used by the plugins:

servlet-name values used by plugins

plugin_match	The plugin will send the request to Resin, but Resin will ignore the entry. Use to get around regexp limitations. (Resin 1.2.2)
plugin_ignore	The plugin will ignore the request. Use this to define a sub-url the web server should handle, not Resin. (Resin 1.2.2)

Maps URL by regular expressions to custom servlets.

<servlet-regexp url-regexp="/([^.]*).do" servlet-class="qa.${regexp[1]}Servlet"> <init a="b"/> </servlet-regexp>

Session configuration parameters.

Servlet 2.4 definition for session-timeout

Attribute	Meaning	default
session-timeout	The session timeout in minutes, 0 means never timeout.	30 minutes

Resin add's a number of session-config tags.

Resin extensions to session-config

Attribute	Meaning	default
session-max	Maximum active sessions	4096
enable-cookies	Enable cookies for sessions. (resin 1.1)	true
enable-url-rewriting	Enable URL rewriting for sessions. (resin 1.1)	true
cookie-version	Version of the cookie spec for sessions. (resin 1.2)	1.0
cookie-domain	Domain for session cookies. (resin 1.2)	none
cookie-max-age	Max age for persistent session cookies. (resin 2.0)	none
cookie-length	Maximum length of the cookie. [TODO: # bits?](resin 2.1.1)	Integer.MAX_VALUE
file-store	Persistent sessions using a file store. (resin 1.2)	none
use-persistent-store	Uses the current persistent-store to save sessions. (resin 3.0.8)	none
always-load-session	Reload data from the store on every request. (resin 1.2)	false
always-save-session	Save session data to the store on every request. (resin 1.2)	false
save-only-on-shutdown	Only save session when the application shuts down. (resin 1.2.3)	false
reuse-session-id	Reuse the session id even if the session has timed out. (resin 2.0.4)	true
ignore-serialization-errors	When persisting a session, ignore any values which don't implement java.io.Serializable	false
invalidate-after-listener	[TODO]. (resin 3.0)	[TODO]

By default, both enable-cookies and enable-url-rewriting are true. To force url rewriting, you would create a configuration like:

<web-app id='/'> <session-config enable-cookies='false' enable-url-rewriting='true'/> </web-app>

The session-timeout and session-max are usually used together to control the number of sessions. Sessions are stored in an LRU cache. When the number of sessions in the cache fills up past session-max, the oldest sessions are recovered. In addition, sessions idle for longer than session-timeout are purged.

using session-config and session-timeout to control the number of sessions

<web-app id='/dir'> <session-config> <!-- 2 hour timeout --> <session-timeout>120</session-timeout> <session-max>4096</session-max> </session-config> </web-app>

cookie-length is used to limit the maximum length for the session's generated cookie for special situations like WAP devices. Reducing this value reduces the randomness in the cookie and increases the chance of session collisions.

reuse-session-id defaults to true so that Resin can share the session id amongst different web-apps.

The class that corresponds to <session-config> is class com.caucho.server.session.SessionManager

child of: web-app-default, web-app

Maps url patterns to mime-types.

Attribute	Meaning	default
extension	url extension
mime-type	the mime-type

<web-app id='/'> <mime-mapping> <extension>.foo</extension> <mime-type>text/html</mime-type> </mime-mapping> <!-- resin shortcut syntax --> <mime-mapping extension='.bar' mime-type='text/html'/> </web-app>

Resin has a long list of default mime types in $RESIN_HOME/conf/app-default.xml

child of: web-app-default, web-app
default: in $RESIN_HOME/conf/app-default.xml is index.xtp, index.jsp, index.html.

Sets the files to use as when no filename is present in url. According to the spec, each file is in a <welcome-file> element.

<web-app id='/'> <welcome-file-list> <welcome-file>index.jsp</welcome-file> <welcome-file>index.xtp</welcome-file> <welcome-file>home.xtp</welcome-file> </welcome-file-list> </web-app>

Resin also provides a shortcut where you can just list the files:

<web-app id='/'> <welcome-file-list>index.jsp, index.xtp, home.xtp</welcome-file-list> </web-app>

child of: web-app-default, web-app

Attribute	Meaning	default
error-code	Select the error page based on an HTTP status code
exception-type	Select the error page based on a Java exception
location	The error page to display

By default, Resin returns a 500 Servlet Error and a stack trace for exceptions and a simple 404 File Not Found for error pages. Applications can customize the response generated for errors.

Catching File Not Found

<web-app> <error-page> <error-code>404</error-code> <location>/file_not_found.jsp</location> </error-page> </web-app>

Catching Exceptions

<web-app id='/foo'> <error-page exception-type='java.lang.NullPointerException' location='/nullpointer.jsp'/> </web-app>

The error page can use request attributes to obtain information about the request that caused the error:

/file_not_found.jsp

<%@ page session="false" isErrorPage="true" %> <html> <head><title>404 Not Found</title></head> <body> <h1>404 Not Found</h1> The url <code>${requestScope["javax.servlet.error.request_uri"]}</code> was not found. </body> </html>

Request attributes for error handling

Attribute	Type
javax.servlet.error.status_code	java.lang.Integer
javax.servlet.error.message	java.lang.String
javax.servlet.error.request_uri	java.lang.String
javax.servlet.error.servlet_name	java.lang.String
javax.servlet.error.exception	java.lang.Throwable
javax.servlet.error.exception_type	java.lang.Class

child of: web-app-default, web-app

Specifies protected areas of the web site. Sites using authentication as an optional personalization feature will typically not use any security constraints.

Security constraints can also be custom classes.

<security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint role-name='user'> </security-constraint>

child of: security-constraint

child of: security-constraint

Specifies a collection of areas of the web site.

Attribute	Meaning	default
web-resource-name	a name for a web resource collection
description	[TODO]
url-pattern	url patterns describing the resource
http-method	HTTP methods to be restricted.
method	[TODO: why two? HTTP methods to be restricted.]

child of: security-constraint

Requires that authenticated users fill the specified role. In Resin's JdbcAuthenticator, normal users are in the "user" role. Think of a role as a group of users.

Attribute	Meaning	default
role-name	Roles which are allowed to access the resource.

child of: security-constraint

Restricts access to secure transports, such as SSL

Attribute	Meaning	default
transport-guarantee	Required transport properties. NONE, INTEGRAL, and CONFIDENTIAL are allowed values.

child of: security-constraint
Defines a custom constraint.

Attribute	Meaning	default
resin:type	A class that extends class com.caucho.http.security.AbstractConstraint
init	initialization parameters, set in the object using Bean-style setters and getters

TODO: example

child of: web-app-default, web-app
default: no authentication

Servlet 2.4 definition for login-config

Attribute	Meaning	default
auth-method	Authentication method, either BASIC for HTTP Basic Authentication, FORM for form based authentication, or DIGEST for HTTP Digest Authentication .
realm-name	The realm name to use in HTTP authentication
form-login-config	Configuration for form login, see <form-login-config>

Resin extensions to login-config

Attribute	Meaning	default
type	Defines a custom class which extends com.caucho.server.security.AbstractLogin
init	Initialization for the custom login class

HTTP Authentication is defined in the RFC HTTP Authentication: Basic and Digest .

HTTP digest authentication is discussed in Digest Passwords . [TODO: verbose description, examples, etc]

child of: login-config

Configures authentication using forms. The login form has specific parameters that the servlet engine's login form processing understands. If the login succeeds, the user will see the original page. If it fails, she will see the error page.

Servlet 2.4 definition for form-login-config

Attribute	Meaning	default
form-login-page	The page to be used to prompt the user login	none
form-error-page	The error page for unsuccessful login	none

Resin extensions to form-login-config

Attribute	Meaning	default
internal-forward	Use an internal redirect on success instead of a sendRedirect	false
form-uri-priority	If true, the form's j_uri will override a stored URI	false

The form itself must have the action j_security_check. It must also have the parameters j_username and j_password. Optionally, it can also have j_uri and j_use_cookie_auth. j_uri gives the next page to display when login succeeds. j_use_cookie_auth allows Resin to send a persistent cookie to the user to make following login easier.

j_use_cookie_auth gives control to the user whether to generate a persistent cookie. It lets you implement the "remember me" button. By default, the authentication only lasts for a single session.

Attribute	Meaning	default
j_security_check	The form's mandatory action
j_username	The user name
j_password	The password
j_uri	Optional Resin extension for the successful display page.
j_use_cookie_auth	Optional Resin extension to allow cookie login.

The following is an example of a servlet-standard login page:

<form action='j_security_check' method='POST'> <table> <tr><td>User:<td><input name='j_username'> <tr><td>Password:<td><input name='j_password'> <tr><td colspan=2>hint: the password is 'quidditch' <tr><td><input type=submit> </table> </form>

TODO: in servlet spec, not in resin rnc

TODO: link to env

child of: web-app-default, web-app

child of: web-app-default, web-app

TODO: in servlet spec, not in resin rnc

TODO: in servlet spec, not in resin rnc