Skip to main content
Version: 5.7.x.x Java 8 ELS

Appendix D - DTDs for nevisProxy Configuration Files

<!-- 
This is the XML DTD for the Nevis navajo servlet container (version 1.x)
(c) 2019-2022 by Nevis Security AG
-->

<!--
The Navajo element is the root element. It contains one service element and
an optional management element.
-->
<!ELEMENT Navajo (Service)>

<!--
administration port.

Type: integer
-->
<!ATTLIST Navajo port CDATA #IMPLIED>

<!--
The Service element corresponds to one carrier server instance.
Currently, Apache version 2.4.X is supported as carrier server.
It contains mainly a collection of several Connectors with one Engine.
-->
<!ELEMENT Service (Core, Timer, NevisProxy?, Server, Connector+, Engine)>

<!--
Experimental: The element NevisProxy describes the nevisproxy-module
-->
<!ELEMENT NevisProxy (Location+)>

<!--
The attribute 'libname' describes the name of path of the nevisproxy-module library
Type:pathname
-->
<!ATTLIST NevisProxy libname CDATA "">

<!--
The element Location
-->
<!ELEMENT Location EMPTY>

<!--
The attribute 'location' describes the name of path to map the nevisproxy-module
Type:pathname
-->
<!ATTLIST Location location CDATA #REQUIRED>

<!--
The attribute 'config' describes the name of path of the configuration of the nevisproxy-module
Type:pathname
-->
<!ATTLIST Location config CDATA #REQUIRED>

<!--
The attribute 'name' is a logical name. It is reserved
for future use (e.g., running several Services in one carrier server).

Type: string
-->
<!ATTLIST Service name CDATA "isi3web">

<!--
The attribute 'verbose' configures verbosity. If set to 'on', all exception messages are sent to the client. In production, this attribute should be set to 'false'.

Type: boolean
-->
<!ATTLIST Service verbose (true|false) "false">

<!--
The attribute 'serverTemplate' specifies the path to the template
file used for creating the server part of the generated
apache1/2 configuration file.
In that template all 'server-related' properties will be
described.
(See the description of element Service for further information.)

Type: file path
-->
<!ATTLIST Service serverTemplate CDATA #REQUIRED>

<!--
The attribute 'generateCarrierConfig' specifies if the apache configuration file will be generated.
There is not support if that flag is set to false.

Type: boolean
-->
<!ATTLIST Service generateCarrierConfig (true|false) "true">


<!--
The attribute 'hostTemplate' specifies the path to the template
file that will be used for creating the host part of the generated
Apache 1/2 configuration file.
In this template, all 'host-related' properties will be described.
(See the description of the Connector element for further information.)

Type: file path
-->
<!ATTLIST Service hostTemplate CDATA #REQUIRED>


<!--
The attribute 'spoolDir' specifies the path to the spool directory
of the carrier server, i.e., the directory that contains the log files.

Type: directory path
-->
<!ATTLIST Service spoolDir CDATA #REQUIRED>


<!--
The attribute 'commandLine' configures the command-line arguments that will be used for starting the carrier server.
(Example: commandLine="-X" will start the Apache carrier server in debug mode.)

Type: string
-->
<!ATTLIST Service commandLine CDATA #IMPLIED>

<!--
The attribute 'crashRecoveryStrategy' specifies what should happen after a worker crash.

Type: recover|block
-->
<!ATTLIST Service crashRecoveryStrategy (recover|block) "recover">

<!--
The element Core describes the run-time model.
-->
<!ELEMENT Core EMPTY>

<!--
The attribute 'memoryProtection' configures memory protection.
After initialization and loading of all WebApplications, the container memory is write protected. This is possible only if memory type is set to 'shared'. Use of memory protection is recommended.

Type: boolean
-->
<!ATTLIST Core memoryProtection CDATA #IMPLIED>

<!--
The attribute 'memoryAnonymous' configures memory mapping.
If set to 'false' the shared memory will be mapped to a file <workDir>/shared_map_XXXXXX. Otherwise it will be
mapped anonymous.

Type: boolean
-->
<!ATTLIST Core memoryAnonymous CDATA #IMPLIED>

<!--
The attribute 'memoryType' is used to configure the memory type.
It is recommended to use 'shared'.

Type: shared|heap
-->
<!ATTLIST Core memoryType CDATA #IMPLIED>


<!--
The attribute 'workDir' specifies the path to the directory used for the creation of temporary files.

Type: directory path
-->
<!ATTLIST Core workDir CDATA #REQUIRED>


<!--
The attribute 'memorySize' specifies the amount of memory to be allocated.
Memory requirements depend mainly on the size and number of the Web Applications that will be loaded. The used memory, i.e. shared or heap, is configured in the Core element. (After booting the Service, there is a log entry listing used and available memory. This information can be used for optimizing the configuration.)

Type: positive integer
-->
<!ATTLIST Core memorySize CDATA #IMPLIED>


<!--
The element Timer describes the timer. Via the engine
interface every servlet/filter can register its own TimerListener.
They are- invoked in accordance with the configured periodicity.
-->
<!ELEMENT Timer EMPTY>

<!--
The attribute 'periodicity' describes timer periodicity.
Type:positive integer
-->
<!ATTLIST Timer periodicity CDATA "60">

<!--
The element Server contains a collection of 'server-related' configuration properties of the carrier server. This data is not managed. It will be used for substituting attribute names by values in the serverTemplate file. This is done as follows: The name of the attribute is converted to upper case and surrounded with '_'. All matching strings in the server template file are substituted with the respective attribute values. See server.template server2.template for details on 'MaxClients'!

Type: string
-->
<!ELEMENT Server (TransferLogs?, CustomLogs?, SSLRandomSeed?)>
<!ATTLIST Server User CDATA #REQUIRED>
<!ATTLIST Server Group CDATA #REQUIRED>
<!ATTLIST Server ServerAdmin CDATA #REQUIRED>
<!ATTLIST Server ServerName CDATA #REQUIRED>
<!ATTLIST Server UseCanonicalName (On|Off|DNS) "On" >
<!ATTLIST Server Timeout CDATA "30" >
<!ATTLIST Server MaxClients CDATA "600" >
<!ATTLIST Server ThreadStackSize CDATA "1048576">
<!ATTLIST Server MaxRequestsPerChild CDATA "0" >
<!ATTLIST Server KeepAlive CDATA "on" >
<!ATTLIST Server KeepAliveTimeout CDATA "5" >
<!ATTLIST Server MaxKeepAliveRequests CDATA "100" >
<!ATTLIST Server LimitRequestLine CDATA "5120" >
<!ATTLIST Server LimitRequestBody CDATA "512000" >
<!ATTLIST Server LimitRequestParameters CDATA "10000" >
<!ATTLIST Server LimitRequestFields CDATA "50" >
<!ATTLIST Server LimitRequestFieldsize CDATA "5120" >
<!ATTLIST Server ServerTokens CDATA "Prod" >
<!ATTLIST Server ServerSignature CDATA "Off" >
<!ATTLIST Server ServerRoot CDATA #REQUIRED>
<!ATTLIST Server DocumentRoot CDATA #IMPLIED >
<!ATTLIST Server Include CDATA "" >
<!ATTLIST Server CoreDumpDirectory CDATA "" >
<!ATTLIST Server HttpProtocolOptions CDATA "" >
<!ATTLIST Server ErrorLog CDATA "" >
<!ATTLIST Server CustomLog CDATA "" >
<!ATTLIST Server Loglevel CDATA "notice" >
<!ATTLIST Server TransferLog CDATA "" >
<!ATTLIST Server LogFormat CDATA ""%h %l %u %t \"%r\" %>s %b %{content-length}i %T \"%{Referer}i\" \"%{User-Agent}i\" trID=%{UNIQUE_ID}e"" >
<!ATTLIST Server SSLPassPhraseDialog CDATA "builtin">
<!ATTLIST Server SSLSessionCache CDATA "none" >
<!ATTLIST Server SSLCryptoDevice CDATA "" >
<!ATTLIST Server SSLSessionCacheTimeout CDATA "" >


<!--
Each Connector element corresponds to one HTTP connector of the
carrier server. It can be configured as a secure SSL connector using
the SSL element inside. For every Connector element, the corresponding configuration of the carrier server is created.
-->
<!ELEMENT Connector (TransferLogs?, CustomLogs?, SSL?, SSLCache?,RemoteSSLCache?, CookieCache?,RemoteCookieCache?, UserAgent*,ClientIdentification?,H2?)>

<!--
The attribute 'port' configures the port on which the Connector is listening.

Type: positive integer
-->
<!ATTLIST Connector port CDATA #REQUIRED>

<!--
The attribute 'name' contains the DNS hostname. If the attribute 'listen' is not configured, the Connector
is listening on the respective IP-address.

Type: string
-->
<!ATTLIST Connector name CDATA #REQUIRED>

<!--
The attribute 'listen' contains the IP address and the port on which the Connector is listening:
'ip adress':'port'

Type: string
-->
<!ATTLIST Connector listen CDATA #IMPLIED>

<!--
The attribute 'nameVirtualHost' designates the IP address (and possibly port)
on the server that will be accepting requests for the hosts:
'ip adress'[:'port']

Type: string
-->
<!ATTLIST Connector nameVirtualHost CDATA #IMPLIED>

<!--
The ServerAlias directive sets the alternate names (separated by spaces) for a host, for use with name-based virtual hosts.
The ServerAlias may include wildcards, if appropriate.

Type: string
-->
<!ATTLIST Connector serverAlias CDATA #IMPLIED>

<!--
Apache configuration properties in the 'VirtualHost' context. This data is not managed. It will be used for substituting like described for the 'Server' tag

Type: string
-->

<!ATTLIST Connector KeepAlive CDATA "">
<!ATTLIST Connector MaxKeepAliveRequests CDATA "">
<!ATTLIST Connector KeepAliveTimeout CDATA "">
<!ATTLIST Connector Loglevel CDATA "">
<!ATTLIST Connector LogFormat CDATA "">
<!ATTLIST Connector CustomLog CDATA "">
<!ATTLIST Connector TransferLog CDATA "">

<!--
The tag UserAgent is a collection of browser related configuration. If the 'pattern' is matching
the 'User-Agent' HTTP header the configuration of that config atg will be used.
-->
<!ELEMENT UserAgent EMPTY>

<!--
The attribute 'header' is configuring the name of the HTTP header field that
contains the Browser related information. With the attribute 'clientTypeCheck' of
the tag 'HttpSessionCache' set to true, it can be enforced that any subsequent request
must have the same 'identification' policy if requesting the session.

Type: string
-->
<!ATTLIST UserAgent header CDATA "User-Agent">

<!--
The attribute 'pattern' is configuring a regular expression for matching the
value of the 'User-Agent' header field
Type: string
-->
<!ATTLIST UserAgent pattern CDATA #REQUIRED>

<!--
The attribute 'identification' is configuring how incoming requests on the respective connector
are identified. The HttpSession of the container is based on this identification.

Type: SSL|cookie|both
-->
<!ATTLIST UserAgent identification (SSL|cookie|cookie-IP|both|both-required|none) #REQUIRED>

<!--
The attribute 'cookieHttpOnly' is configuring if the outgoing cookie contains 'HttpOnly'.
Only MSIE 6 with at least Service Pack 1 and mozilla firefox version at least 3.0.0.6 are
supporting that (other new browsers may support this feature, check for HttpOnly support of
the browser you are using).

Type: string
-->
<!ATTLIST UserAgent cookieHttpOnly CDATA "true">

<!--
The attribute 'identificationAction' defines what action to execute if the Identification fails.
Possible values:
invalidate: the session will be invalidated
reauth: the session should be reauthenticated

Type: string
-->
<!ATTLIST UserAgent identificationAction CDATA "">

<!--
The attribute 'sslshutdown' is configuring the ssl shutdown mode.

Type: none|unclean|clean|accurate
-->
<!ATTLIST UserAgent sslshutdown (none|unclean|clean|accurate) "none">

<!--
The attribute 'keepAlive' is configuring the keepalive of the connection.
Note: The Server 'KeepAlive' must be configured 'true'. Otherwise there
is no keepalive connection possible


Type: boolean
-->
<!ATTLIST UserAgent keepAlive (true|false) "true">

<!--
If there is no matching UserAgent config the element ClientIdentification configures how incoming requests on
the respective connector are identified. The HttpSession of the container is based on this identification.
-->
<!ELEMENT ClientIdentification EMPTY>


<!--
Experimental: The element H2 describes the http2
-->
<!ELEMENT H2 EMPTY>
<!ATTLIST H2 H2Direct CDATA "">
<!ATTLIST H2 Protocols CDATA "h2 h2c http/1.1">
<!ATTLIST H2 H2SerializeHeaders CDATA "">


<!--
The attribute 'type' is used for the configuration of client identification.
Supported:
- client identity is bound to the SSL session (see SSLCache )
- client identity is bound to a cookie (see CookieCache )

Type: SSL|cookie|both|none
-->
<!ATTLIST ClientIdentification type (SSL|cookie|cookie-IP|both|both-required|none) "cookie">

<!--
The attribute 'action' defines what action to execute if the Identification fails.
Possible values:
invalidate: the session will be invalidated
reauth[:<num>]: the session will be reauthenticated for a maxomum of <num> times, afterwards the session will stay valid.

Type: string
-->
<!ATTLIST ClientIdentification action CDATA "">

<!--
The element SSL is a collection of SSL-related configuration properties of a Connector's carrier server. The respective data is not managed. It is used for attribute/value substitution as described for the element Server.
-->

<!ELEMENT SSL EMPTY>
<!ATTLIST SSL SSLCipherSuite CDATA "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256">
<!ATTLIST SSL SSLOptions CDATA "+OptRenegotiate" >
<!ATTLIST SSL SSLRequire CDATA "" >
<!ATTLIST SSL SSLProtocol CDATA "-all +TLSv1.2 +TLSv1.3" >
<!ATTLIST SSL SSLCertificateFile CDATA "" >
<!ATTLIST SSL SSLCertificateKeyFile CDATA "" >
<!ATTLIST SSL SSLCertificateChainFile CDATA "" >
<!ATTLIST SSL SSLCACertificateFile CDATA "" >
<!ATTLIST SSL SSLCACertificatePath CDATA "" >
<!ATTLIST SSL SSLVerifyClient CDATA "" >
<!ATTLIST SSL SSLVerifyDepth CDATA "" >
<!ATTLIST SSL SSLInsecureRenegotiation (on|off) "off" >
<!ATTLIST SSL SSLRenegBufferSize CDATA "" >
<!ATTLIST SSL SSLHonorCipherOrder CDATA "on" >
<!ATTLIST SSL SSLCompression (on|off) "off" >
<!ATTLIST SSL SSLSessionCacheTimeout CDATA "" >
<!ATTLIST SSL SSLSessionTickets (on|off) "off" >


<!--
The element SSLRandomSeed describes a newline separated list of 'SSLRandomSeed' entries
-->
<!ELEMENT SSLRandomSeed (#PCDATA)>

<!--
The element SSLCache describes the properties of the server-side SSL cache.
If it is not specified, no SSL caching will occur.
-->
<!ELEMENT SSLCache EMPTY>


<!--
The attribute 'maxEntries' configures the number of SSL cache entries.

Type: positive integer
-->
<!ATTLIST SSLCache maxEntries CDATA "4000">

<!--
The attribute 'maxEntrySize' specifies the maximum size of one serialized SSL session.

Type: positive integer
-->
<!ATTLIST SSLCache maxEntrySize CDATA "150" >

<!--
The attribute 'maxInactiveInterval' specifies the maximum time of inactivity of SSL cache entries. Inactivity means that the SSL cache entry is not being used by the client. If the maximum interval is reached, the entry is removed from the cache.

Type: positive integer
-->
<!ATTLIST SSLCache maxInactiveInterval CDATA "300">

<!--
The attribute 'maxLifetime' configures the maximum lifetime of an entry. After the time specified, the SSLCache entry is removed.

Type: positive integer
-->
<!ATTLIST SSLCache maxLifetime CDATA "3600">

<!--
The attribute 'renegotiation' configures handling of SSL renegotiation. If set to true, the SSL cache allows keeping track of SSL sessions that have changed due to renegotiation.

Type: boolean
-->
<!ATTLIST SSLCache renegotiation (true|false) "false" >


<!--
The element RemoteSSLCache describes the properties of the server-side SSL remote cache.
If it is not specified, no SSL caching will occur.
-->
<!ELEMENT RemoteSSLCache (CacheProvider) >

<!--
The element TransferLog describes a newline separated list of 'TransferLog' entries
-->
<!ELEMENT TransferLogs (#PCDATA)>

<!--
The element CustomLogs describes a newline separated list of 'CustomLog' entries
-->
<!ELEMENT CustomLogs (#PCDATA)>


<!--
The element RemoteCookieCache describes the properties of the server-side remote cookie cache
-->
<!ELEMENT RemoteCookieCache (CacheProvider) >


<!--
The element CacheProvider describes the properties of a CacheProvider
-->
<!ELEMENT CacheProvider (provider-class, provider-lib,init-param*) >

<!ELEMENT provider-class (#PCDATA)>
<!ELEMENT provider-lib (#PCDATA)>
<!ELEMENT init-param (param-name, param-value, description?)>
<!ELEMENT param-name (#PCDATA)>
<!ELEMENT param-value (#PCDATA)>
<!ELEMENT description (#PCDATA)>

<!--
The element CookieCache describes the properties of the server-side Cookie cache. Configuration of a Cookie cache is required if client identification is based on cookies.

See element HttpSession.
-->
<!ELEMENT CookieCache EMPTY>

<!--
The attribute 'maxEntries' specifies the maximum number of entries
in the Cookie cache.

Type: positive integer
-->
<!ATTLIST CookieCache maxEntries CDATA "4000">


<!--
The attribute 'randomSize' configures the number of random bytes used for cookie values.

Type: positive integer
-->
<!ATTLIST CookieCache randomSize CDATA "56" >

<!--
The attribute 'cookieName' is used to specify the name of the cookie.

Type: string
-->
<!ATTLIST CookieCache cookieName CDATA "Navajo" >

<!--
The attribute 'domain' specifies the domain field of the session cookie.
It may only be used when the CookieCache is defined on the Engine level.

Type: string
-->
<!ATTLIST CookieCache domain CDATA #IMPLIED >


<!--
The attribute 'persistent' is used to specify if 'Max-Age' and 'Expires' fields
should be set to MaxLifeTime for the session cookie. Default is 'false' with
the cookie beeing session-bound.

Type: boolean
-->
<!ATTLIST CookieCache persistent (true|false) "false" >

<!--
The attribute 'maxInactiveInterval' configures the maximum interval
of inactivity of Cookie cache entries. That parameter has no relevance
due to the fact that the maxInactiveInterval of the HttpSession will be overtaken.

Type: positive integer
-->
<!ATTLIST CookieCache maxInactiveInterval CDATA "300">

<!--
The attribute 'maxLifetime' configures the maximum lifetime of an entry.
After that lifetime, the CookieCache entry is removed.

Type: positive integer
-->
<!ATTLIST CookieCache maxLifetime CDATA "1800">

<!--
The attribute 'signerCert' configures the certificate that will be used
for checking the signature of the cookie sent by the client

Type: string
-->
<!ATTLIST CookieCache signerCert CDATA #IMPLIED>

<!--
The attribute 'signerKey' configures the private key that will be used
for signing the cookie sent to the client

Type: string
-->
<!ATTLIST CookieCache signerKey CDATA #IMPLIED>

<!--
The attribute 'checkIP' configures the checking of the ip address of the
the cookie sender.
If set to true, the ip address of the cookie sender must match the ip
address of the cookie receiver.

Type: boolean
-->
<!ATTLIST CookieCache checkIP (true|false) "false" >

<!--
The attribute 'secretKeyFile' configures the symmetric key used for
encrypting and decrypting the value of cookies.

Type: string
-->
<!ATTLIST CookieCache secretKeyFile CDATA #IMPLIED>

<!--
The element Engine represents a 'servlet engine'. It is a collection
of one Session element and several Host elements. Every Host element represents a single name-based virtual host.
-->
<!ELEMENT Engine (SSLCache?, RemoteSSLCache?, CookieCache?, RemoteCookieCache?, UserAgent*, ClientIdentification?, HttpSession?, RemoteHttpSession?, Host+)>

<!--
The attribute 'defaultHost' specifies a fallback Host to be used if no matching Host is configured. The respective host must be configured.
Type: string
-->
<!ATTLIST Engine defaultHost CDATA #REQUIRED>

<!--
The attribute 'generalResourceDir' specifies a directory where server wide resources can be found. Currently
there are two resources 'navajo_style_sheet.css' and 'Nevis_f2.gif'. You have to configure a directory, where
these two files can be found.
Type: string
-->
<!ATTLIST Engine generalResourceDir CDATA #IMPLIED>

<!--
With the attribute 'useStyleSheet' the using of a style-seeht and a gif in any generated response
can be enabled/disabled
Type: boolen
-->
<!ATTLIST Engine useStyleSheet (true|false) "false">

<!--
The element Session describes the properties of the HttpSession provided by the container.
-->
<!ELEMENT HttpSession EMPTY>

<!--
The attribute 'maxEntrySize' configures the number of bytes allocated for a single(!) HttpSession.

Type: positive integer
-->
<!ATTLIST HttpSession maxEntrySize CDATA "32000">


<!--
The attribute 'maxEntries' configures the number of HttpSessions.

Type: positive integer
-->
<!ATTLIST HttpSession maxEntries CDATA "2000">

<!--
The attribute 'maxAttributes' configures the number of attributes that
can be attached to the HttpSessions via HttpSession::setAttribute(..)

Type: positive integer
-->
<!ATTLIST HttpSession maxAttributes CDATA "20">

<!--
The attribute 'maxInactiveInterval' configures the maximum inactivity interval of HttpSessions. If that interval is reached, the entry is removed from the cache. The value can be changed at run-time by servlets/filters calling 'HttpSession::setMaxInactiveInterval(..)'.

Type: positive integer
-->
<!ATTLIST HttpSession maxInactiveInterval CDATA "300">

<!--
The attribute 'limitMaxInactiveInterval' configures an upper limit for the maximum inactivity interval of HttpSessions'.

Type: positive integer
-->
<!ATTLIST HttpSession limitMaxInactiveInterval CDATA "0">

<!--
The attribute 'clientTypeCheck' configures wether the client-type, i.e. 'User-Agent' header upon that the
type fo identification is based will be checked. (see also UserAgent tag)

Type: boolean
-->
<!ATTLIST HttpSession clientTypeCheck (true|false) "true">

<!--
The attribute 'maxLifeTimeCheck' configures wether the MaxLifeTime of the client
identification will be checked. If the remaing TimeToLive of the identification
underlimits the InactiveInterval a renegotiation of the client identification will
be executed.

Type: boolean
-->
<!ATTLIST HttpSession maxLifeTimeCheck (true|false) "false">


<!--
The attribute 'maxIdLength' configures the maximal length of the HttpSession-Id. If set to '0' it will be
calculated for the HttpSessions distributetd by navajo itself. But this may not be enough for HttpSession
created by other provider (f.ex. VirtualSessions in isiweb4)'.

Type: positive integer
-->
<!ATTLIST HttpSession maxIdLength CDATA "0">

<!--
The element HttpSessionRemote describes the properties of a remote HttpSession cache.
-->
<!ELEMENT RemoteHttpSession (CacheProvider)>

<!--
The attribute 'sessionReaper' configures wether the session reaper thread will be started or not

Type: boolean
-->
<!ATTLIST RemoteHttpSession sessionReaper (true|false) "true">

<!--
Every Host element represents a single name-based virtual host.
-->
<!ELEMENT Host (Context+)>

<!--
The attribute 'name' specifies the name of the virtual Host. All requests with the corresponding 'Host' HTTP
header field are routed to that Host.

Type: string
-->
<!ATTLIST Host name CDATA #REQUIRED>


<!--
The element Context represents a WebApplication. All servlets and filters
inside that element share the same context and can invoke each other.
-->
<!ELEMENT Context EMPTY>

<!--
The attribute 'name' specifies a name for this Context. Only needed for logging.

Type: string
-->
<!ATTLIST Context name CDATA #IMPLIED>

<!--
The attribute 'entryURI' specifies entrypoint URI of the web application.
If there is no matching Context or Servlet for a request with the URL '/'
a redirect with that value will be sent.

Type: string
-->
<!ATTLIST Context entryURI CDATA #IMPLIED>

<!--
The attribute 'unsecureConnection' specifies the behaviour if the request is made on an unsecure connection.
The follwing values are allowed:
- redirect: With the attribute 'unsecureConnectionRedirect' (see below) the redirect URL can be configured. If that is not the case
a redirect to a that secure connector will be sent, who has the same hostname.
- allow: The request is processed
- deny: A 'forbidden' response is sent.
Type: enum
-->
<!ATTLIST Context unsecureConnection (redirect|allow|deny) "allow">

<!--
The attribute 'unsecureConnectionRedirect' specifies the URL to that will be redirected
Type: String
-->
<!ATTLIST Context unsecureConnectionRedirect CDATA #IMPLIED>

<!--
The attribute 'trailingSlashRedirect' specifies the behaviour in the case that no match has been found
and the request has no trailing slash. If set to 'true' a redirect with a trailing slash will be sent.
-->
<!ATTLIST Context trailingSlashRedirect (true|false) "true">

<!--
The attribute 'rejectIfMaxThreads' specifies if a error response with status
code 503 wil be sent, If there are no more idle worker threads. By that we have
at least one worker thread that is sending that error.
Note: The sended paeg can be configured with the normal error-code page in the web.xml
-->
<!ATTLIST Context rejectIfMaxThreads (true|false) "false">

<!--
The attribute 'filePreload' specifies if the files will be preloaded at startup. If set to 'true'
any modification of the files during run-time does not have any effect. Because of memory consumption,
preloading is not recommended if there are many or large files.
-->
<!ATTLIST Context filePreload (true|false) "false">


<!--
The attribute 'docBase' specifies the path to the directory where the WebApplication is deployed.

Type: directory path
-->
<!ATTLIST Context docBase CDATA #REQUIRED>

<!--
The attribute 'path' specifies the path inside the namespace to which the WepApplication is mapped.

Type: string
-->
<!ATTLIST Context path CDATA #IMPLIED>


<!--
With the attribute 'allowedMethods' a ',' or whitespace separated list of allowed
HTTP methods can be configured
Type: String
-->
<!ATTLIST Context allowedMethods CDATA "GET,POST">


<!--
The attribute 'caseSensitiveMapping' specifies if mapping of servlets and filters. If 'true', URI paths
will be mapped to srvlets and filters using a case sensitive string comparison. If set to 'false', a case
insensitive comparison will be performed.
Type: Boolean
Default: true
-->
<!ATTLIST Context caseSensitiveMapping (true|false) "true">

<!--
The attribute 'additionalStatusCodes' is an optional, comma separated string of additional, not documented
http-codes. For example Microsoft uses the extension '449 Retry With'.
Type: String
-->
<!ATTLIST Context additionalStatusCodes CDATA #IMPLIED>


<!--
The ID mechanism is to allow tools that produce additional deployment
information (i.e., information beyond the standard deployment
descriptor information) to store the non-standard information in a
separate file, and easily refer from these tool-specific files to the
information in the standard deployment descriptor.

NevisAdmin uses the id to identify elements.

id must start with a character and not with a digit.
-->

<!ATTLIST Navajo id ID #IMPLIED>
<!ATTLIST Service id ID #IMPLIED>
<!ATTLIST Core id ID #IMPLIED>
<!ATTLIST Timer id ID #IMPLIED>
<!ATTLIST Server id ID #IMPLIED>
<!ATTLIST Connector id ID #IMPLIED>
<!ATTLIST UserAgent id ID #IMPLIED>
<!ATTLIST ClientIdentification id ID #IMPLIED>
<!ATTLIST SSL id ID #IMPLIED>
<!ATTLIST SSLCache id ID #IMPLIED>
<!ATTLIST CookieCache id ID #IMPLIED>
<!ATTLIST Engine id ID #IMPLIED>
<!ATTLIST HttpSession id ID #IMPLIED>
<!ATTLIST Host id ID #IMPLIED>
<!ATTLIST Context id ID #IMPLIED>

web-app_2_3.dtd

<!--
Copyright (c) 2000 Sun Microsystems, Inc.,
901 San Antonio Road,
Palo Alto, California 94303, U.S.A.
All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to
technology embodied in the product that is described in this document.
In particular, and without limitation, these intellectual property
rights may include one or more of the U.S. patents listed at
http://www.sun.com/patents and one or more additional patents or
pending patent applications in the U.S. and in other countries.

This document and the product to which it pertains are distributed
under licenses restricting their use, copying, distribution, and
decompilation. This document may be reproduced and distributed but may
not be changed without prior written authorization of Sun and its
licensors, if any.

Third-party software, including font technology, is copyrighted and
licensed from Sun suppliers.

Sun, Sun Microsystems, the Sun logo, Java, JavaServer Pages, Java
Naming and Directory Interface, JDBC, JDK, JavaMail and and
Enterprise JavaBeans are trademarks or registered trademarks of Sun
Microsystems, Inc. in the U.S. and other countries.

Federal Acquisitions: Commercial Software - Government Users Subject to
Standard License Terms and Conditions.

DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

_________________________________________________________________________
Copyright (c) 2000 Sun Microsystems, Inc.,
901 San Antonio Road,
Palo Alto, California 94303, E'tats-Unis.
Tous droits re'serve's.

Sun Microsystems, Inc. a les droits de proprie'te' intellectuels
relatants a` la technologie incorpore'e dans le produit qui est de'crit
dans ce document. En particulier, et sans la limitation, ces droits de
proprie'te' intellectuels peuvent inclure un ou plus des brevets
ame'ricains e'nume're's a` http://www.sun.com/patents et un ou les
brevets plus supple'mentaires ou les applications de brevet en attente
dans les E'tats-Unis et dans les autres pays.

Ce produit ou document est prote'ge' par un copyright et distribue'
avec des licences qui en restreignent l'utilisation, la copie, la
distribution, et la de'compilation. Ce documention associe n peut
e^tre reproduite et distribuer, par quelque moyen que ce soit, sans
l'autorisation pre'alable et e'crite de Sun et de ses bailleurs de
licence, le cas e'che'ant.

Le logiciel de'tenu par des tiers, et qui comprend la technologie
relative aux polices de caracte`res, est prote'ge' par un copyright et
licencie' par des fournisseurs de Sun.

Sun, Sun Microsystems, le logo Sun, Java, JavaServer Pages, Java
Naming and Directory Interface, JDBC, JDK, JavaMail et and
Enterprise JavaBeans sont des marques de fabrique ou des marques
de'pose'es de Sun Microsystems, Inc. aux E'tats-Unis et dans d'autres
pays.

LA DOCUMENTATION EST FOURNIE "EN L'E'TAT" ET TOUTES AUTRES CONDITIONS,
DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT
EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS
NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A
L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE
CONTREFAC,ON.
-->

<!--
This is the XML DTD for the Servlet 2.3 deployment descriptor.
All Servlet 2.3 deployment descriptors must include a DOCTYPE
of the following form:
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
-->

<!--
The following conventions apply to all J2EE deployment descriptor
elements unless indicated otherwise.

- In elements that contain PCDATA, leading and trailing whitespace
in the data may be ignored.

- In elements whose value is an "enumerated type", the value is
case sensitive.

- In elements that specify a pathname to a file within the same
JAR file, relative filenames (i.e., those not starting with "/")
are considered relative to the root of the JAR file's namespace.
Absolute filenames (i.e., those starting with "/") also specify
names in the root of the JAR file's namespace. In general, relative
names are preferred. The exception is .war files where absolute
names are preferred for consistency with the servlet API.
-->

<!--
The web-app element is the root of the deployment descriptor for
a web application.
-->
<!ELEMENT web-app (icon?, display-name?, description?, distributable?,
context-param*, filter*, filter-mapping*, listener*, servlet*,
servlet-mapping*, session-config?, mime-mapping*, welcome-file-list?,
error-page*, taglib*, resource-env-ref*, resource-ref*, security-constraint*,
login-config?, security-role*, env-entry*, ejb-ref*, ejb-local-ref*)>

<!--
The auth-constraint element indicates the user roles that should
be permitted access to this resource collection. The role-name
used here must either correspond to the role-name of one of the
security-role elements defined for this web application, or be
the specially reserved role-name "*" that is a compact syntax for
indicating all roles in the web application. If both "*" and
rolenames appear, the container interprets this as all roles.
If no roles are defined, no user is allowed access to the portion of
the web application described by the containing security-constraint.
The container matches role names case sensitively when determining
access.


Used in: security-constraint
-->
<!ELEMENT auth-constraint (description?, role-name*)>

<!--
The auth-method element is used to configure the authentication
mechanism for the web application. As a prerequisite to gaining access
to any web resources which are protected by an authorization
constraint, a user must have authenticated using the configured
mechanism. Legal values for this element are "BASIC", "DIGEST",
"FORM", or "CLIENT-CERT".

Used in: login-config
-->
<!ELEMENT auth-method (#PCDATA)>

<!--
The context-param element contains the declaration of a web
application's servlet context initialization parameters.

Used in: web-app
-->

<!ELEMENT context-param (param-name, param-value, description?)>

<!--
The description element is used to provide text describing the parent
element. The description element should include any information that
the web application war file producer wants to provide to the consumer of
the web application war file (i.e., to the Deployer). Typically, the tools
used by the web application war file consumer will display the description
when processing the parent element that contains the description.

Used in: auth-constraint, context-param, ejb-local-ref, ejb-ref,
env-entry, filter, init-param, resource-env-ref, resource-ref, run-as,
security-role, security-role-ref, servlet, user-data-constraint,
web-app, web-resource-collection
-->
<!ELEMENT description (#PCDATA)>

<!--
The display-name element contains a short name that is intended to be
displayed by tools. The display name need not be unique.

Used in: filter, security-constraint, servlet, web-app

Example:

<display-name>Employee Self Service</display-name>
-->
<!ELEMENT display-name (#PCDATA)>

<!--
The distributable element, by its presence in a web application
deployment descriptor, indicates that this web application is
programmed appropriately to be deployed into a distributed servlet
container

Used in: web-app
-->
<!ELEMENT distributable EMPTY>

<!--
The ejb-link element is used in the ejb-ref or ejb-local-ref
elements to specify that an EJB reference is linked to an
enterprise bean.

The name in the ejb-link element is composed of a
path name specifying the ejb-jar containing the referenced enterprise
bean with the ejb-name of the target bean appended and separated from
the path name by "#". The path name is relative to the war file
containing the web application that is referencing the enterprise bean.
This allows multiple enterprise beans with the same ejb-name to be
uniquely identified.

Used in: ejb-local-ref, ejb-ref

Examples:

<ejb-link>EmployeeRecord</ejb-link>

<ejb-link>../products/product.jar#ProductEJB</ejb-link>
-->
<!ELEMENT ejb-link (#PCDATA)>

<!--
The ejb-local-ref element is used for the declaration of a reference to
an enterprise bean's local home. The declaration consists of:

- an optional description
- the EJB reference name used in the code of the web application
that's referencing the enterprise bean
- the expected type of the referenced enterprise bean
- the expected local home and local interfaces of the referenced
enterprise bean
- optional ejb-link information, used to specify the referenced
enterprise bean

Used in: web-app
-->
<!ELEMENT ejb-local-ref (description?, ejb-ref-name, ejb-ref-type,
local-home, local, ejb-link?)>
<!--
The ejb-ref element is used for the declaration of a reference to
an enterprise bean's home. The declaration consists of:

- an optional description
- the EJB reference name used in the code of
the web application that's referencing the enterprise bean
- the expected type of the referenced enterprise bean
- the expected home and remote interfaces of the referenced
enterprise bean
- optional ejb-link information, used to specify the referenced
enterprise bean

Used in: web-app
-->
<!ELEMENT ejb-ref (description?, ejb-ref-name, ejb-ref-type,
home, remote, ejb-link?)>

<!--
The ejb-ref-name element contains the name of an EJB reference. The
EJB reference is an entry in the web application's environment and is
relative to the java:comp/env context. The name must be unique
within the web application.

It is recommended that name is prefixed with "ejb/".

Used in: ejb-local-ref, ejb-ref

Example:

<ejb-ref-name>ejb/Payroll</ejb-ref-name>

-->
<!ELEMENT ejb-ref-name (#PCDATA)>

<!--
The ejb-ref-type element contains the expected type of the
referenced enterprise bean.

The ejb-ref-type element must be one of the following:

<ejb-ref-type>Entity</ejb-ref-type>
<ejb-ref-type>Session</ejb-ref-type>

Used in: ejb-local-ref, ejb-ref
-->
<!ELEMENT ejb-ref-type (#PCDATA)>

<!--
The env-entry element contains the declaration of a web application's
environment entry. The declaration consists of an optional
description, the name of the environment entry, and an optional
value. If a value is not specified, one must be supplied
during deployment.
-->
<!ELEMENT env-entry (description?, env-entry-name, env-entry-value?,
env-entry-type)>

<!--
The env-entry-name element contains the name of a web applications's
environment entry. The name is a JNDI name relative to the
java:comp/env context. The name must be unique within a web application.

Example:

<env-entry-name>minAmount</env-entry-name>

Used in: env-entry
-->
<!ELEMENT env-entry-name (#PCDATA)>
<!--
The env-entry-type element contains the fully-qualified Java type of
the environment entry value that is expected by the web application's
code.

The following are the legal values of env-entry-type:

java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.String
java.lang.Short
java.lang.Integer
java.lang.Long
java.lang.Float
java.lang.Double

Used in: env-entry
-->
<!ELEMENT env-entry-type (#PCDATA)>

<!--
The env-entry-value element contains the value of a web application's
environment entry. The value must be a String that is valid for the
constructor of the specified type that takes a single String
parameter, or for java.lang.Character, a single character.

Example:

<env-entry-value>100.00</env-entry-value>

Used in: env-entry
-->
<!ELEMENT env-entry-value (#PCDATA)>

<!--
The error-code contains an HTTP error code, ex: 404

Used in: error-page
-->
<!ELEMENT error-code (#PCDATA)>

<!--
The error-page element contains a mapping between an error code
or exception type to the path of a resource in the web application

Used in: web-app
-->
<!ELEMENT error-page ((error-code | exception-type), location)>

<!--
The exception type contains a fully qualified class name of a
Java exception type.

Used in: error-page
-->

<!ELEMENT exception-type (#PCDATA)>

<!--
The extension element contains a string describing an
extension. example: "txt"

Used in: mime-mapping
-->
<!ELEMENT extension (#PCDATA)>

<!--
Declares a filter in the web application. The filter is mapped to
either a servlet or a URL pattern in the filter-mapping element, using
the filter-name value to reference. Filters can access the
initialization parameters declared in the deployment descriptor at
runtime via the FilterConfig interface.
Used in: web-app
-->
<!ELEMENT filter (icon?, filter-name, display-name?, description?,
filter-class, filter-lib,init-param*)>
<!--
The fully qualified classname of the filter.
Used in: filter
-->
<!ELEMENT filter-class (#PCDATA)>
<!--
The library name where the filter can be found.
Must be inside the WEB-INF/lib directory
Used in: filter
-->
<!ELEMENT filter-lib (#PCDATA)>
<!--
Declaration of the filter mappings in this web application. The
container uses the filter-mapping declarations to decide which filters
to apply to a request, and in what order. The container matches the
request URI to a Servlet in the normal way. To determine which filters
to apply it matches filter-mapping declarations either on servlet-name,
or on url-pattern for each filter-mapping element, depending on which
style is used. The order in which filters are invoked is the order in
which filter-mapping declarations that match a request URI for a
servlet appear in the list of filter-mapping elements. The filter-name
value must be the value of the <filter-name> sub-elements of one of the
<filter> declarations in the deployment descriptor.

Used in: web-app
-->
<!ELEMENT filter-mapping (filter-name, (url-pattern | servlet-name))>

<!--
The logical name of the filter. This name is used to map the filter.
Each filter name is unique within the web application.

Used in: filter, filter-mapping
-->
<!ELEMENT filter-name (#PCDATA)>

<!--
The form-error-page element defines the location in the web app
where the error page that is displayed when login is not successful
can be found. The path begins with a leading / and is interpreted
relative to the root of the WAR.

Used in: form-login-config

-->
<!ELEMENT form-error-page (#PCDATA)>

<!--
The form-login-config element specifies the login and error pages
that should be used in form based login. If form based authentication
is not used, these elements are ignored.

Used in: login-config
-->
<!ELEMENT form-login-config (form-login-page, form-error-page)>

<!--
The form-login-page element defines the location in the web app
where the page that can be used for login can be found. The path
begins with a leading / and is interpreted relative to the root of the WAR.

Used in: form-login-config
-->
<!ELEMENT form-login-page (#PCDATA)>

<!--
The home element contains the fully-qualified name of the enterprise
bean's home interface.

Used in: ejb-ref

Example:

<home>com.aardvark.payroll.PayrollHome</home>
-->
<!ELEMENT home (#PCDATA)>

<!--
The http-method contains an HTTP method (GET | POST |...).

Used in: web-resource-collection
-->
<!ELEMENT http-method (#PCDATA)>

<!--
The icon element contains small-icon and large-icon elements that
specify the file names for small and a large GIF or JPEG icon images
used to represent the parent element in a GUI tool.

Used in: filter, servlet, web-app
-->
<!ELEMENT icon (small-icon?, large-icon?)>

<!--
The init-param element contains a name/value pair as an
initialization param of the servlet

Used in: filter, servlet
-->
<!ELEMENT init-param (param-name, param-value, description?)>

<!--
The jsp-file element contains the full path to a JSP file within
the web application beginning with a `/'.

Used in: servlet
-->
<!ELEMENT jsp-file (#PCDATA)>

<!--
The large-icon element contains the name of a file
containing a large (32 x 32) icon image. The file
name is a relative path within the web application's
war file.

The image may be either in the JPEG or GIF format.
The icon can be used by tools.

Used in: icon

Example:

<large-icon>employee-service-icon32x32.jpg</large-icon>
-->
<!ELEMENT large-icon (#PCDATA)>

<!--
The listener element indicates the deployment properties for a web
application listener bean.

Used in: web-app
-->
<!ELEMENT listener (listener-class,listener-lib)>

<!--
The listener-class element declares a class in the application must be
registered as a web application listener bean. The value is the fully qualified classname
of the listener class.

Used in: listener
-->
<!ELEMENT listener-class (#PCDATA)>

<!--
The the library name where the listener can be found.
Must be inside the WEB-INF/lib directory

Used in: listener
-->
<!ELEMENT listener-lib (#PCDATA)>

<!--
The load-on-startup element indicates that this servlet should be
loaded (instantiated and have its init() called) on the startup
of the web application. The optional contents of
these element must be an integer indicating the order in which
the servlet should be loaded. If the value is a negative integer,
or the element is not present, the container is free to load the
servlet whenever it chooses. If the value is a positive integer
or 0, the container must load and initialize the servlet as the
application is deployed. The container must guarantee that
servlets marked with lower integers are loaded before servlets
marked with higher integers. The container may choose the order
of loading of servlets with the same load-on-start-up value.

Used in: servlet
-->
<!ELEMENT load-on-startup (#PCDATA)>

<!--
The local element contains the fully-qualified name of the
enterprise bean's local interface.

Used in: ejb-local-ref

-->
<!ELEMENT local (#PCDATA)>

<!--
The local-home element contains the fully-qualified name of the
enterprise bean's local home interface.

Used in: ejb-local-ref
-->
<!ELEMENT local-home (#PCDATA)>

<!--
The location element contains the location of the resource in the web
application relative to the root of the web application. The value of
the location must have a leading `/'.

Used in: error-page
-->
<!ELEMENT location (#PCDATA)>

<!--
The login-config element is used to configure the authentication
method that should be used, the realm name that should be used for
this application, and the attributes that are needed by the form login
mechanism.

Used in: web-app
-->
<!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>

<!--
The mime-mapping element defines a mapping between an extension
and a mime type.

Used in: web-app
-->
<!ELEMENT mime-mapping (extension, mime-type)>

<!--
The mime-type element contains a defined mime type. example:
"text/plain"

Used in: mime-mapping
-->
<!ELEMENT mime-type (#PCDATA)>
<!--
The param-name element contains the name of a parameter. Each parameter
name must be unique in the web application.

Used in: context-param, init-param
-->
<!ELEMENT param-name (#PCDATA)>

<!--
The param-value element contains the value of a parameter.

Used in: context-param, init-param
-->
<!ELEMENT param-value (#PCDATA)>

<!--
The realm name element specifies the realm name to use in HTTP
Basic authorization.

Used in: login-config
-->
<!ELEMENT realm-name (#PCDATA)>

<!--
The remote element contains the fully-qualified name of the enterprise
bean's remote interface.

Used in: ejb-ref

Example:

<remote>com.wombat.empl.EmployeeService</remote>
-->
<!ELEMENT remote (#PCDATA)>

<!--
The res-auth element specifies whether the web application code signs
on programmatically to the resource manager, or whether the Container
will sign on to the resource manager on behalf of the web application.
In the latter case, the Container uses information that is supplied
by the Deployer.

The value of this element must be one of the two following:

<res-auth>Application</res-auth>
<res-auth>Container</res-auth>

Used in: resource-ref
-->
<!ELEMENT res-auth (#PCDATA)>

<!--
The res-ref-name element specifies the name of a resource manager
connection factory reference. The name is a JNDI name relative to the
java:comp/env context. The name must be unique within a web application.

Used in: resource-ref
-->
<!ELEMENT res-ref-name (#PCDATA)>

<!--
The res-sharing-scope element specifies whether connections obtained
through the given resource manager connection factory reference can be
shared. The value of this element, if specified, must be one of the
two following:

<res-sharing-scope>Shareable</res-sharing-scope>
<res-sharing-scope>Unshareable</res-sharing-scope>

The default value is Shareable.

Used in: resource-ref
-->
<!ELEMENT res-sharing-scope (#PCDATA)>

<!--
The res-type element specifies the type of the data source. The type
is specified by the fully qualified Java language class or interface
expected to be implemented by the data source.
Used in: resource-ref
-->
<!ELEMENT res-type (#PCDATA)>

<!--
The resource-env-ref element contains a declaration of a web application's
reference to an administered object associated with a resource
in the web application's environment. It consists of an optional
description, the resource environment reference name, and an
indication of the resource environment reference type expected by
the web application code.

Used in: web-app

Example:

<resource-env-ref>
<resource-env-ref-name>jms/StockQueue</resource-env-ref-name>
<resource-env-ref-type>javax.jms.Queue</resource-env-ref-type>
</resource-env-ref>
-->
<!ELEMENT resource-env-ref (description?, resource-env-ref-name,
resource-env-ref-type)>

<!--
The resource-env-ref-name element specifies the name of a resource
environment reference; its value is the environment entry name used in
the web application code. The name is a JNDI name relative to the
java:comp/env context and must be unique within a web application.

Used in: resource-env-ref
-->
<!ELEMENT resource-env-ref-name (#PCDATA)>

<!--
The resource-env-ref-type element specifies the type of a resource
environment reference. It is the fully qualified name of a Java
language class or interface.

Used in: resource-env-ref
-->
<!ELEMENT resource-env-ref-type (#PCDATA)>

<!--
The resource-ref element contains a declaration of a web application's
reference to an external resource. It consists of an optional
description, the resource manager connection factory reference name,
the indication of the resource manager connection factory type
expected by the web application code, the type of authentication
(Application or Container), and an optional specification of the
shareability of connections obtained from the resource (Shareable or
Unshareable).

Used in: web-app

Example:
<resource-ref>
<res-ref-name>jdbc/EmployeeAppDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
-->
<!ELEMENT resource-ref (description?, res-ref-name, res-type, res-auth,
res-sharing-scope?)>

<!--
The role-link element is a reference to a defined security role. The
role-link element must contain the name of one of the security roles
defined in the security-role elements.

Used in: security-role-ref
-->
<!ELEMENT role-link (#PCDATA)>

<!--
The role-name element contains the name of a security role.

The name must conform to the lexical rules for an NMTOKEN.

Used in: auth-constraint, run-as, security-role, security-role-ref
-->
<!ELEMENT role-name (#PCDATA)>

<!--
The run-as element specifies the run-as identity to be used for the
execution of the web application. It contains an optional description, and
the name of a security role.

Used in: servlet
-->
<!ELEMENT run-as (description?, role-name)>

<!--
The security-constraint element is used to associate security
constraints with one or more web resource collections

Used in: web-app
-->
<!ELEMENT security-constraint (display-name?, web-resource-collection+,
auth-constraint?, user-data-constraint?)>

<!--
The security-role element contains the definition of a security
role. The definition consists of an optional description of the
security role, and the security role name.

Used in: web-app

Example:

<security-role>
<description>
This role includes all employees who are authorized
to access the employee service application.
</description>
<role-name>employee</role-name>
</security-role>
-->
<!ELEMENT security-role (description?, role-name)>

<!--
The security-role-ref element contains the declaration of a security
role reference in the web application's code. The declaration consists
of an optional description, the security role name used in the code,
and an optional link to a security role. If the security role is not
specified, the Deployer must choose an appropriate security role.

The value of the role-name element must be the String used as the
parameter to the EJBContext.isCallerInRole(String roleName) method
or the HttpServletRequest.isUserInRole(String role) method.

Used in: servlet

-->
<!ELEMENT security-role-ref (description?, role-name, role-link?)>

<!--
The servlet element contains the declarative data of a
servlet. If a jsp-file is specified and the load-on-startup element is
present, then the JSP should be precompiled and loaded.

Used in: web-app
-->
<!ELEMENT servlet (icon?, servlet-name, display-name?, description?,
(servlet-class|jsp-file), servlet-lib, init-param*, load-on-startup?,
run-as?, security-role-ref*)>

<!--
The servlet-class element contains the fully qualified class name
of the servlet.

Used in: servlet
-->
<!ELEMENT servlet-class (#PCDATA)>

<!--
The the library name where the filter can be found.
Must be inside the WEB-INF/lib directory

Used in: servlet
-->
<!ELEMENT servlet-lib (#PCDATA)>

<!--
The servlet-mapping element defines a mapping between a servlet
and a url pattern

Used in: web-app
-->
<!ELEMENT servlet-mapping (servlet-name, url-pattern)>

<!--
The servlet-name element contains the canonical name of the
servlet. Each servlet name is unique within the web application.

Used in: filter-mapping, servlet, servlet-mapping
-->
<!ELEMENT servlet-name (#PCDATA)>
<!--
The session-config element defines the session parameters for
this web application.

Used in: web-app
-->
<!ELEMENT session-config (session-timeout?)>

<!--
The session-timeout element defines the default session timeout
interval for all sessions created in this web application. The
specified timeout must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures the default
behavior of sessions is never to time out.

Used in: session-config
-->
<!ELEMENT session-timeout (#PCDATA)>

<!--
The small-icon element contains the name of a file
containing a small (16 x 16) icon image. The file
name is a relative path within the web application's
war file.

The image may be either in the JPEG or GIF format.
The icon can be used by tools.

Used in: icon

Example:

<small-icon>employee-service-icon16x16.jpg</small-icon>
-->
<!ELEMENT small-icon (#PCDATA)>

<!--
The taglib element is used to describe a JSP tag library.
Used in: web-app

-->
<!ELEMENT taglib (taglib-uri, taglib-location)>

<!--
the taglib-location element contains the location (as a resource
relative to the root of the web application) where to find the Tag
Libary Description file for the tag library.

Used in: taglib
-->
<!ELEMENT taglib-location (#PCDATA)>

<!--
The taglib-uri element describes a URI, relative to the location
of the web.xml document, identifying a Tag Library used in the Web
Application.

Used in: taglib
-->
<!ELEMENT taglib-uri (#PCDATA)>
<!--
The transport-guarantee element specifies that the communication
between client and server should be NONE, INTEGRAL, or
CONFIDENTIAL. NONE means that the application does not require any
transport guarantees. A value of INTEGRAL means that the application
requires that the data sent between the client and server be sent in
such a way that it can't be changed in transit. CONFIDENTIAL means
that the application requires that the data be transmitted in a
fashion that prevents other entities from observing the contents of
the transmission. In most cases, the presence of the INTEGRAL or
CONFIDENTIAL flag will indicate that the use of TLS/SSL is required.

Used in: user-data-constraint
-->
<!ELEMENT transport-guarantee (#PCDATA)>

<!--
The url-pattern element contains the url pattern of the mapping. Must
follow the rules specified in Section 11.2 of the Servlet API
Specification.

Used in: filter-mapping, servlet-mapping, web-resource-collection
-->
<!ELEMENT url-pattern (#PCDATA)>

<!--
The user-data-constraint element is used to indicate how data
communicated between the client and container should be protected.

Used in: security-constraint
-->
<!ELEMENT user-data-constraint (description?, transport-guarantee)>

<!--
The web-resource-collection element is used to identify a subset
of the resources and HTTP methods on those resources within a web
application to which a security constraint applies. If no HTTP methods
are specified, then the security constraint applies to all HTTP
methods.

Used in: security-constraint
-->
<!ELEMENT web-resource-collection (web-resource-name, description?,
url-pattern*, http-method*)>

<!--
The web-resource-name contains the name of this web resource
collection.

Used in: web-resource-collection
-->
<!ELEMENT web-resource-name (#PCDATA)>

<!--
The welcome-file element contains file name to use as a default
welcome file, such as index.html

Used in: welcome-file-list
-->
<!ELEMENT welcome-file (#PCDATA)>

<!--
The welcome-file-list contains an ordered list of welcome files
elements.

Used in: web-app
-->
<!ELEMENT welcome-file-list (welcome-file+)>

<!--
The ID mechanism is to allow tools that produce additional deployment
information (i.e., information beyond the standard deployment
descriptor information) to store the non-standard information in a
separate file, and easily refer from these tool-specific files to the
information in the standard deployment descriptor.

Tools are not allowed to add the non-standard information into the
standard deployment descriptor.
-->
<!ATTLIST auth-constraint id ID #IMPLIED>
<!ATTLIST auth-method id ID #IMPLIED>
<!ATTLIST context-param id ID #IMPLIED>
<!ATTLIST description id ID #IMPLIED>
<!ATTLIST display-name id ID #IMPLIED>
<!ATTLIST distributable id ID #IMPLIED>
<!ATTLIST ejb-link id ID #IMPLIED>
<!ATTLIST ejb-local-ref id ID #IMPLIED>
<!ATTLIST ejb-ref id ID #IMPLIED>
<!ATTLIST ejb-ref-name id ID #IMPLIED>
<!ATTLIST ejb-ref-type id ID #IMPLIED>
<!ATTLIST env-entry id ID #IMPLIED>
<!ATTLIST env-entry-name id ID #IMPLIED>
<!ATTLIST env-entry-type id ID #IMPLIED>
<!ATTLIST env-entry-value id ID #IMPLIED>
<!ATTLIST error-code id ID #IMPLIED>
<!ATTLIST error-page id ID #IMPLIED>
<!ATTLIST exception-type id ID #IMPLIED>
<!ATTLIST extension id ID #IMPLIED>
<!ATTLIST filter id ID #IMPLIED>
<!ATTLIST filter-class id ID #IMPLIED>
<!ATTLIST filter-mapping id ID #IMPLIED>
<!ATTLIST filter-name id ID #IMPLIED>
<!ATTLIST form-error-page id ID #IMPLIED>
<!ATTLIST form-login-config id ID #IMPLIED>
<!ATTLIST form-login-page id ID #IMPLIED>
<!ATTLIST home id ID #IMPLIED>
<!ATTLIST http-method id ID #IMPLIED>
<!ATTLIST icon id ID #IMPLIED>
<!ATTLIST init-param id ID #IMPLIED>
<!ATTLIST jsp-file id ID #IMPLIED>
<!ATTLIST large-icon id ID #IMPLIED>
<!ATTLIST listener id ID #IMPLIED>
<!ATTLIST listener-class id ID #IMPLIED>
<!ATTLIST load-on-startup id ID #IMPLIED>
<!ATTLIST local id ID #IMPLIED>
<!ATTLIST local-home id ID #IMPLIED>
<!ATTLIST location id ID #IMPLIED>
<!ATTLIST login-config id ID #IMPLIED>
<!ATTLIST mime-mapping id ID #IMPLIED>
<!ATTLIST mime-type id ID #IMPLIED>
<!ATTLIST param-name id ID #IMPLIED>
<!ATTLIST param-value id ID #IMPLIED>
<!ATTLIST realm-name id ID #IMPLIED>
<!ATTLIST remote id ID #IMPLIED>
<!ATTLIST res-auth id ID #IMPLIED>
<!ATTLIST res-ref-name id ID #IMPLIED>
<!ATTLIST res-sharing-scope id ID #IMPLIED>
<!ATTLIST res-type id ID #IMPLIED>
<!ATTLIST resource-env-ref id ID #IMPLIED>
<!ATTLIST resource-env-ref-name id ID #IMPLIED>
<!ATTLIST resource-env-ref-type id ID #IMPLIED>
<!ATTLIST resource-ref id ID #IMPLIED>
<!ATTLIST role-link id ID #IMPLIED>
<!ATTLIST role-name id ID #IMPLIED>
<!ATTLIST run-as id ID #IMPLIED>
<!ATTLIST security-constraint id ID #IMPLIED>
<!ATTLIST security-role id ID #IMPLIED>
<!ATTLIST security-role-ref id ID #IMPLIED>
<!ATTLIST servlet id ID #IMPLIED>
<!ATTLIST servlet-class id ID #IMPLIED>
<!ATTLIST servlet-mapping id ID #IMPLIED>
<!ATTLIST servlet-name id ID #IMPLIED>
<!ATTLIST session-config id ID #IMPLIED>
<!ATTLIST session-timeout id ID #IMPLIED>
<!ATTLIST small-icon id ID #IMPLIED>
<!ATTLIST taglib id ID #IMPLIED>
<!ATTLIST taglib-location id ID #IMPLIED>
<!ATTLIST taglib-uri id ID #IMPLIED>
<!ATTLIST transport-guarantee id ID #IMPLIED>
<!ATTLIST url-pattern id ID #IMPLIED>
<!ATTLIST user-data-constraint id ID #IMPLIED>
<!ATTLIST web-app id ID #IMPLIED>
<!ATTLIST web-resource-collection id ID #IMPLIED>
<!ATTLIST web-resource-name id ID #IMPLIED>
<!ATTLIST welcome-file id ID #IMPLIED>
<!ATTLIST welcome-file-list id ID #IMPLIED>