|
|
http://www.sbbi.net/jafs/1.0/jafs-server Schema documentation
Definition
>
Declared Namespaces
>
Top-level element(s)
>
List of elements
>
List of simple types
>
Element declarations
>
Simple types declarations
Definition
FTP server configuration grammar
Declared Namespaces
| Prefix | Namespace |
| Default namespace | http://www.sbbi.net/jafs/1.0/jafs-server |
| xml | http://www.w3.org/XML/1998/namespace |
| xs | http://www.w3.org/2001/XMLSchema |
Top-level element(s)
server
List of elements
access,
accessTimeFrame,
authRealm,
blackList,
cipher,
closedMessage,
command,
commands,
customMessage,
customTrustManagers,
disclamerMessage,
downloadFilter,
enabledCipherSuites,
entry,
event,
events,
feat,
feats,
fileSystem,
fileType,
filters,
hammeringService,
ipAddress,
issuerDN,
list,
loginMessage,
logLevel,
logoutMessage,
mailReport,
maxDownloadRate,
maximumSessionsNumber,
maxUploadRate,
news,
path,
port,
ratio,
reverseLookup,
rights,
root,
server,
serverLanguage,
serverShutdown,
setting,
singleEntry,
siteList,
sound,
sounds,
sslSettings,
subjectDN,
timeOut,
trustedCertificates,
trustManager,
uploadFilter,
user,
userBind,
users
List of simple types
AvailableLanguages,
BlackListReloadTime,
BufferSize,
IPTOS,
IPv4Address,
ListReloadTime,
LogLevel,
PortRange,
ServerPortRange,
SessionEvents
Element declarations
| access |
|
| Description | An access user rights setting. |
|
| Content | Sequence : fileType?,
path{1} |
|
| Attributes |
|
rights | type: xs:string
required attribute
| A rights setting for this access entry.
Rights for a file : rf : read, df : delete, rn : rename, nra : no ratio,
of : overwrite file, hf : access hidden files.
Rights for a directory ( file rights herited ) : cf : create file, dd :
delete directory, cd : create directory, rd : rename directory,
cwd : change working directory. |
|
|
| Used inside | rights
|
| authRealm |
|
| Description | Setting to define which JAAS auth realm is used for this server. |
|
| Content | Empty |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the realm to be used, as defined
in one of the login-configuration entries of http://www.sbbi.net/1.0.1/jafs/jafs-service namespace.
The realm will be used for user authentication. |
|
|
| Used inside | server
|
| accessTimeFrame |
|
| Description | CURRENTLY NOT IMPLEMENTED ! User server access time frame setting. |
|
| Content | Empty |
|
| Attributes |
|
startTime | type: xs:time
required attribute
| The start date ( from which the user can log in ) |
|
endTime | type: xs:time
required attribute
| The end hour ( from which the user cannot log in ) |
|
|
| Used inside | user
|
| blackList |
|
| Description | This is the black list entries. All the IP ranges
entered here won't have access to your server, if you do not want to
load any list simply create a <blackList/> empty tag.
Entries can be either retreived from the internet if you provide a valid
parser or entered manually with <singleEntry> tags |
|
| Content | Sequence : list*,
singleEntry* |
|
| Used inside | server
|
| closedMessage |
|
| Description | Server closed message |
|
| Content | xs:string |
|
| Used inside | server
|
| command |
|
| Description | A ftp server command |
|
| Content | Sequence : setting* |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the command this name MUST be
RFC 959 compliant |
|
location | type: xs:string
optional attribute
| The location of the class, can be either
empty or not specified for a local class or
"http//:www.myhost.com/myjar.jar" for a network
location. WARNING : if you retreive the code from the network, there
is currently NO WARRANTY about what the code will be actually doing. |
|
className | type: xs:string
required attribute
| This is the name of the class to be used for this
command, to implement your own commands, simply
write a class implementing the net.sbbi.jafs.commands.CommandInterface |
|
|
| Used inside | commands
|
| commands |
|
| Description | Commands available on this server, comment a
<command> tag if you want to remove it from the server.
Warning : commenting certain commands will break RFC compliance
and maybe make your server unworkable so do it only if you know
what you're doing. You can also change the className command for
an alternate implementation. |
|
| Content | Sequence : command{1,} |
|
| Used inside | server
|
| customMessage |
|
| Description | A message that will appear in the site list file |
|
| Content | xs:string |
|
| Used inside | siteList
|
| customTrustManagers |
|
| Description | Container for custom trust managers config entries |
|
| Content | Sequence : trustManager? |
|
| Used inside | sslSettings
|
| disclamerMessage |
|
| Description | The disclamer message, you can use variables that are
defined in the xml_auth_realm.xml file for dynamic messages support.
I.E : You are client nb ${currConn}/${maxConn} |
|
| Content | xs:string |
|
| Used inside | server
|
| enabledCipherSuites |
|
| Description | setting to define the list of available SSL/TLS cipher suites for the server.
An empty list means that all available cipher are used by the server. A list of available cipher will be
listed during server start-up if a wrong cipher name has been set.
Watch out to not remove to many cipher suite since
this can break FTP clients compatibility. |
|
| Content | Sequence : cipher* |
|
| Used inside | sslSettings
|
| event |
|
| Description | An session event to be included in the mail activity report |
|
| Content | Empty |
|
| Attributes |
|
name | type: SessionEvents
required attribute
| The name of the session event that must be included in the mail activity report |
|
|
| Used inside | events
|
| events |
|
| Description | An session events set elements settings used to generate the content of the mail activity report |
|
| Content | Sequence : event* |
|
| Used inside | mailReport
|
| feat |
|
| Description | A server feature command |
|
| Content | Sequence : setting* |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the feature, defines the command name |
|
location | type: xs:string
optional attribute
| The location of the feature implementation, can be
either empty or not specified for a local class or
"http://www.myhost.com/myjar.jar" for a network
location. WARNING : if you retreive the code from the network, there
is currently NO WARRANTY about what the code will be actually doing. |
|
className | type: xs:string
required attribute
| The name of the class that implements this feature,
to implement your own feature simply implement the
net.sbbi.jafs.commands.FeatCommandInterface interface |
|
|
| Used inside | feats
|
| feats |
|
| Description | Features available on this server, the list will appear
when a FEAT command is issued by a ftp client |
|
| Content | Sequence : feat* |
|
| Used inside | server
|
| fileSystem |
|
| Description | File system access settings |
|
| Content | Sequence : rights{1,} |
|
| Attributes |
|
cacheDirs | type: xs:boolean
required attribute
| Indicates if the fileSystem directories names will be cached for
faster searches or not |
|
|
| Used inside | server
|
| fileType |
|
| Description | File extensions allowed to be uploaded into the path
defined in the path tag. This list can be comma delimited for multiple
file extension support I.E : <fileType>com,bat,exe,jpeg,txt</fileType> |
|
| Content | xs:string |
|
| Used inside | access
|
| filters |
|
| Description | Container for filter tags, those filter will run when x
bytes are uploaded or downloaded if any of those trigger return true
then the transfert will be interrupted for each filter, the fileType and
triggerOffSet setting is mandatory. downloadFilter have exactly the same
attributes that uploadFilter, only the tag name does change.
The "fileType" setting value is a comma delimited file
extension list ( I.E fileType="txt,doc" to match all
txt and doc files, fileType="txt" to match only txt
files ), you can use the * char for wildcard mathching.
The setting "triggerOffSet" contains the value
of uploaded/downloaded bytes count to trigger the filter ( I.E
triggerOffSet="1000" to trigger the filter when 1000
bytes are uploaded/downloaded ), use the value -1 to trigger the filter when
the upload or download is finished |
|
| Content | Sequence : downloadFilter*,
uploadFilter* |
|
| Used inside | server
|
| hammeringService |
|
| Description | Setting for clients that "hammer" the
server when the server is full |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:boolean
required attribute
| Enable or disables hammering support on the server |
|
hammeringTime | type: xs:unsignedShort
required attribute
| Setting to determine after which time in seconds a
client is considered to hammer the server when it cannot connect |
|
bannedAfter | type: xs:byte
required attribute
| Setting to determine after how many retries the
client should be banned |
|
|
| Used inside | server
|
| ipAddress |
|
| Description | The ip address allowed to access this server, if nothing
is set then every address will have access. To set an address range
simply insert only the beggining of the IP I.E 127.0. will accept all
hosts whose IP start with 127.0. |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:string
required attribute
| The ip value |
|
|
| Used inside | user
|
| issuerDN |
|
| Description | Indicates a certificate issuer DN ( verisign,
globalsign, thawte ) that is trusted |
|
| Content | xs:string |
|
| Attributes |
|
caseSensitive | type: xs:boolean
required attribute
| indicates if the issuerDN setting content is
case sensitive for certificate issuer matching or not |
|
|
| Used inside | entry
|
| list |
|
| Description | An IP blocklist entry |
|
| Content | Empty |
|
| Attributes |
|
location | type: xs:anyURI
optional attribute
| The location of the list I.E : http://www.thelist.com |
|
parserClassName | type: xs:string
required attribute
| The name of the class that will parse this list retreived
with the location attribute in order to extract the ip ranges.
If you want to implement a custom list simply create a class that implement
the net.sbbi.jafs.ipblocklists.BlackListedIPListParser interface |
|
rescanTime | type: BlackListReloadTime
required attribute
| The time in hours to refresh the list |
|
name | type: xs:string
required attribute
| The name of the list |
|
|
| Used inside | blackList
|
| logLevel |
|
| Description | The logging level of the server |
|
| Content | Empty |
|
| Attributes |
|
value | type: LogLevel
required attribute
| The level value, ALL means that all log information
are logged, FATAL is the smallest level and means that only serious
problems will be logged |
|
|
| Used inside | server
|
| loginMessage |
|
| Description | Server welcome message, supports dynamic messages |
|
| Content | xs:string |
|
| Used inside | server
|
| logoutMessage |
|
| Description | Server logout message, supports dynamic messages |
|
| Content | xs:string |
|
| Used inside | server
|
| mailReport |
|
| Description | This entry is used to define if you want to use or not mail reporting concerning session activity on the server |
|
| Content | Sequence : events{1} |
|
| Attributes |
|
enabled | type: xs:boolean
required attribute
| Enables or disables the report of session activity by mail |
|
time | type: xs:int
required attribute
| The time interval in minutes to send the mail |
|
smtpServerId | type: xs:string
required attribute
| this is the smtp server id defined in the service configuration file at jafs-service.mail-settings.smtp@id |
|
|
| Used inside | server
|
| maxDownloadRate |
|
| Description | The user maximum download rate in kilo bytes per seconds |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:int
required attribute
| The rate value, -1 means that no check is done |
|
|
| Used inside | user
|
| maxUploadRate |
|
| Description | The user maximum upload rate in kilo bytes per seconds |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:int
required attribute
| The rate value, -1 means that no check is done |
|
|
| Used inside | user
|
| maximumSessionsNumber |
|
| Description | Maximum number of clients connected simultaneously setting |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:positiveInteger
required attribute
| The setting value |
|
perIPAddress | type: xs:positiveInteger
required attribute
| Maximum simultaneous client sessions per ip address |
|
|
| Used inside | server
|
| news |
|
| Description | Settings to create a news listing file on the server,
this will list into this generated file all files that are not older
than a certain amount of days. |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:boolean
required attribute
| Enables or not the news list generation |
|
compress | type: xs:boolean
required attribute
| Compress as a zip file this news file |
|
directory | type: xs:string
required attribute
| Where the news file will be published on the server,
the path is releative to the server root |
|
generateTime | type: ListReloadTime
required attribute
| The number of hours between each news list regeneration |
|
timeLimit | type: xs:positiveInteger
required attribute
| The time in days to insert the file into the list.
I.E : 20 will include in the list all files that are not older than
20 days |
|
includeFiles | type: xs:boolean
required attribute
| >Includes files names in the list or only directory names |
|
|
| Used inside | server
|
| port |
|
| Description | Data transferts ports settings. Allow the server to use pasv mode or not
and defines the pasv port allocation range and timeout to connect in PORT or PASV mode |
|
| Content | Empty |
|
| Attributes |
|
pasv | type: xs:boolean
required attribute
| Enabled or not PASV support on the server |
|
pasvDownPort | type: PortRange
required attribute
| The beggining value of port allocation for PASV connections |
|
pasvUpPort | type: PortRange
required attribute
| The end value of port allocation for PASV connections |
|
activeDownPort | type: PortRange
optional attribute
| The beggining value of the source port allocation for active (PORT mode) connections.
With this setting you can define exactly the range of source ports used for active connections,
usefull for example to fine tune your firewall settings. Make sure that you define a big enough ports range since a too small
range could cause problems (Unable to open data connections) as long as closed socket stay in TIME_WAIT mode,
or lower your TIME_WAIT timeout to make sure that the src port can be quickly reused.
When the setting is not provided random free ports will be used. |
|
activeUpPort | type: PortRange
optional attribute
| The end value of port allocation for PASV connections |
|
timeout | type: xs:positiveInteger
required attribute
| Timeout value in seconds for a client to establish the data connection for file transferts in PORT or PASV mode |
|
allowFXP | type: xs:boolean
required attribute
| If your server can be used for FXP transferts then
set this to true otherwise to false |
|
NATOnTheFlyPortsOpen | type: xs:boolean
required attribute
| If JAFS is using a network interface configured with an NAT mapper,
you can specify with this setting that all PASV ports NAT mappings will be done
during server startup (false) or when a client is issuing a PASV command (false)
for a certain amount of time (timeout setting).
The latest setting is slower (0.5~1 sec) since each time a client is issuing a PASV command, the server will
need to ask the router to open the desired port for the desired time. When set to false all ports (upPort - downPort)
are opened during server startup and stay routed until server stops.
If the ports range is very large this could cause problems with the router NAT table that could be too small.
In resumee : if you have a very large PASV ports range set this to true, if not (3-4 ports) set this to false.
Watch out that if you deploy 20 servers with 3-4 pasv ports, the router NAT table could be too small so
in that case you should set this setting to true even if you define only 3-4 PASV ports.
|
|
|
| Used inside | server
|
| path |
|
| Description | A file or directory path relative to the server root for
an rights access setting. I.E
<path>/</path> match all files and
directories on the server |
|
| Content | xs:string |
|
| Used inside | access
|
| ratio |
|
| Description | Setting to enable ratio for the user |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:boolean
required attribute
| The setting value |
|
scale | type: xs:unsignedInt
required attribute
| The ratio scale value 3 means that for each byte
uploaded 3 bytes are given.
Note that currently no negative ratio is implemented |
|
credit | type: xs:unsignedInt
required attribute
| Base credits received ( in bytes ) when the user
first logs in |
|
|
| Used inside | user
|
| reverseLookup |
|
| Description | Allows reverse host name lookup, such lookup can degrade
performance if set to true, since DNS queries will be done to determine
the host name |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:boolean
required attribute
| Reverse lookup setting value |
|
|
| Used inside | server
|
| rights |
|
| Description | Access rights setting on the file system |
|
| Content | Sequence : access{1,},
userBind* |
|
| Attributes |
|
id | type:
required attribute
| The id of this setting entry |
|
|
| Used inside | fileSystem
|
| root |
|
| Description | Root directory of the server |
|
| Content | xs:string |
|
| Used inside | server
|
| server |
|
| Description | FTP server configuration grammar |
|
| Content | Any : authRealm{1},
blackList{1},
closedMessage{1},
commands{1},
disclamerMessage{1},
feats{1},
fileSystem{1},
filters{1},
hammeringService{1},
loginMessage{1},
logLevel{1},
logoutMessage{1},
mailReport{1},
maximumSessionsNumber{1},
news{1},
port{1},
reverseLookup{1},
root{1},
serverLanguage{1},
serverShutdown{1},
siteList{1},
sounds{1},
sslSettings{1},
timeOut{1},
users{1} |
|
| Attributes |
|
code | type: xs:string
required attribute
| The code of the FTP server, its unique identifier.
This code MUST be unique within all deployed servers. |
|
port | type: ServerPortRange
required attribute
| The server port value |
|
firewallPort | type: ServerPortRange
required attribute
| The server port value on the firewall side, will only work
if a NAT mapper has been defined with the network interface used by the server. This setting will map the firewall/router port value
on the port defined by the port server setting. |
|
networkInterface | type: xs:string
optional attribute
| The network interface indentifier defined in the service configuration
to be used with the server. When not defined, the default network interface defined in the service configuration file will be used. |
|
wanAccess | type: xs:boolean
required attribute
| Define if the server will be accessible
from the internet or not. This setting also determines if ports will be openend
or not on the network router/NAT device if a NAT mapper has been defined with the network interface used by the server. |
|
controlTOS | type: IPTOS
optional attribute
| The IP Type-of-Service value for the control socket, values can be :
NORMAL,LOWCOST,RELIABILITY,THROUGHPUT,LOWDELAY,SECURITY. The LOWDELAY TOS will be used when this setting is not provided |
|
dataTOS | type: IPTOS
optional attribute
| The IP Type-of-Service value for the data socket, values can be :
NORMAL,LOWCOST,RELIABILITY,THROUGHPUT,LOWDELAY,SECURITY. The THROUGHPUT TOS will be used when this setting is not provided |
|
|
| Used inside | |
| serverLanguage |
|
| Description | Internationalization settings for the server |
|
| Content | Empty |
|
| Attributes |
|
locale | type: AvailableLanguages
required attribute
| The language of the server, french or english |
|
outputCharSet | type: xs:string
optional attribute
| The character set that will be used to send data for the session
control to the FTP client,
The setting should match a value defined at http://www.iana.org/assignments/character-sets.
Note that all values are not guaranteed to be supported by the JDK,
a list of available values will be displayed during server startup
if the value provided is invalid. When no value provided, the OS default character set will be used. |
|
|
| Used inside | server
|
| serverShutdown |
|
| Description | Setting concerning server shutdown sequence |
|
| Content | Empty |
|
| Attributes |
|
warnClients | type: xs:boolean
required attribute
| Setting to warn connected clients when the server is
shutting down. Warning all clients can consume time to stop the
server, turn off this feature if the server handle a large
connections amount |
|
|
| Used inside | server
|
| singleEntry |
|
| Description | A custom entry for a blacklisted IP |
|
| Content | Empty |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the custom entry |
|
startIpRange | type: xs:string
required attribute
| The start range of ip address to block |
|
stopIpRange | type: xs:string
required attribute
| The stop range of ip address to block |
|
|
| Used inside | blackList
|
| siteList |
|
| Description | Settings to create a site listing file on the server,
this is an automatic task |
|
| Content | Sequence : customMessage{1} |
|
| Attributes |
|
value | type: xs:boolean
required attribute
| Setting to enable or disable the site list generation |
|
compress | type: xs:boolean
required attribute
| Compress the list as a zip file or not |
|
directory | type: xs:string
required attribute
| Where the list will be published on the server, the
path is releative to the server root ( <root> tag
value ) |
|
generateTime | type: ListReloadTime
required attribute
| The number of hours between each sitelist regeneration |
|
includeFiles | type: xs:boolean
required attribute
| Setting to include files name in the list or only
directory names |
|
|
| Used inside | server
|
| sound |
|
| Description | A sound setting for a server event, the content of the
tag is the WAV file path to play |
|
| Content | xs:string |
|
| Attributes |
|
event | type: SessionEvents
required attribute
| The event type that will play the defined sound file |
|
|
| Used inside | sounds
|
| sounds |
|
| Description | Sound events, link a wav file to play a sound on an
server event, for each desired event insert a wav file path that will be
played for the event |
|
| Content | Sequence : sound* |
|
| Used inside | server
|
| sslSettings |
|
| Description | This is the SSL settings, it allows you to verify
certificates provided by remote hosts and reject them if they are not
listed in the trustedEntries list. |
|
| Content | Sequence : customTrustManagers?,
enabledCipherSuites?,
trustedCertificates? |
|
| Attributes |
|
isSSLServer | type: xs:boolean
required attribute
| Sets this server to be an explicit ( false ) or
implicit ( true ) server. Implicit means only SSL connections are allowed,
explicit means that "clear" connections can be be established and the AUTH command
will be used to switch to an SSL connection. |
|
needCertificate | type: xs:boolean
required attribute
| Specify if the client needs to provide a valid (
meaning signed by a root certificate authority ) certificate for SSL
connection establishment. Warning, if this option is enabled, all the
clients that do not provide a valid certificate will be
automatically rejected, the certificates values check is ONLY done when the
needCertificate option is set to true. If set to false the values defined in the
issuerDN and subjectDN tags will have NO effect.
|
|
defaultProt | type: xs:string
required attribute
| This setting defines what is the default encrypted connection mechanism
that will be used for connections establishment with a server in implicit mode.
The values depends of your installed Java Runtime Environement, for SUN JRE the values can be :
SSL : for SSL v3 connections
TLS : for TLV v1 connections
Check your JRE documentation for other supported values.
|
|
certsConfName | type: xs:string
optional attribute
| This let you define what keystore/ca certificates store/CRL checks configuration
entry defined in the service configuration file needs to be used with the server.
When the setting is not provided, the first entry in the service configuration will be used.
|
|
|
| Used inside | server
|
| subjectDN |
|
| Description | A certificate subject configuration DN ( Distinguished
Name ) the common name of the subject (CN) the unit of the subject (OU)
the organization of the subject (O) the city of the subject (ST) the
town of the subject (L) the country of the subject (C)
<subjectDN
caseSensitive="false">CN=john
doe,O=DOE.*,C=CH</subjectDN> means accepts only hosts that connect
with a signed certificates whose CN entry match "john doe"
and whose in company O entry start with "DOE"
in country (C entry) is CH.
All values after equals are regular expressions,
but those expressions do not start with "/" nor finish with "/" |
|
| Content | xs:string |
|
| Attributes |
|
caseSensitive | type: xs:boolean
required attribute
| Indicates if the subjectDN setting content is
case sensitive for certificate subject matching or not |
|
|
| Used inside | entry
|
| timeOut |
|
| Description | timeout in seconds when the client is identified or not
into the system |
|
| Content | Empty |
|
| Attributes |
|
value | type: xs:unsignedInt
required attribute
| the timeout value |
|
|
| Used inside | server
user
|
| trustedCertificates |
|
| Description | Configuration for a trusted X509 certificates,
remove the <entry> tags if you want to
skip this certificate checking. Any host certificate that does not match
any entry element will be disconnected from the server make sure that
the needCertificate setting is enabled otherwise such certificate checks
are not made. The subjectDN and issuerDN can contain regular
expressions for each DN values the subjectDN or subjectDN are not
always both needed but 1 setting is needed at least.
Add multiple Entry tags to affine certificate matching access.
|
|
| Content | Sequence : entry* |
|
| Used inside | sslSettings
|
| trustManager |
|
| Description | A custom trust manager entry config for the server.
Such managers are responsible to check the SSL certificate data during
SSL session creation, you can plug your own trust manager to accept or reject
peer host certificates.
|
|
| Content | Sequence : setting* |
|
| Attributes |
|
trustManagerFactory | type: xs:string
required attribute
| This is the trust manager factory class name responsible for the
javax.net.ssl.X509TrustManager objects creation
This factory needs to implement the net.sbbi.jafs.utils.TrustManagerFactory interface.
|
|
|
| Used inside | customTrustManagers
|
| uploadFilter |
|
| Description | Setting for an upload filter, this filter will be
triggered during uploads for certain file type and after a set
number of bytes are uploaded. |
|
| Content | Sequence : setting{2,} |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the trigger, must be unique |
|
location | type: xs:string
optional attribute
| The location of the bytecode, can be either
null or not specified for a local class or
"http//:www.myhost.com/myjar.jar" for a network
location. WARNING : if you retreive the code from the network, there
is currently NO WARRANTY about what the code will be actually doing,
it could screw up your computer. the code will need to be signed and
reviewed in the future, this will warrant that the code is secure |
|
className | type: xs:string
required attribute
| This is the name of the class to be used for this
trigger, for custom filters please implement the
net.sbbi.jafs.filters.Filter interface |
|
|
| Used inside | filters
|
| downloadFilter |
|
| Description | Setting for a download filter, this filter will be
triggered during downloads for certain file types and after a designed
number of bytes are downloaded. |
|
| Content | Sequence : setting{2,} |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the trigger, must be unique |
|
location | type: xs:string
optional attribute
| The location of the bytecode, can be either
"classpath" for a local class or
"http//:www.myhost.com/myjar.jar" for a network
location. WARNING : if you retreive the code from the network, there
is currently NO WARRANTY about what the code will be actually doing,
it could screw up your computer. the code will need to be signed and
reviewed in the future, this will warrant that the code is secure |
|
className | type: xs:string
required attribute
| This is the name of the class to be used for this
trigger, for custom filters please implement the
net.sbbi.jafs.filters.Filter interface |
|
|
| Used inside | filters
|
| user |
|
| Description | A user entry for server access |
|
| Content | Sequence : accessTimeFrame*,
ipAddress?,
maxDownloadRate{1},
maxUploadRate{1},
ratio{1},
timeOut{1} |
|
| Attributes |
|
name | type: xs:string
required attribute
| The user name is a regular expression and should match an user name (or a set of names).
defined by the server JAAS authentication realm.
I.E administrator : will match all user names "administrator", admin.* will match all users whose name starts with "admin". |
|
account | type: xs:boolean
required attribute
| Tells that the user as an account |
|
maxConnNb | type: xs:int
required attribute
| The maximum connections number that this user can
have simultaneously on the server this setting cannot be greater
that the maximumSessionsNumber tag setting. -1 means that no check
will be done and the user can log in as long as there is remaing
free connection |
|
userHome | type: xs:string
optional attribute
| Setting to override the server root and define the user home dir such as /home/myUser.
The user home can also be evaluated based on the provided session user name.
Two keywords can be used for evaluation : $USERNAME and $UNRE:$regexp:$UNRE.
Let's assume that the session user name is "testUser".
The first keyword will replaced with the provided username. I.E : /home/$USERNAME will become /home/testUser.
The second keyword can be used to evaluate a regular expression ($regexp) on the username. I.E :
/home/$UNRE:(\D{2}).*:$UNRE/$UNRE:\D{2}(\D).*:$UNRE/ will become /home/te/s/.
Note that only the first matching group (using () chars) of the regular expression will be used to make the remplacement.
Make also sure to test correctly your settings since a wrong regular expression settings could deny user access
on the server. |
|
secureControlTransport | type: xs:boolean
optional attribute
| Define if the user must or not use a secure transport (such as TLS/SSL) when logged in for the control session.
When not provided, the user is free to use secure transport as he wants. |
|
secureDataTransport | type: xs:boolean
optional attribute
| Define if the user must or not use a secure transport (such as TLS/SSL) for the data transferts.
When not provided, the user is free to use secure data transferts as he wants. |
|
|
| Used inside | users
|
| userBind |
|
| Description | Element to bind a user to a file system access setting entry, the content is a regular expression matching an user name
(or a set of names) defined in the server JAAS authentication realm. |
|
| Content | xs:string |
|
| Used inside | rights
|
| users |
|
| Description | Users tag for user settings |
|
| Content | Sequence : user* |
|
| Used inside | server
|
Simple types declarations
| BufferSize |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 4096 |
| Min value | 256 |
| ServerPortRange |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 65536 |
| Min value | 1 |
| PortRange |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 65536 |
| Min value | 1024 |
| BlackListReloadTime |
|
| Description | No type description provided |
|
| Base type | xs:unsignedByte |
| Max value | 48 |
| Min value | 1 |
| ListReloadTime |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 44640 |
| Min value | 1 |
| LogLevel |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | ALL |
DEBUG |
INFO |
WARN |
ERROR |
FATAL |
| SessionEvents |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | * |
onConnect |
onDisconnect |
onLogin |
onTimeout |
onWelcome |
onWrongCredentials |
onFileDelete |
onFileRenamed |
onFileUploadFinished |
onFileUploadStart |
onFailedFileUpload |
onAbortedFileUpload |
onFileUploadFilterMatch |
onFileDownloadFinished |
onFileDownloadStart |
onFailedFileDownload |
onAbortedFileDownload |
onFileDownloadFilterMatch |
| IPTOS |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | NORMAL |
LOWCOST |
RELIABILITY |
THROUGHPUT |
LOWDELAY |
SECURITY |
| AvailableLanguages |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | fr_FR |
en_US |
| IPv4Address |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Pattern | ((0|1[0-9]{0,2}|2([0-4][0-9]?|5[0-5]?|[6-9])?|[3-9][0-9]?)\.
){3}(0|1[0-9]{0,2}|2([0-4][0-9]?|5[0-5]?|[6-9])?|[3-9][0-9]?) |
|
JAFS server
