|
|
http://www.sbbi.net/jafs/1.0/jafs-service Schema documentation
Definition
>
Declared Namespaces
>
Top-level element(s)
>
List of elements
>
List of simple types
>
Element declarations
>
Simple types declarations
Definition
JAFS service configuration grammar
Declared Namespaces
| Prefix | Namespace |
| Default namespace | http://www.sbbi.net/jafs/1.0/jafs-service |
| xml | http://www.w3.org/XML/1998/namespace |
| xs | http://www.w3.org/2001/XMLSchema |
Top-level element(s)
jafs-service
List of elements
adapter,
auth-realms,
cacerts-store,
caStoreFile,
crl,
crls,
dynamic-dns-client,
events-listeners,
events-receivers,
fw-nat-ports-mapper,
jafs-service,
key-store,
keyStoreFile,
listener,
login-configuration,
login-module,
logs-dir,
mail-settings,
management,
network-interface,
network-interfaces,
receiver,
scheduler,
script,
scripts,
server-event,
servers-config-dir,
services-data-dir,
services-event,
session-event,
setting,
smtp,
ssl-settings,
stats-service,
store-settings,
target-events,
task,
whois-server
List of simple types
AvailableLanguages,
ConsolePortRange,
DynamicIPCheckTime,
JAASLoginModuleFlagsValues,
ManagementSecurityProtocol,
ReceiverListeningTime,
ServerEvents,
ServicesEvents,
SessionEvents,
StatsComputeTime
Element declarations
| adapter |
|
| Description | An JMX adapter config, these JMX adapters are
basically used to access the server MBeans from outside. |
|
| Content | Sequence : setting* |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the adapter |
|
class-name | type: xs:string
required attribute
| The adapter class name, the class must implement
the net.sbbi.jafs.management.JMXAdapter interface |
|
|
| Used inside | management
|
| dynamic-dns-client |
|
| Description | A dynamic DNS client to update host names registered with DynDNS.org like companies |
|
| Content | Sequence : setting{1} |
|
| Attributes |
|
id | type: xs:string
required attribute
| The entry identifier |
|
class-name | type: xs:string
required attribute
| The client class name to update the host name registered in a
dynamic DNS provider, this class must implement the net.sbbi.jafs.utils.DynamicDNSHostNameUpdater interface. |
|
|
| Used inside | network-interface
|
| jafs-service |
|
| Description | This xml grammar is used for global JAFS system settings |
|
| Content | Any : auth-realms{1},
events-listeners{1},
events-receivers{1},
logs-dir{1},
mail-settings{1},
management{1},
network-interfaces{1},
scheduler{1},
scripts{1},
servers-config-dir{1},
services-data-dir{1},
ssl-settings{1},
stats-service{1},
whois-server{1} |
|
| Used inside | |
| auth-realms |
|
| Description | authentication realms, define here the login modules you want to use with your different servers,
the realms are using JAAS PAM architecture. For more info about JAAS take a
look at http://java.sun.com/j2se/1.4.1/docs/guide/security/jaas/JAASRefGuide.html |
|
| Content | Choice : login-configuration{1} |
|
| Attributes |
|
usable | type: xs:boolean
required attribute
| this boolean enables those JAAS login modules
settings to be used with JAFS. If set to false you'll have to set the
regular JAAS configuration file.
|
|
|
| Used inside | jafs-service
|
| cacerts-store |
|
| Description | Trusted CA certificates key store, all signed clients X509 certificates by a
CA contained in this key store will be accepted |
|
| Content | Sequence : caStoreFile{1} |
|
| Attributes |
|
password | type: xs:string
| the password for this CA certificates keystore |
|
type | type: xs:string
| the type of the CA keystore |
|
algo | type: xs:string
optional attribute
| The CA keystore algorithm identifier, if not provided the ssl.TrustManagerFactory.algorithm system property will be used. |
|
provider | type: xs:string
optional attribute
| The CA keystore implementation provider name. |
|
|
| Used inside | store-settings
|
| crl |
|
| Description | A crl (Certificate Revocation List) config entry |
|
| Content | Empty |
|
| Attributes |
|
location | type: xs:anyURI
required attribute
| This is the location of the list. |
|
name | type: xs:string
required attribute
| This is the name of the CRL entry, used to identify it. |
|
|
| Used inside | crls
|
| crls |
|
| Description | Settings to which define CRLs (Certificate Revocation List) must be used to check a client certificate |
|
| Content | Sequence : crl{1,} |
|
| Attributes |
|
reload-time | type: xs:int
required attribute
| This is the time interval in minutes to reload the CRL config entries,
so that the lists are keept up to date. |
|
|
| Used inside | store-settings
|
| servers-config-dir |
|
| Description | this is the servers config files directory, put all the server config files you want to use here |
|
| Content | xs:string |
|
| Used inside | jafs-service
|
| server-event |
|
| Description | A server type event container tag |
|
| Content | Empty |
|
| Attributes |
|
name | type: ServerEvents
required attribute
| The name of the event |
|
|
| Used inside | target-events
|
| services-event |
|
| Description | A services type event container tag |
|
| Content | Empty |
|
| Attributes |
|
|
| Used inside | target-events
|
| session-event |
|
| Description | A session type event container tag |
|
| Content | Empty |
|
| Attributes |
|
|
| Used inside | target-events
|
| network-interface |
|
| Description | A network interface configuration entry. |
|
| Content | Sequence : dynamic-dns-client*,
fw-nat-ports-mapper? |
|
| Attributes |
|
id | type: xs:string
required attribute
| The interface identifier within the software. |
|
default | type: xs:boolean
optional attribute
| This setting is used to define if this network interface is the default.
The default network interface will be used by components ( servers, jmx adapters.. )
who supports but do not specifiy a network interface identifier setting.
When no entries are set as default, the first configuration entry will be used as the default one. |
|
name | type: xs:string
required attribute
| The interface name, can be defined by an OS name (I.E eth0), an host name (I.E foo.bar.com) or an IP (I.E 192.168.1.33) |
|
fw-host-name | type: xs:string
optional attribute
| If the interface is behind a firewall, you can specify here the firewall host name or ip. |
|
dyn-ip-check-time | type: DynamicIPCheckTime
optional attribute
| If you have an dynamic IP, specify here the time in minute to check if the IP has changed. |
|
input-buffer | type: xs:positiveInteger
optional attribute
| The network interface input buffer size in Kbyte. |
|
output-buffer | type: xs:positiveInteger
optional attribute
| The network interface output buffer size in Kbyte. |
|
|
| Used inside | network-interfaces
|
| key-store |
|
| Description | key store settings, the key store contains your server certificate |
|
| Content | Sequence : keyStoreFile{1} |
|
| Attributes |
|
password | type: xs:string
| the password for this key store |
|
type | type: xs:string
| the type of the key store |
|
cert-alias | type: xs:string
optional attribute
| The certificate alias in the keystore to define the certificate to be returned by the server.
If not provided, a default implementation will try to find a certificate in the keystore matching
default criterias such as certificate type and allowed certificate CA isuers. |
|
algo | type: xs:string
optional attribute
| The keystore algorithm identifier, if not provided the ssl.KeyManagerFactory.algorithm system property will be used. |
|
provider | type: xs:string
optional attribute
| The keystore implementation provider name. |
|
|
| Used inside | store-settings
|
| listener |
|
| Description | An events listener configuration entry, these listeners can be used to receive events and then handle them as they need to be, see interface net.sbbi.jafs.events.PushEventsListener for
more information to create your own listener |
|
| Content | Sequence : setting*,
target-events{1} |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the listener, a simple custom identifier |
|
class-name | type: xs:string
required attribute
| The class name of the listener, the class must implement the net.sbbi.jafs.events.PushEventsListener interface. |
|
asynchronous | type: xs:boolean
optional attribute
| By default the listener are synchronous, meaning that once an event is fired by a component, the listener will receive it immediatly
and will use the component thread to do its job. This can cause some problems especially if the listener takes a lot of time to do its job. When set to true the listener will
receives events asynchronously, meaning that the listener will not receive immediatly but as soon as possible the event fired by a component.
The listener will have it's own dedicated thread to do it's job. If your listener implementation uses network it should be set to asynchronous to avoid any network lag issues.
Default value to false. |
|
|
| Used inside | events-listeners
|
| login-configuration |
|
| Description | A set of login modules configuration entry,
all login modules entries within a login module configuration will be used to
authenticate the user. |
|
| Content | Sequence : login-module{1} |
|
| Attributes |
|
name | type: xs:string
required attribute
| the identifier of this login module setting |
|
OTPEnabled | type: xs:string
required attribute
| setting to instruct if all the login modules in this config entry can be used with One Time Passwords,
make sure the login modules implements the net.sbbi.jafs.auth.OTPLoginModule for such functionality |
|
|
| Used inside | auth-realms
|
| login-module |
|
| Description | A login module configuration entry |
|
| Content | Sequence : setting{1} |
|
| Attributes |
|
flag | type: JAASLoginModuleFlagsValues
required attribute
| The requirement flag for a login module winthin a login modules set :
1) Required - The LoginModule is required to succeed.
If it succeeds or fails, authentication still continues
to proceed down the LoginModule list.
2) Requisite - The LoginModule is required to succeed.
If it succeeds, authentication continues down the
LoginModule list. If it fails,
control immediately returns to the application
(authentication does not proceed down the
LoginModule list).
3) Sufficient - The LoginModule is not required to
succeed. If it does succeed, control immediately
returns to the application (authentication does not
proceed down the LoginModule list).
If it fails, authentication continues down the
LoginModule list.
4) Optional - The LoginModule is not required to
succeed. If it succeeds or fails,
authentication still continues to proceed down the
LoginModule list.
|
|
class-name | type: xs:string
required attribute
| the JAAS login module class name |
|
|
| Used inside | login-configuration
|
| logs-dir |
|
| Description | directory path where server logs will be saved |
|
| Content | xs:string |
|
| Used inside | jafs-service
|
| events-listeners |
|
| Description | Events listener classes container. |
|
| Content | Sequence : listener* |
|
| Used inside | jafs-service
|
| events-receivers |
|
| Description | Events receivers classes container. |
|
| Content | Sequence : receiver* |
|
| Used inside | jafs-service
|
| fw-nat-ports-mapper |
|
| Description | Driver for automatic nat ports mappings on the firewall. |
|
| Content | Sequence : setting* |
|
| Attributes |
|
class-name | type: xs:string
required attribute
| The driver class name that will open/close the required ports, the driver must implement the net.sbbi.jafs.nat.NatPortsMapper class in order to be compatible. |
|
mappings-monitoring-time | type: xs:int
optional attribute
| This attribute is is used to define the time
lapse (in minutes) to check that all ports are correctly mapped on the NAT device.
The ports are remapped automatically when not mapped anymore (NAT device restart and config lost..).
When not provided or set to zero, the check will not be done. |
|
|
| Used inside | network-interface
|
| management |
|
| Description | settings for the JAFS JMX based management interface |
|
| Content | Sequence : adapter* |
|
| Attributes |
|
locale | type: AvailableLanguages
required attribute
| the language of the exposed management beans, french (
fr_FR ) or english (en_US) |
|
manage-session | type: xs:boolean
required attribute
| setting to manage connected clients,
if the server can accept a lot of client this setting should be turned off |
|
plug-to-server | type: xs:boolean
required attribute
| if set to true, the managment service will try to plug
on an existing JMX MBeans servers on the current JVM |
|
server-domain | type: xs:string
optional attribute
| this is the domain of the JMX server you want to use.
When the plug-to-server is set to true, Jafs will try to find an MBean server with this given name.
When the plug-to-server is set to false, Jafs will create an MBean server with this given name.
When not provided, the default value is Jafs. |
|
mbeans-prefix | type: xs:string
optional attribute
| the prefix used ( such as $PREFIX servers:name=server_sample_server ) for all Jafs MBeans object
names registration on the MBean Server. When not provided, the default value is Jafs. |
|
|
| Used inside | jafs-service
|
| mail-settings |
|
| Description | setting to define some mail profiles which will be used to send mails. |
|
| Content | Sequence : smtp{1} |
|
| Used inside | jafs-service
|
| keyStoreFile |
|
| Description | the path to the keystore file |
|
| Content | xs:string |
|
| Used inside | key-store
|
| caStoreFile |
|
| Description | the path to the certificates authorities store file |
|
| Content | xs:string |
|
| Used inside | cacerts-store
|
| receiver |
|
| Description | An events receiver configuration entry, these receivers can be used to receive events from the EIS, see interface net.sbbi.jafs.events.PullEventsListener for
more information to create your own receivers |
|
| Content | Sequence : setting* |
|
| Attributes |
|
name | type: xs:string
required attribute
| The name of the receiver, a simple custom identifier |
|
class-name | type: xs:string
required attribute
| The class name of the listener, the class must implement the net.sbbi.jafs.events.PullEventsListener interface. |
|
listening-time | type: ReceiverListeningTime
required attribute
| The receiver listening time interval in ms, each xx listening-time ms the receiver will listen if new events are available form the EIS. |
|
|
| Used inside | events-receivers
|
| scheduler |
|
| Description | scheduler task, currently not in use if you need an
external task you can go ahead, simple make sure that this task class
implements the Executable avalon interface |
|
| Content | Sequence : task{1} |
|
| Used inside | jafs-service
|
| task |
|
| Description | A custom task to execute each X mins. |
|
| Content | Sequence : setting* |
|
| Attributes |
|
name | type: xs:string
required attribute
| the name of the task |
|
interval | type: xs:unsignedInt
required attribute
| the execution interval in ms |
|
class-name | type: xs:string
required attribute
| the name of the class that implements this task, the class must implement
the Avalon org.apache.avalon.framework.activity.Executable interface and the org.apache.avalon.framework.parameters.Parameterizable
if the task needs external settings to work. |
|
|
| Used inside | scheduler
|
| script |
|
| Description | element to define where to load a scripts file |
|
| Content | Empty |
|
| Attributes |
|
file | type: xs:string
required attribute
| the path of the script file |
|
|
| Used inside | scripts
|
| scripts |
|
| Description | scripts location for variables output in server messages |
|
| Content | Choice : script{1} |
|
| Used inside | jafs-service
|
| services-data-dir |
|
| Description | this is the directory where some files used for server
state persistance will be storedthis is the directory where some files
used for server state persistance will be stored |
|
| Content | xs:string |
|
| Used inside | jafs-service
|
| smtp |
|
| Description | element to define some settings so that they can be used to send mails. |
|
| Content | Empty |
|
| Attributes |
|
id | type: xs:string
required attribute
| the id of this setting, this will be used in some other parts of
the config to bind mail setting to this entry. |
|
host | type: xs:string
required attribute
| the smtp hostname |
|
user | type: xs:string
| the smtp user name |
|
password | type: xs:string
| the smtp user password |
|
from | type: xs:string
required attribute
| the sender email |
|
to | type: xs:string
required attribute
| the receiver email |
|
cc | type: xs:string
| the carbon copy email |
|
bcc | type: xs:string
| the blind carbon copy email |
|
ni | type: xs:string
optional attribute
| the network interface to use to send mails. The default network interface will be used when no setting specified. |
|
|
| Used inside | mail-settings
|
| ssl-settings |
|
| Description | generic ssl settings for SSL servers and the SSL
management console |
|
| Content | Sequence : store-settings{1,} |
|
| Used inside | jafs-service
|
| stats-service |
|
| Description | statistics service setings |
|
| Content | Empty |
|
| Attributes |
|
time | type: StatsComputeTime
required attribute
| the stats computation time in mins, I.E 10 means
that statistics will be computed every 10 mins with data gathered
between this time. data is only gathered when a session ends |
|
|
| Used inside | jafs-service
|
| store-settings |
|
| Description | A setting entry to define a server certificate keystore/certificate alias,
a keystore to define the accepted CA certificats issuers and a list of CRL to check client certificates. |
|
| Content | Sequence : cacerts-store{1},
crls*,
key-store{1} |
|
| Attributes |
|
name | type: xs:string
required attribute
| The identifier of this store settings entry. Will be used to define which settings are
used by a server or other component that require such settings. |
|
system-default | type: xs:boolean
optional attribute
| Sets this store settings entry as the default JVM setting.
Only one entry ca ben configured with this setting set to true. |
|
|
| Used inside | ssl-settings
|
| whois-server |
|
| Description | Server host name to be used for FTP clients session whois lookups. |
|
| Content | xs:string |
|
| Used inside | jafs-service
|
Simple types declarations
| DynamicIPCheckTime |
|
| Description | No type description provided |
|
| Base type | xs:unsignedByte |
| Max value | 25 |
| Min value | 1 |
| ManagementSecurityProtocol |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | SSL |
TLS |
none |
| JAASLoginModuleFlagsValues |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | Requisite |
Required |
Sufficient |
Optional |
| ConsolePortRange |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 65536 |
| Min value | 1024 |
| ReceiverListeningTime |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 3600000 |
| Min value | 100 |
| StatsComputeTime |
|
| Description | No type description provided |
|
| Base type | xs:unsignedInt |
| Max value | 43200 |
| Min value | 10 |
| AvailableLanguages |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | fr_FR |
en_US |
| SessionEvents |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | * |
onConnect |
onDisconnect |
onLogin |
onTimeout |
onWelcome |
onWrongCredentials |
onFileDelete |
onFileRenamed |
onFileUploadFinished |
onFileUploadStart |
onFailedFileUpload |
onAbortedFileUpload |
onFileUploadFilterMatch |
onFileDownloadFinished |
onFileDownloadStart |
onFailedFileDownload |
onAbortedFileDownload |
onFileDownloadFilterMatch |
onInputBufferMaxSizeReceived |
| ServerEvents |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | * |
onServerClosed |
onServerOpened |
onServerStarted |
onServerStopped |
onServerFatalError |
onBannedUser |
onHammering |
onBlackListMatch |
onTooManyConns |
onTooManyConnsPerIp |
onMemoryShortage |
| ServicesEvents |
|
| Description | No type description provided |
|
| Base type | xs:string |
| Possible values | * |
onStatRefreshed |
onIPChanged |
onIPBlackListReload |
onCRLReload |
|
JAFS service
