jakarta.servlet.resources.web-common_5_0.xsd Maven / Gradle / Ivy
The newest version!
Copyright (c) 2009, 2020 Oracle and/or its affiliates. All rights reserved.
This program and the accompanying materials are made available under the
terms of the Eclipse Public License v. 2.0, which is available at
http://www.eclipse.org/legal/epl-2.0.
This Source Code may also be made available under the following Secondary
Licenses when the conditions for such availability set forth in the
Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
version 2 with the GNU Classpath Exception, which is available at
https://www.gnu.org/software/classpath/license.html.
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
...
The instance documents may indicate the published version of
the schema using the xsi:schemaLocation attribute for Jakarta EE
namespace with the following location:
https://jakarta.ee/xml/ns/jakartaee/web-common_5_0.xsd
]]>
The following conventions apply to all Jakarta EE
deployment descriptor elements unless indicated otherwise.
- In elements that specify a pathname to a file within the
same JAR file, relative filenames (i.e., those not
starting with "/") are considered relative to the root of
the JAR file's namespace. Absolute filenames (i.e., those
starting with "/") also specify names in the root of the
JAR file's namespace. In general, relative names are
preferred. The exception is .war files where absolute
names are preferred for consistency with the Servlet API.
The context-param element contains the declaration
of a web application's servlet context
initialization parameters.
The metadata-complete attribute defines whether this
deployment descriptor and other related deployment
descriptors for this module (e.g., web service
descriptors) are complete, or whether the class
files available to this module and packaged with
this application should be examined for annotations
that specify deployment information.
If metadata-complete is set to "true", the deployment
tool must ignore any annotations that specify deployment
information, which might be present in the class files
of the application.
If metadata-complete is not specified or is set to
"false", the deployment tool must examine the class
files of the application for annotations, as
specified by the specifications.
The auth-constraintType indicates the user roles that
should be permitted access to this resource
collection. The role-name used here must either correspond
to the role-name of one of the security-role elements
defined for this web application, or be the specially
reserved role-name "*" that is a compact syntax for
indicating all roles in the web application. If both "*"
and rolenames appear, the container interprets this as all
roles. If no roles are defined, no user is allowed access
to the portion of the web application described by the
containing security-constraint. The container matches
role names case sensitively when determining access.
The auth-methodType is used to configure the authentication
mechanism for the web application. As a prerequisite to
gaining access to any web resources which are protected by
an authorization constraint, a user must have authenticated
using the configured mechanism. Legal values are "BASIC",
"DIGEST", "FORM", "CLIENT-CERT", or a vendor-specific
authentication scheme.
Used in: login-config
The dispatcher has five legal values: FORWARD, REQUEST,
INCLUDE, ASYNC, and ERROR.
A value of FORWARD means the Filter will be applied under
RequestDispatcher.forward() calls.
A value of REQUEST means the Filter will be applied under
ordinary client calls to the path or servlet.
A value of INCLUDE means the Filter will be applied under
RequestDispatcher.include() calls.
A value of ASYNC means the Filter will be applied under
calls dispatched from an AsyncContext.
A value of ERROR means the Filter will be applied under the
error page mechanism.
The absence of any dispatcher elements in a filter-mapping
indicates a default of applying filters only under ordinary
client calls to the path or servlet.
The error-code contains an HTTP error code, ex: 404
Used in: error-page
The error-pageType contains a mapping between an error code
or exception type to the path of a resource in the web
application.
Error-page declarations using the exception-type element in
the deployment descriptor must be unique up to the class name of
the exception-type. Similarly, error-page declarations using the
error-code element must be unique in the deployment descriptor
up to the status code.
If an error-page element in the deployment descriptor does not
contain an exception-type or an error-code element, the error
page is a default error page.
Used in: web-app
The exception-type contains a fully qualified class
name of a Java exception type.
The location element contains the location of the
resource in the web application relative to the root of
the web application. The value of the location must have
a leading `/'.
The filterType is used to declare a filter in the web
application. The filter is mapped to either a servlet or a
URL pattern in the filter-mapping element, using the
filter-name value to reference. Filters can access the
initialization parameters declared in the deployment
descriptor at runtime via the FilterConfig interface.
Used in: web-app
The fully qualified classname of the filter.
The init-param element contains a name/value pair as
an initialization param of a servlet filter
Declaration of the filter mappings in this web
application is done by using filter-mappingType.
The container uses the filter-mapping
declarations to decide which filters to apply to a request,
and in what order. The container matches the request URI to
a Servlet in the normal way. To determine which filters to
apply it matches filter-mapping declarations either on
servlet-name, or on url-pattern for each filter-mapping
element, depending on which style is used. The order in
which filters are invoked is the order in which
filter-mapping declarations that match a request URI for a
servlet appear in the list of filter-mapping elements.The
filter-name value must be the value of the filter-name
sub-elements of one of the filter declarations in the
deployment descriptor.
This type defines a string which contains at least one
character.
The logical name of the filter is declare
by using filter-nameType. This name is used to map the
filter. Each filter name is unique within the web
application.
Used in: filter, filter-mapping
The form-login-configType specifies the login and error
pages that should be used in form based login. If form based
authentication is not used, these elements are ignored.
Used in: login-config
The form-login-page element defines the location in the web
app where the page that can be used for login can be
found. The path begins with a leading / and is interpreted
relative to the root of the WAR.
The form-error-page element defines the location in
the web app where the error page that is displayed
when login is not successful can be found.
The path begins with a leading / and is interpreted
relative to the root of the WAR.
A HTTP method type as defined in HTTP 1.1 section 2.2.
The login-configType is used to configure the authentication
method that should be used, the realm name that should be
used for this application, and the attributes that are
needed by the form login mechanism.
Used in: web-app
The realm name element specifies the realm name to
use in HTTP Basic authorization.
The mime-mappingType defines a mapping between an extension
and a mime type.
Used in: web-app
The extension element contains a string describing an
extension. example: "txt"
The mime-typeType is used to indicate a defined mime type.
Example:
"text/plain"
Used in: mime-mapping
The security-constraintType is used to associate
security constraints with one or more web resource
collections
Used in: web-app
The servletType is used to declare a servlet.
It contains the declarative data of a
servlet. If a jsp-file is specified and the load-on-startup
element is present, then the JSP should be precompiled and
loaded.
Used in: web-app
The servlet-class element contains the fully
qualified class name of the servlet.
The load-on-startup element indicates that this
servlet should be loaded (instantiated and have
its init() called) on the startup of the web
application. The optional contents of these
element must be an integer indicating the order in
which the servlet should be loaded. If the value
is a negative integer, or the element is not
present, the container is free to load the servlet
whenever it chooses. If the value is a positive
integer or 0, the container must load and
initialize the servlet as the application is
deployed. The container must guarantee that
servlets marked with lower integers are loaded
before servlets marked with higher integers. The
container may choose the order of loading of
servlets with the same load-on-start-up value.
The servlet-mappingType defines a mapping between a
servlet and a url pattern.
Used in: web-app
The servlet-name element contains the canonical name of the
servlet. Each servlet name is unique within the web
application.
The session-configType defines the session parameters
for this web application.
Used in: web-app
The session-timeout element defines the default
session timeout interval for all sessions created
in this web application. The specified timeout
must be expressed in a whole number of minutes.
If the timeout is 0 or less, the container ensures
the default behaviour of sessions is never to time
out. If this element is not specified, the container
must set its default timeout period.
The cookie-config element defines the configuration of the
session tracking cookies created by this web application.
The tracking-mode element defines the tracking modes
for sessions created by this web application
The cookie-configType defines the configuration for the
session tracking cookies of this web application.
Used in: session-config
The name that will be assigned to any session tracking
cookies created by this web application.
The default is JSESSIONID
The domain name that will be assigned to any session tracking
cookies created by this web application.
The path that will be assigned to any session tracking
cookies created by this web application.
The comment that will be assigned to any session tracking
cookies created by this web application.
Specifies whether any session tracking cookies created
by this web application will be marked as HttpOnly
Specifies whether any session tracking cookies created
by this web application will be marked as secure.
When true, all session tracking cookies must be marked
as secure independent of the nature of the request that
initiated the corresponding session.
When false, the session cookie should only be marked secure
if the request that initiated the session was secure.
The lifetime (in seconds) that will be assigned to any
session tracking cookies created by this web application.
Default is -1
The name that will be assigned to any session tracking
cookies created by this web application.
The default is JSESSIONID
Used in: cookie-config
The domain name that will be assigned to any session tracking
cookies created by this web application.
Used in: cookie-config
The path that will be assigned to any session tracking
cookies created by this web application.
Used in: cookie-config
The comment that will be assigned to any session tracking
cookies created by this web application.
Used in: cookie-config
The tracking modes for sessions created by this web
application
Used in: session-config
The transport-guaranteeType specifies that the communication
between client and server should be NONE, INTEGRAL, or
CONFIDENTIAL. NONE means that the application does not
require any transport guarantees. A value of INTEGRAL means
that the application requires that the data sent between the
client and server be sent in such a way that it can't be
changed in transit. CONFIDENTIAL means that the application
requires that the data be transmitted in a fashion that
prevents other entities from observing the contents of the
transmission. In most cases, the presence of the INTEGRAL or
CONFIDENTIAL flag will indicate that the use of SSL is
required.
Used in: user-data-constraint
The user-data-constraintType is used to indicate how
data communicated between the client and container should be
protected.
Used in: security-constraint
The elements that use this type designate a path starting
with a "/" and interpreted relative to the root of a WAR
file.
This type contains the recognized versions of
web-application supported. It is used to designate the
version of the web application.
The web-resource-collectionType is used to identify the
resources and HTTP methods on those resources to which a
security constraint applies. If no HTTP methods are specified,
then the security constraint applies to all HTTP methods.
If HTTP methods are specified by http-method-omission
elements, the security constraint applies to all methods
except those identified in the collection.
http-method-omission and http-method elements are never
mixed in the same collection.
Used in: security-constraint
The web-resource-name contains the name of this web
resource collection.
Each http-method names an HTTP method to which the
constraint applies.
Each http-method-omission names an HTTP method to
which the constraint does not apply.
The welcome-file-list contains an ordered list of welcome
files elements.
Used in: web-app
The welcome-file element contains file name to use
as a default welcome file, such as index.html
The localeType defines valid locale defined by ISO-639-1
and ISO-3166.
The encodingType defines IANA character sets.
The locale-encoding-mapping-list contains one or more
locale-encoding-mapping(s).
The locale-encoding-mapping contains locale name and
encoding name. The locale name must be either "Language-code",
such as "ja", defined by ISO-639 or "Language-code_Country-code",
such as "ja_JP". "Country code" is defined by ISO-3166.
This element indicates that the ordering sub-element in which
it was placed should take special action regarding the ordering
of this application resource relative to other application
configuration resources.
See section 8.2.2 of the specification for details.
This element specifies configuration information related to the
handling of multipart/form-data requests.
The directory location where uploaded files will be stored
The maximum size limit of uploaded files
The maximum size limit of multipart/form-data requests
The size threshold after which an uploaded file will be
written to disk