WAS 5.1 部署应用容器属性配置

WAS 5.1 部署应用容器属性配置

引用地址：http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com.ibm.websphere.base.doc/info/aes/ae/uweb_custom_settings.html

 

 

Web container custom properties

Use this page to configure arbitrary name-value pairs of data, where the name is a property key and the value is a string value that you can use to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available in the administrative console.

To view this administrative console page, click Servers > Application servers > server_name > Web container settings > Web container > Custom properties.

To specify Web container custom properties:

1. In the administrative console click Servers > Application Servers > server_name > Web Container settings > Web Container
2. Under Additional Properties select Custom Properties.
3. On the Custom Properties page, click New.
4. On the settings page, enter the name of the custom property that you want to configure in the Name field and the value that you want to set it to in the Value field.
5. Click Apply or OK.
6. Click Save on the console task bar to save your configuration changes.
7. Restart the server.

 

HTTP Transport custom properties can also be set at the Web container level. See HTTP transport custom properties for a description of these properties.

Name

Specifies the name or key for the property.

 

Value

Specifies the value that is paired with the specified name.

Data type

String

Description

Specifies information about the name-value pair.

Data type

String

 

Global settings for internal servlets

Web application archive (WAR) files that are packaged using third-party tools cannot specify behavior for the services that are exposed by the Web container internal servlets. You can globally enable and disable internal servlets for all Web applications at the Web container level by creating name-value pairs such as:

Name	Value
fileServingEnabled	true
directoryBrowsingEnabled	true
serveServletsByClassnameEnabled	true

Settings that are defined in an assembly tool take precedence over the global settings that are set through the custom properties at the Web container level.

Web application deployment extensions continue to hold configuration information for the services that are provided by the internal servlets, and take precedence over the global settings that are set through the custom properties at the Web container level.

Disallow the use of the serving servlets by class name

When the serveServletsByClassnameEnabled property is enabled, it is possible to access servlets directly, resulting in a possible security exposure. Define the following custom property to disallow the use of the serveServletsByClassnameEnabled property across the entire application server level.

Name	Value
com.ibm.ws.webcontainer.disallowserveservletsbyclassname	true

Defining classes that cannot be served by class name

The com.ibm.ws.webcontainer.donotservebyclassname custom property specifies a list of classes that cannot be served by the class name.

Name	Value
com.ibm.ws.webcontainer.donotservebyclassname	A semi-colon delimited list of classes to be completely disallowed from being served by class name.

UTF-8 encoded URLs

The UTF-8 encoded URL feature, which provides UTF-8 encoded Uniform Resource Locators (URLs) to support the double-byte characters in URLs is enabled by default. You can prevent the Web container from explicitly decoding URLs in UTF-8 and have them use the ISO-8859 standard as per the current HTTP specification by using the following name-value pair:

Name	Value
DecodeUrlAsUTF8	false

Global configuration of servlet listeners

The servlet specification supports applications registering listeners for servlet-related events on an individual application basis through the web.xml descriptor. However, using the listeners custom property, a server can listen to servlet events across Web applications. To implement global listening, a listener is registered at the Web container level and is propagated to all of the installed and new Web applications. This global behavior of internal servlet listeners is controlled by the listeners custom property by using the following name-value pair format:

Name	Value
listeners	listener_class

The values for this property is a string specifying a comma separated list of listener classes. The listener supplied must implement standard listener classes from the Java Servlet API or IBM listener extension classes.

Binary Large Object (BLOB) data type for Oracle databases

The UseOracleBLOB custom property creates the HTTP session database table using the Binary Large Object (BLOB) data type for the medium column. This property increases performance of persistent sessions when Oracle databases are used. Due to an Oracle restriction, BLOB support requires use of the Oracle's oci database driver for more than 4000 bytes of data. You must also ensure that a new sessions table is created before the server is restarted by dropping your old sessions table or by changing the datasource definition to reference a database that does not contain a sessions table. To create a sessions table using the BLOB data type, use the following name-vaule pair:

Name	Value
UseOracleBLOB	true

Detecting Session Data Crossover

The DebugSessionCrossover custom property enables code to perform additional checks to verify that only the session associated with the request is accessed or referenced. Messages are logged if any discrepancies are detected. To enable session data crossover detection, use the following name-value pair:

Name	Value
DebugSessionCrossover	true

See article, Problems creating or using HTTP sessions, for additional information.

ForceSessionInvalidationMultiple

The ForceSessionInvalidationMultiple custom property indicates whether the session manager should wait indefinitely for a request to complete before attempting to invalidate the session, or should attempt to invalidate a session after the specified time limit has elapsed. The default value for this property is 1.

• If you specify 0 (zero) for this custom property, the session manager waits indefinitely until a request is complete before attempting to invalidate the session.

  If your requests normally are not bound by a response time limit, you should specify 0 for this property.

• If you specify a positive integer, such as 1, 2, or 3, for this custom property, even if a session is not known to have completed, the session manager attempts to invalidate the session, if the indicated time period since the last access occurred has elapsed. This time period is the result of multiplying the value specified for this property and the value specified for the Session Timeout property. For example, if you specify 2 minutes for the Session Timeout property and 2 for the ForceSessionInvalidationMultiple property, the session manager will attempt to invalidate the session after 4 minutes.

  If you want to invalidate your sessions after a certain amount of time has elapsed, specify the appropriate positive integer for this property.

 

 

Name	Value
ForceSessionInvalidationMultiple	1

HTTPS requests with an SSL offloader

The custom property httpsIndicatorHeader manages HTTPS requests that are forwarded to an application server from an SSL offloader that is used in front of WebSphere Application Server. When an HTTPS request is received by a SSL offloader it is redirected over HTTP to an application server using WebSphere Application Server. The SSL offloader adds a header indicating the original request was over HTTP. The httpsIndicatorHeader property specifies the header name added by the SSL box. The application server checks this indicator to determine if SSL is required. If it determines the request is SSL over HTTP, an HTTPS scheme is chosen.

Name	Value
httpsIndicatorHeader	Request header key name

HttpSessionIdReuse

The custom property HttpSessionIdReuse determines whether the session manager can use the session ID sent from a browser to preserve session data across Web applications that are running in an environment that is not configured for session persistence. In a multi-JVM environment that is not configured for session persistence setting this property to true enables the session manager to use the same session information for all of a user's requests even if the Web applications that are handling these requests are governed by different JVMs. The default value for this property is false. To enable the session manager ton use the session ID sent from a browser to preserve session data across Web applications that are running in an environment that is not configured for session persistence, use the following name-value pair:

Name	Value
HttpSessionIdReuse	true

Optimizing web services client to Web container communication

To improve performance, there is an optimized communication path between a Web services client application and a Web container that are located in the same application server process. Requests from the Web services client that are normally sent to the Web container using a network connection are delivered directly to the Web container using an optimized local path. The local path is available because the Web services client application and the Web container are running in the same process. This optimized communication path is disabled by default. Before enabling this property, make sure that wild cards are not specified for the Web container ports. Use specific ports for the web container when the optimized communication path is enabled. To enable the optimized communication path, use the following name-value pair:

Name	Value
enableInProcessConnections	true

Returning the port number from the request host header first

The getServerPort method relies on the getVirtualPort method of the channel, which returns a port number in the following order:

1. Port number from the request URL
2. Port number from the request host header

This order is compliant with HTTP/1.1 RFC but not with the [/topic/topic/body/section/p/tm {"- topic/tm "}) Java (tm] Servlet Specification Version 2.4 API, which requires the port number from the host header to be returned first, if any, or the request URL. The correct returned URL for the above example is: http://ProxyServer:8888. The Web container was modified to return a port number from the host header, if any, or the URL port that accepted the client connection. You must set the trusthostheaderport and the com.ibm.ws.webcontainer.extractHostHeaderPort custom property to true to return the port number from the request host header first. For example, set these properties in the web.xml file using:

trusthostheaderport = true     
com.ibm.ws.webcontainer.extractHostHeaderPort = true

 

Or you can set these properties as Web container custom properties in the administrative console using the following two sets of name-value pairs:

Name	Value
com.ibm.ws.webcontainer.extractHostHeaderPort	true
trusthostheaderport	true