<Server>

   <!-- Use a custom version of StandardService that allows the
   connectors to be started independent of the normal lifecycle
   start to allow web apps to be deployed before starting the
   connectors.
   -->
   <Service name="jboss.web">

      <!-- A HTTP/1.1 Connector on port 8080 -->
      <Connector port="8080" address="${jboss.bind.address}"
         maxThreads="250" maxHttpHeaderSize="8192"
         emptySessionPath="true"
         enableLookups="false" redirectPort="8443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true"/>

      <!-- A AJP 1.3 Connector on port 8009 -->
      <Connector port="8009" address="${jboss.bind.address}"
         emptySessionPath="true" enableLookups="false" redirectPort="8443" 
         protocol="AJP/1.3"/>

      <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
      <Connector port="8443" address="${jboss.bind.address}"
           maxThreads="100" maxHttpHeaderSize="8192"
           emptySessionPath="true" SSLEnabled="true"
           scheme="https" secure="true" clientAuth="true"
           truststoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
           truststorePass="unit-tests-server" 
           keystoreFile="${jboss.server.home.dir}/conf/localhost.keystore"
           keystorePass="unit-tests-server" sslProtocol = "TLS" />

      <Engine name="jboss.web" defaultHost="localhost">

         <!-- The JAAS based authentication and authorization realm implementation
         that is compatible with the jboss 3.2.x realm implementation.
         - certificatePrincipal : the class name of the
         org.jboss.security.auth.certs.CertificatePrincipal impl
         used for mapping X509[] cert chains to a Princpal.
         -->
         <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            />
         <!-- A subclass of JBossSecurityMgrRealm that uses the authentication
         behavior of JBossSecurityMgrRealm, but overrides the authorization
         checks to use JACC permissions with the current java.security.Policy
         to determine authorized access.
         <Realm className="org.jboss.web.tomcat.security.JaccAuthorizationRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            />
         -->

         <Host name="localhost"
            autoDeploy="false" deployOnStartup="false" deployXML="false">

            <!-- Uncomment to enable request dumper. This Valve "logs interesting 
                 contents from the specified Request (before processing) and the 
                 corresponding Response (after processing). It is especially useful 
                 in debugging problems related to headers and cookies."
            -->
            <!--
            <Valve className="org.apache.catalina.valves.RequestDumperValve" />
            -->
 
            <!-- Access logger -->
            <!--
            <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
                prefix="localhost_access_log." suffix=".log"
                pattern="common" directory="${jboss.server.home.dir}/log" 
                resolveHosts="false" />
            -->

            <!-- Uncomment to enable single sign-on across web apps
                deployed to this host. Does not provide SSO across a cluster.     
            
                If this valve is used, do not use the JBoss ClusteredSingleSignOn 
                valve shown below. 
             -->
            <!--
            <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
            -->

            <!-- Uncomment to enable single sign-on across web apps
               deployed to this host AND to all other hosts in the cluster
               with the same virtual hostname.
            
               If this valve is used, do not use the standard Tomcat SingleSignOn
               valve shown above.
            
               This valve uses JGroups to communicate across the cluster.  The 
               JGroups Channel used for this communication can be configured
               by editing the "sso-channel.xml" file found in the same folder
               as this file.  If this valve is running on a machine with multiple
               IP addresses, configuring the "bind_addr" property of the JGroups
               UDP protocol may be necessary.  Another possible configuration 
               change would be to enable encryption of intra-cluster communications.
               See the sso-channel.xml file for more details.
            
               Besides the attributes supported by the standard Tomcat
               SingleSignOn valve (see the Tomcat docs), this version also supports 
               the following attribute:
            
               partitionName     the name of the cluster partition in which 
                                 this node participates.  If not set, the default
                                 value is "sso-partition/" + the value of the
                                 "name" attribute of the Host element that
                                 encloses this element (e.g. "sso-partition/localhost")
            -->
            <!--
            <Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />
            -->
         
            <!-- Uncomment to check for unclosed connections and transaction terminated checks
                 in servlets/jsps.
                 Important: You need to uncomment the dependency on the CachedConnectionManager
                            in META-INF/jboss-service.xml
            <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
                cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
                transactionManagerObjectName="jboss:service=TransactionManager" />
            -->

         </Host>

      </Engine>

   </Service>

</Server>
