RubyGems - glassfish - Versions diffs - 0.1.1-universal-java-1.5 - Mend

glassfish 0.1.1-universal-java-1.5

Files changed (135) hide show

data/COPYRIGHT +33 -0
data/LICENSE.txt +263 -0
data/README +12 -0
data/bin/asadmin +7 -0
data/bin/asadmin.bat +8 -0
data/bin/glassfish_rails +40 -0
data/config/asadminenv.conf +6 -0
data/config/asenv.bat +28 -0
data/config/asenv.conf +27 -0
data/config/glassfish.container +4 -0
data/domains/domain1/config/admin-keyfile +3 -0
data/domains/domain1/config/cacerts.jks +0 -0
data/domains/domain1/config/default-web.xml +906 -0
data/domains/domain1/config/domain-passwords +0 -0
data/domains/domain1/config/domain.xml +208 -0
data/domains/domain1/config/keyfile +6 -0
data/domains/domain1/config/keystore.jks +0 -0
data/domains/domain1/config/logging.properties +82 -0
data/domains/domain1/config/login.conf +18 -0
data/domains/domain1/config/server.policy +160 -0
data/domains/domain1/config/sun-acc.xml +40 -0
data/domains/domain1/config/wss-server-config-1.0.xml +86 -0
data/domains/domain1/config/wss-server-config-2.0.xml +94 -0
data/domains/domain1/docroot/favicon.gif +0 -0
data/domains/domain1/docroot/index.html +87 -0
data/domains/domain1/master-password +0 -0
data/lib/appclient/appclientlogin.conf +10 -0
data/lib/appclient/client.policy +79 -0
data/lib/appclient/wss-client-config-1.0.xml +84 -0
data/lib/appclient/wss-client-config-2.0.xml +96 -0
data/lib/dtds/application-client_1_2.dtd +292 -0
data/lib/dtds/application-client_1_3.dtd +506 -0
data/lib/dtds/application_1_2.dtd +197 -0
data/lib/dtds/application_1_3.dtd +312 -0
data/lib/dtds/connector_1_0.dtd +561 -0
data/lib/dtds/ejb-jar_1_1.dtd +894 -0
data/lib/dtds/ejb-jar_2_0.dtd +1671 -0
data/lib/dtds/sun-application-client-container_1_0.dtd +123 -0
data/lib/dtds/sun-application-client-container_1_1.dtd +264 -0
data/lib/dtds/sun-application-client-container_1_2.dtd +267 -0
data/lib/dtds/sun-application-client_1_3-0.dtd +57 -0
data/lib/dtds/sun-application-client_1_4-0.dtd +182 -0
data/lib/dtds/sun-application-client_1_4-1.dtd +431 -0
data/lib/dtds/sun-application-client_5_0-0.dtd +495 -0
data/lib/dtds/sun-application_1_3-0.dtd +30 -0
data/lib/dtds/sun-application_1_4-0.dtd +44 -0
data/lib/dtds/sun-application_5_0-0.dtd +51 -0
data/lib/dtds/sun-cmp-mapping_1_0.dtd +100 -0
data/lib/dtds/sun-cmp-mapping_1_1.dtd +99 -0
data/lib/dtds/sun-cmp-mapping_1_2.dtd +106 -0
data/lib/dtds/sun-connector_1_0-0.dtd +66 -0
data/lib/dtds/sun-connector_1_5-0.dtd +62 -0
data/lib/dtds/sun-domain_1_0.dtd +2007 -0
data/lib/dtds/sun-domain_1_1.dtd +3080 -0
data/lib/dtds/sun-domain_1_2.dtd +3697 -0
data/lib/dtds/sun-domain_1_3.dtd +3867 -0
data/lib/dtds/sun-ejb-jar_2_0-0.dtd +449 -0
data/lib/dtds/sun-ejb-jar_2_0-1.dtd +454 -0
data/lib/dtds/sun-ejb-jar_2_1-0.dtd +756 -0
data/lib/dtds/sun-ejb-jar_2_1-1.dtd +1085 -0
data/lib/dtds/sun-ejb-jar_3_0-0.dtd +1113 -0
data/lib/dtds/sun-loadbalancer_1_0.dtd +156 -0
data/lib/dtds/sun-loadbalancer_1_1.dtd +172 -0
data/lib/dtds/sun-resources_1_0.dtd +650 -0
data/lib/dtds/sun-resources_1_1.dtd +650 -0
data/lib/dtds/sun-resources_1_2.dtd +662 -0
data/lib/dtds/sun-resources_1_3.dtd +732 -0
data/lib/dtds/sun-server_1_0.dtd +1056 -0
data/lib/dtds/sun-web-app_2_3-0.dtd +230 -0
data/lib/dtds/sun-web-app_2_3-1.dtd +230 -0
data/lib/dtds/sun-web-app_2_4-0.dtd +466 -0
data/lib/dtds/sun-web-app_2_4-1.dtd +742 -0
data/lib/dtds/sun-web-app_2_5-0.dtd +789 -0
data/lib/dtds/web-app_2_2.dtd +639 -0
data/lib/dtds/web-app_2_3.dtd +1063 -0
data/lib/dtds/web-jsptaglibrary_1_1.dtd +265 -0
data/lib/dtds/web-jsptaglibrary_1_2.dtd +468 -0
data/lib/package-appclient.xml +185 -0
data/lib/processLauncher.properties +25 -0
data/lib/processLauncher.xml +189 -0
data/lib/schemas/XMLSchema.dtd +402 -0
data/lib/schemas/application-client_1_4.xsd +267 -0
data/lib/schemas/application-client_5.xsd +304 -0
data/lib/schemas/application_1_4.xsd +315 -0
data/lib/schemas/application_5.xsd +336 -0
data/lib/schemas/connector_1_5.xsd +1036 -0
data/lib/schemas/datatypes.dtd +203 -0
data/lib/schemas/ejb-jar_2_1.xsd +2208 -0
data/lib/schemas/ejb-jar_3_0.xsd +2706 -0
data/lib/schemas/j2ee_1_4.xsd +1608 -0
data/lib/schemas/j2ee_jaxrpc_mapping_1_1.xsd +886 -0
data/lib/schemas/j2ee_web_services_1_1.xsd +491 -0
data/lib/schemas/j2ee_web_services_client_1_1.xsd +345 -0
data/lib/schemas/javaee_5.xsd +2096 -0
data/lib/schemas/javaee_web_services_1_2.xsd +747 -0
data/lib/schemas/javaee_web_services_client_1_2.xsd +578 -0
data/lib/schemas/jax-rpc-ri-config.xsd +416 -0
data/lib/schemas/jsp_2_0.xsd +308 -0
data/lib/schemas/jsp_2_1.xsd +343 -0
data/lib/schemas/orm_1_0.xsd +1516 -0
data/lib/schemas/persistence_1_0.xsd +260 -0
data/lib/schemas/web-app_2_4.xsd +1234 -0
data/lib/schemas/web-app_2_5.xsd +1271 -0
data/lib/schemas/web-jsptaglibrary_2_0.xsd +1010 -0
data/lib/schemas/web-jsptaglibrary_2_1.xsd +1144 -0
data/lib/schemas/xml.xsd +82 -0
data/modules/admin-cli-10.0-SNAPSHOT.jar +0 -0
data/modules/auto-depends-0.2-SNAPSHOT.jar +0 -0
data/modules/cli-framework-10.0-SNAPSHOT.jar +0 -0
data/modules/common-ee-util-10.0-SNAPSHOT.jar +0 -0
data/modules/common-util-10.0-SNAPSHOT.jar +0 -0
data/modules/config-0.2-SNAPSHOT.jar +0 -0
data/modules/config-api-10.0-SNAPSHOT.jar +0 -0
data/modules/gf-jruby-connector-10.0-SNAPSHOT.jar +0 -0
data/modules/glassfish-10.0-SNAPSHOT.jar +0 -0
data/modules/glassfish-api-10.0-SNAPSHOT.jar +0 -0
data/modules/glassfish.rb +10 -0
data/modules/grizzly-framework-1.7.1.jar +0 -0
data/modules/grizzly-http-1.7.1.jar +0 -0
data/modules/grizzly-http-utils-1.7.1.jar +0 -0
data/modules/grizzly-jruby-1.7.0.jar +0 -0
data/modules/grizzly-jruby-module-1.7.0.jar +0 -0
data/modules/grizzly-module-1.7.1.jar +0 -0
data/modules/grizzly-portunif-1.7.1.jar +0 -0
data/modules/grizzly-rcm-1.7.1.jar +0 -0
data/modules/hk2-0.2-SNAPSHOT.jar +0 -0
data/modules/hk2-core-0.2-SNAPSHOT.jar +0 -0
data/modules/junit-4.3.1.jar +0 -0
data/modules/kernel-10.0-SNAPSHOT.jar +0 -0
data/modules/persistence-api-1.0b.jar +0 -0
data/modules/servlet-api-2.5.jar +0 -0
data/modules/sjsxp-1.0.jar +0 -0
data/modules/stax-api-1.0-2.jar +0 -0
data/modules/tiger-types-1.0.jar +0 -0
metadata +206 -0

data/lib/dtds/sun-domain_1_1.dtd ADDED Viewed

@@ -0,0 +1,3080 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  XML DTD for Sun Java System Application Server Configuration.
+  Copyright (c) 2002 by Sun Microsystems, Inc. All Rights Reserved.
+-->
+<!-- ENTITIES -->
+<!-- boolean
+  Used in:
+    access-log, admin-object-resource, appclient-module,
+    application-ref, availability-service, config,
+    connector-connection-pool, connector-module, connector-resource,
+    custom-resource, das-config, ejb-container-availability,
+    ejb-module, external-jndi-resource, http-access-log,
+    http-file-cache, http-listener, http-protocol, iiop-listener,
+    iiop-service, j2ee-application, java-config,
+    jdbc-connection-pool, jdbc-resource, jms-service, jmx-connector,
+    lb-config, lifecycle-module, log-service, mail-resource,
+    node-agent, persistence-manager-factory-resource, profiler,
+    resource-ref, security-service, server-ref, ssl,
+    transaction-service, web-container-availability, web-module
+-->
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+<!-- isolation
+  Used in:
+    jdbc-connection-pool
+-->
+<!ENTITY % isolation
+    "(read-uncommitted | read-committed | repeatable-read | serializable)">
+<!-- validation-level
+  Used in:
+    das-config
+-->
+<!ENTITY % validation-level "(full | parsing | none)">
+<!-- object-type
+    defines the type of the resource. It can be:
+    system-all
+        These are system resources for all instances and DAS
+    system-admin
+        These are system resources only in DAS
+    system-instance
+        These are system resources only in instances (and not DAS)
+    user
+        User resources (This is the default for all elements)
+  Used in:
+    admin-object-resource, connector-module, connector-resource,
+    custom-resource, ejb-module, external-jndi-resource,
+    j2ee-application, jdbc-resource, mail-resource,
+    persistence-manager-factory-resource, resource-adapter-config,
+    web-module
+-->
+<!ENTITY % object-type "(system-all | system-admin | system-instance | user)">
+<!-- rjmx-protocol
+    SE/EE related ENTITIES: This will define the available JSR 160
+    connector transport protocols.
+  Used in:
+    jmx-connector
+-->
+<!ENTITY % rjmx-protocol "(rmi_jrmp | rmi_iiop | jmxmp)">
+<!-- monitoring-level
+    monitoring-level controls the amount of monitoring data collected
+    and exposed to clients
+    OFF
+        no monitoring/statistical data is exposed to the clients.
+    LOW
+        SE/EE only
+    HIGH
+        maximum data is gathered and released.
+  Used in:
+    module-monitoring-levels
+-->
+<!ENTITY % monitoring-level "(OFF | LOW | HIGH)">
+<!-- persistence-type
+    SE/EE related ENTITIES
+  Used in:
+    web-container-availability
+-->
+<!ENTITY % persistence-type "(memory | file | ha)">
+<!-- session-save-frequency
+  Used in:
+    web-container-availability
+-->
+<!ENTITY % session-save-frequency "(web-method | time-based | on-demand)">
+<!-- session-save-scope
+  Used in:
+    web-container-availability
+-->
+<!ENTITY % session-save-scope
+    "(session | modified-session | modified-attribute)">
+<!-- sfsb-persistence-type
+  Used in:
+    ejb-container-availability
+-->
+<!ENTITY % sfsb-persistence-type "(file | ha)">
+<!-- message-layer
+  Used in:
+    message-security-config
+-->
+<!ENTITY % message-layer "(SOAP)">
+<!-- log-level
+    Configure the Log Levels for Various Loggers in the SUN ONE
+    Modules. The Default level is set to INFO, The log levels can be
+    changed using one of the seven levels. Please refer JSR 047 to
+    understand the Log Levels.
+    The Logs can be completely turned off by using 'OFF' value. The names of
+    the module loggers are self-explanatory
+  Used in:
+    module-log-levels
+-->
+<!ENTITY % log-level
+    "(FINEST | FINER | FINE | CONFIG | INFO | WARNING | SEVERE | OFF)">
+<!-- ELEMENTS -->
+<!-- domain
+    Top level Domain Element that includes applications, resources,
+    configs, servers, clusters and node-agents, load balancer
+    configurations and load balancers. node-agents and load balancers
+    are SE/EE related entities only.
+  attributes
+    application-root
+        for PE this defines the location where applications are
+        deployed
+    locale
+        If present, overrides OS locale setting.
+    log-root
+        specifies where the server instance's log files are kept,
+        including HTTP access logs, server logs, and transaction
+        logs. Default is $INSTANCE-ROOT/logs
+-->
+<!ELEMENT domain
+    (applications?, resources?, configs, servers, clusters?, node-agents?,
+    lb-configs?, system-property*, property*)>
+<!ATTLIST domain
+    application-root CDATA #IMPLIED
+    log-root CDATA #IMPLIED
+    locale CDATA #IMPLIED>
+<!-- configs
+  Used in:
+    domain
+-->
+<!ELEMENT configs (config+)>
+<!-- servers
+  Used in:
+    domain
+-->
+<!ELEMENT servers (server*)>
+<!-- clusters
+  Used in:
+    domain
+-->
+<!ELEMENT clusters (cluster*)>
+<!-- node-agents
+  Used in:
+    domain
+-->
+<!ELEMENT node-agents (node-agent*)>
+<!-- lb-configs
+  Used in:
+    domain
+-->
+<!ELEMENT lb-configs (lb-config*)>
+<!-- applications
+    Various types of applications that can be deployed on Sun ONE
+    Application Server instance
+  Used in:
+    domain
+-->
+<!ELEMENT applications
+    ((lifecycle-module | j2ee-application | ejb-module | web-module |
+    connector-module | appclient-module)*)>
+<!-- lifecycle-module
+  attributes
+    class-name
+        fully qualified name of the startup class.
+    classpath
+        where this module is actually located, if it is not under
+        applications-root
+    enabled
+        boolean attribute. If set to "false" this module will not be
+        loaded at server start up.
+    is-failure-fatal
+        if true, aborts server start up if this module does not load
+        properly.
+    load-order
+        integer value that can be used to force the order in which
+        deployed lifecycle modules are loaded at server start up.
+        Smaller numbered modules get loaded sooner. Order is
+        unspecified if two or more lifecycle modules have the same
+        load-order value.
+    name
+        unqiue identifier for the deployed server lifecycle event
+        listener module.
+  Used in:
+    applications
+-->
+<!ELEMENT lifecycle-module (description?, property*)>
+<!ATTLIST lifecycle-module
+    name CDATA #REQUIRED
+    class-name CDATA #REQUIRED
+    classpath CDATA #IMPLIED
+    load-order CDATA #IMPLIED
+    is-failure-fatal %boolean; "false"
+    enabled %boolean; "true">
+<!-- j2ee-application
+  attributes
+    availability-enabled
+        This boolean flag controls whether availability is enabled
+        for SFSB checkpointing (and potentially passivation). If this
+        is "false", then all SFSB checkpointing is disabled for
+        either the given j2ee app or the given ejb module. If it is
+        "true" (and providing that all the availability-enabled
+        attributes above in precedence are also "true", then the j2ee
+        app or stand-alone ejb modules may be ha enabled.
+        Finer-grained control exists at lower level inside each bean.
+        If this attribute is missing, it defaults to "false".
+    directory-deployed
+        This attribute indicates whether the application has been
+        deployed to a directory or not
+  Used in:
+    applications
+-->
+<!ELEMENT j2ee-application (description?)>
+<!ATTLIST j2ee-application
+    name CDATA #REQUIRED
+    location CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true"
+    availability-enabled %boolean; "false"
+    directory-deployed %boolean; "false">
+<!-- ejb-module
+  attributes
+    availability-enabled
+        This boolean flag controls whether availability is enabled
+        for SFSB checkpointing (and potentially passivation). If this
+        is "false", then all SFSB checkpointing is disabled for
+        either the given j2ee app or the given ejb module. If it is
+        "true" (and providing that all the availability-enabled
+        attributes above in precedence are also "true", then the j2ee
+        app or stand-alone ejb modules may be ha enabled.
+        Finer-grained control exists at lower level inside each bean.
+        If this attribute is missing, it defaults to "false".
+    directory-deployed
+        This attribute indicates whether the application has been
+        deployed to a directory or not
+  Used in:
+    applications
+-->
+<!ELEMENT ejb-module (description?)>
+<!ATTLIST ejb-module
+    name CDATA #REQUIRED
+    location CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true"
+    availability-enabled %boolean; "false"
+    directory-deployed %boolean; "false">
+<!-- web-module
+  attributes
+    availability-enabled
+        This boolean flag controls whether availability is enabled
+        for HTTP Session Persistence. If this is "false", then all
+        session persistence is disabled for the given web module. If
+        it is "true" (and providing that all the availability-enabled
+        attributes above in precedence are also "true", then the web
+        module may be ha enabled. Finer-grained control exists at
+        lower level (see sun-web.xml). If this attribute is missing,
+        it defaults to "false".
+    context-root
+        context-root must match the pattern for the hpath production
+        in RFC 1738 which can be found at:
+        http://www.w3.org/Addressing/rfc1738.txt. This is flattened
+        to the following regular expression in XML Schema's pattern
+        language:
+        ([a-zA-Z0-9$\-_.+!*'(),]|%[0-9A-Fa-f][0-9A-Fa-f]|;|:|&|=)*(/([
+        -zA-Z0-9$\-_.+!*'(),]|%[0-9A-Fa-f][0-9A-Fa-f]|;|:|&|=)*)*
+        Note that this includes the null or empty context root and
+        permits but does not require a context root to start with the
+        '/' character (including a context root which is simply the
+        '/' character).
+    directory-deployed
+        This attribute indicates whether the application has been
+        deployed to a directory or not
+  Used in:
+    applications
+-->
+<!ELEMENT web-module (description?)>
+<!ATTLIST web-module
+    name CDATA #REQUIRED
+    context-root CDATA #REQUIRED
+    location CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true"
+    availability-enabled %boolean; "false"
+    directory-deployed %boolean; "false">
+<!-- connector-module
+  Used in:
+    applications
+-->
+<!ELEMENT connector-module (description?)>
+<!ATTLIST connector-module
+    name CDATA #REQUIRED
+    location CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true"
+    directory-deployed %boolean; "false">
+<!-- appclient-module
+  Used in:
+    applications
+-->
+<!ELEMENT appclient-module (description?)>
+<!ATTLIST appclient-module
+    name CDATA #REQUIRED
+    location CDATA #REQUIRED
+    directory-deployed %boolean; "false">
+<!-- resources
+    J2EE Applications look up resources registered with the
+    Application server, using portable JNDI names.
+  Used in:
+    domain
+-->
+<!ELEMENT resources
+    ((custom-resource | external-jndi-resource | jdbc-resource | mail-resource
+    | persistence-manager-factory-resource | admin-object-resource |
+    connector-resource | resource-adapter-config | jdbc-connection-pool |
+    connector-connection-pool)*)>
+<!-- description
+    Textual description of a configured entity
+  Used in:
+    admin-object-resource, appclient-module,
+    connector-connection-pool, connector-module, connector-resource,
+    custom-resource, ejb-module, external-jndi-resource,
+    j2ee-application, jdbc-connection-pool, jdbc-resource,
+    lifecycle-module, mail-resource,
+    persistence-manager-factory-resource, property, system-property,
+    web-module
+-->
+<!ELEMENT description (#PCDATA)>
+<!-- custom-resource
+    custom (or generic) resource managed by a user-written factory
+    class.
+  attributes
+    jndi-name
+        JNDI name for generic resource, the fully qualified type of
+        the resource and whether it is enabled at runtime
+  Used in:
+    resources
+-->
+<!ELEMENT custom-resource (description?, property*)>
+<!ATTLIST custom-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- external-jndi-resource
+    resource residing in an external JNDI repository
+  Used in:
+    resources
+-->
+<!ELEMENT external-jndi-resource (description?, property*)>
+<!ATTLIST external-jndi-resource
+    jndi-name CDATA #REQUIRED
+    jndi-lookup-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- jdbc-resource
+    JDBC javax.sql.(XA)DataSource resource definition
+  Used in:
+    resources
+-->
+<!ELEMENT jdbc-resource (description?, property*)>
+<!ATTLIST jdbc-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- mail-resource
+    The mail-resource element describes a javax.mail.Session resource
+  attributes
+    host
+        ip V6 or V4 address or hostname.
+  Used in:
+    resources
+-->
+<!ELEMENT mail-resource (description?, property*)>
+<!ATTLIST mail-resource
+    jndi-name CDATA #REQUIRED
+    store-protocol CDATA "imap"
+    store-protocol-class CDATA "com.sun.mail.imap.IMAPStore"
+    transport-protocol CDATA "smtp"
+    transport-protocol-class CDATA "com.sun.mail.smtp.SMTPTransport"
+    host CDATA #REQUIRED
+    user CDATA #REQUIRED
+    from CDATA #REQUIRED
+    debug %boolean; "false"
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- persistence-manager-factory-resource
+    Persistence Manager runtime configuration.
+  attributes
+    factory-class
+        Class that creates persistence manager instance.
+    jdbc-resource-jndi-name
+        jdbc resource with which database connections are obtained.
+    jndi-name
+        JNDI name for this resource
+  Used in:
+    resources
+-->
+<!ELEMENT persistence-manager-factory-resource (description?, property*)>
+<!ATTLIST persistence-manager-factory-resource
+    jndi-name CDATA #REQUIRED
+    factory-class CDATA "com.sun.jdo.spi.persistence.support.sqlstore.impl.PersistenceManagerFactoryImpl"
+    jdbc-resource-jndi-name CDATA #IMPLIED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- admin-object-resource
+    The admin-object-resource element describes a administered object
+    for a inbound resource adapter.
+  attributes
+    jndi-name
+        JNDI name for this resource
+    res-adapter
+        Name of the inbound resource adapter.
+    res-type
+        Interface definition for the administered object
+  Used in:
+    resources
+-->
+<!ELEMENT admin-object-resource (description?, property*)>
+<!ATTLIST admin-object-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    res-adapter CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- connector-resource
+  Used in:
+    resources
+-->
+<!ELEMENT connector-resource (description?, property*)>
+<!ATTLIST connector-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+<!-- resource-adapter-config
+    This element is for configuring the resource adapter. These
+    values (properties) over-rides the default values present in
+    ra.xml. The name attribute has to be unique . It is optional for
+    PE. It is used mainly for EE.
+  Used in:
+    resources
+-->
+<!ELEMENT resource-adapter-config (property*)>
+<!ATTLIST resource-adapter-config
+    name CDATA #IMPLIED
+    thread-pool-ids CDATA #IMPLIED
+    object-type %object-type; "user"
+    resource-adapter-name CDATA #REQUIRED>
+<!-- config
+    The configuration defines the configuration of a server instance
+    that can be shared by other server instances. The
+    availability-service and are SE/EE only.
+  attributes
+    dynamic-reconfiguration-enabled
+        When set to "true" then any changes to the system (e.g.
+        applications deployed, resources created) will be
+        automatically applied to the affected servers without a
+        restart being required. When set to "false" such changes will
+        only be picked up by the affected servers when each server
+        restarts.
+  Used in:
+    configs
+-->
+<!ELEMENT config
+    (http-service, iiop-service, admin-service, connector-service?,
+    web-container, ejb-container, mdb-container, jms-service?, log-service,
+    security-service, transaction-service, monitoring-service, java-config,
+    availability-service?, thread-pools, alert-service?, system-property*,
+    property*)>
+<!ATTLIST config
+    name CDATA #REQUIRED
+    dynamic-reconfiguration-enabled %boolean; "true">
+<!-- alert-service
+    The Alert service provides a mechanism for users to register for
+    and receive alerts. The alert service collects together a set of
+    alert subscriptions
+  Used in:
+    config
+-->
+<!ELEMENT alert-service (alert-subscription*, property*)>
+<!-- alert-subscription
+    alert subscription details a specific subscription. The
+    subscription comprises the configuration of a specific listener,
+    and a filter to be applied.
+  attributes
+    name
+        The unique name identifying a particular alert service.
+  Used in:
+    alert-service
+-->
+<!ELEMENT alert-subscription (listener-config, filter-config?)>
+<!ATTLIST alert-subscription
+    name CDATA #REQUIRED>
+<!-- listener-config
+    connects a specific listener class with specific managed objects
+  attributes
+    listener-class-name
+        The name of a class that can act as a listener for alerts.
+        Non-empty string containing a Java class name.
+    subscribe-listener-with
+        A list of managed object names that the listener should be
+        subscribed to. A non-empty, comma separated list.
+  Used in:
+    alert-subscription
+-->
+<!ELEMENT listener-config (property*)>
+<!ATTLIST listener-config
+    listener-class-name CDATA #REQUIRED
+    subscribe-listener-with CDATA #REQUIRED>
+<!-- filter-config
+    filter-config provides the means of specifying a filter to be
+    applied to alerts
+  attributes
+    filter-class-name
+        The name of a class that can act as a filter. Non-empty
+        string containing a Java class name.
+  Used in:
+    alert-subscription
+-->
+<!ELEMENT filter-config (property*)>
+<!ATTLIST filter-config
+    filter-class-name CDATA #REQUIRED>
+<!-- http-service
+  Used in:
+    config
+-->
+<!ELEMENT http-service
+    (access-log?, http-listener+, virtual-server+, request-processing?,
+    keep-alive?, connection-pool?, http-protocol?, http-file-cache?,
+    property*)>
+<!-- access-log
+  attributes
+    format
+        The global format for the access log rotation-policy The
+        policy based on which the log rotation would be done . At
+        this time only time based rotation is enabled.
+    rotation-enabled
+        The flag for enabling the access-log rotation
+    rotation-interval-in-minutes
+        The time interval in minutes between two successive rotations
+        of the access logs.
+    rotation-suffix
+        The suffix to be added to the access-log name after rotation.
+  Used in:
+    http-service
+-->
+<!ELEMENT access-log EMPTY>
+<!ATTLIST access-log
+    format CDATA "%client.name% %auth-user-name% %datetime% %request% %status% %response.length%"
+    rotation-policy (time) "time"
+    rotation-interval-in-minutes CDATA "1440"
+    rotation-suffix CDATA "%YYYY;%MM;%DD;-%hh;h%mm;m%ss;s"
+    rotation-enabled %boolean; "true">
+<!-- http-listener
+  attributes
+    acceptor-threads
+        Number of acceptor threads for the listen socket. The
+        recommended value is the number of processors in the machine.
+    address
+        IP address of the listen socket. Can be in dotted-pair or
+        IPv6 notation. Can also be any for INADDR-ANY. Configuring a
+        listen socket to listen on any is required if more than one
+        http-listener is configured to it.
+    blocking-enabled
+        Enables blocking for the listen and external ports.
+    default-virtual-server
+        The id attribute of the default virtual server for this
+        particular connection group.
+    external-port
+        The port at which the user makes a request , typically a
+        proxy server port.
+    family
+        Specified the family of addresses either inet or ncsa
+    id
+        Unique identifier for http listener.
+    port
+        Port number to create the listen socket on. Legal values are
+        1 - 65535. On Unix, creating sockets that listen on ports 1 -
+        1024 requires superuser privileges. Configuring an SSL listen
+        socket to listen on port 443 is recommended.
+    redirect-port
+        if the connector is supporting non-SSL requests and a request
+        is received for which a matching security-constraint requires
+        SSL transport catalina will automatically redirect the
+        request to the port number specified here
+    security-enabled
+        Determines whether the http listener runs SSL. You can turn
+        SSL2 or SSL3 on or off and set ciphers using an ssl element.
+        The enable-ssl in the protocol element should be set to true
+        for this setting to work.
+    server-name
+        Tells the server what to put in the host name section of any
+        URLs it sends to the client. This affects URLs the server
+        automatically generates; it doesnt affect the URLs for
+        directories and files stored in the server. This name should
+        be the alias name if your server uses an alias. If you append
+        a colon and port number, that port will be used in URLs the
+        server sends to the client.
+    xpowered-by
+        The Servlet 2.4 spec defines a special X-Powered-By:
+        Servlet/2.4 header, which containers may add to
+        servlet-generated responses. This is complemented by the JSP
+        2.0 spec, which defines a X-Powered-By: JSP/2.0 header to be
+        added (on an optional basis) to responses utilizing JSP
+        technology. The goal of these headers is to aid in gathering
+        statistical data about the use of Servlet and JSP technology.
+        If true, these headers will be added.
+  Used in:
+    http-service
+-->
+<!ELEMENT http-listener (ssl?, property*)>
+<!ATTLIST http-listener
+    id CDATA #REQUIRED
+    address CDATA #REQUIRED
+    port CDATA #REQUIRED
+    external-port CDATA #IMPLIED
+    family (inet | ncsa) "inet"
+    blocking-enabled %boolean; "false"
+    acceptor-threads CDATA "10"
+    security-enabled %boolean; "false"
+    default-virtual-server CDATA #REQUIRED
+    server-name CDATA #REQUIRED
+    redirect-port CDATA #IMPLIED
+    xpowered-by %boolean; "true"
+    enabled %boolean; "true">
+<!-- ssl
+    Define SSL processing parameters
+  attributes
+    cert-nickname
+        nickname of the server certificate in the certificate
+        database or the PKCS#11 token. In the certificate, the name
+        format is tokenname:nickname. Including the tokenname: part
+        of the name in this attribute is optional.
+    client-auth-enabled
+        Determines whether SSL3 client authentication is performed on
+        every request, independent of ACL-based access control.
+    ssl2-ciphers
+        A comma-separated list of the SSL2 ciphers used, with the
+        prefix + to enable or - to disable, for example +rc4. Allowed
+        values are rc4, rc4export, rc2, rc2export, idea, des,
+        desede3. If no value is specified, all supported ciphers are
+        assumed to be enabled. NOT Used in PE
+    ssl2-enabled
+        Determines whether SSL2 is enabled. NOT Used in PE. SSL2 is
+        not supported by either iiop or web-services. When this
+        element is used as a child of the iiop-listener element then
+        the only allowed value for this attribute is "false".
+    ssl3-enabled
+        Determines whether SSL3 is enabled.
+        If both SSL2 and SSL3 are enabled for a virtual server, the server
+        tries SSL3 encryption first. If that fails, the server tries SSL2
+        encryption.
+    ssl3-tls-ciphers
+        A comma-separated list of the SSL3 ciphers used, with the
+        prefix + to enable or - to disable, for example +rsa_des_sha.
+        Allowed SSL3 values are rsa_rc4_128_md5, rsa3des_sha,
+        rsa_des_sha, rsa_rc4_40_md5, rsa_rc2_40_md5, rsa_null_md5.
+        Allowed TLS values are rsa_des_56_sha, rsa_rc4_56_sha. If no
+        value is specified, all supported ciphers are assumed to be
+        enabled.
+    tls-enabled
+        Determines whether TLS is enabled.
+    tls-rollback-enabled
+        Determines whether TLS rollback is enabled. TLS rollback
+        should be enabled for Microsoft Internet Explorer 5.0 and
+        5.5. NOT Used in PE
+  Used in:
+    http-listener, iiop-listener, jmx-connector, ssl-client-config
+-->
+<!ELEMENT ssl EMPTY>
+<!ATTLIST ssl
+    cert-nickname CDATA #REQUIRED
+    ssl2-enabled %boolean; "false"
+    ssl2-ciphers CDATA #IMPLIED
+    ssl3-enabled %boolean; "true"
+    ssl3-tls-ciphers CDATA #IMPLIED
+    tls-enabled %boolean; "true"
+    tls-rollback-enabled %boolean; "true"
+    client-auth-enabled %boolean; "false">
+<!-- virtual-server
+    Configuration of Virtual Server
+    Virtualization in Application Server allows multiple URL domains to be
+    served by the same HTTP server process, which is listening on multiple
+    host addresses If an application is available at two virtual servers, they
+    still share same physical resource pools, such as JDBC connection pools.
+    Sun ONE Application Server allows a list of virtual servers, to be
+    specified along with web-module and j2ee-application elements. This
+    establishes an association between URL domains, represented by the virtual
+    server and the web modules (standalone web modules or web modules inside
+    the ear file)
+  attributes
+    default-web-module
+        stand alone web module associated with this virtual server by
+        default.
+    docroot
+        The location on the filesystem where the files related to the
+        content to be served by this virtual server is stored.
+    hosts
+        A comma-separated list of values allowed in the Host request
+        header to select the current virtual server. Each Virtual
+        Server that is configured to the same Connection Group must
+        have a unique hosts value for that group.
+    http-listeners
+        A comma-separated list of http-listener id(s), Required only
+        for a Virtual Server that is not the default virtual server.
+    id
+        Virtual server ID. This is a unique ID that allows lookup of
+        a specific virtual server. A virtual server ID cannot begin
+        with a number.
+    log-file
+        Specifies a log file for virtual-server-specific log
+        messages. Default value is
+        ${com.sun.aas.instanceRoot}/logs/server.log
+    state
+        Determines whether a Virtual Server is active (on) or
+        inactive (off, disable). The default is on (active). When
+        inactive, a Virtual Server does not service requests.
+        off
+            returns a 404: Status code (404) indicating that the
+            requested resource is not available
+        disabled
+            returns a 403: Status code (403) indicating the server
+            understood the request but refused to fulfill it.
+  Used in:
+    http-service
+-->
+<!ELEMENT virtual-server (http-access-log?, property*)>
+<!ATTLIST virtual-server
+    id CDATA #REQUIRED
+    http-listeners CDATA #IMPLIED
+    default-web-module CDATA #IMPLIED
+    hosts CDATA #REQUIRED
+    state (on | off | disabled) "on"
+    docroot CDATA #IMPLIED
+    log-file CDATA "${com.sun.aas.instanceRoot}/logs/server.log">
+<!-- http-access-log
+  attributes
+    iponly
+        if the IP address of the user agent should be specified or a
+        DNL lookup should be done
+    log-directory
+        location of the access logs specified as a directory.This
+        defaults to the domain.log-root, which by default is
+        ${INSTANCE_ROOT}/logs. Hence the default value for this
+        attribute is ${INSTANCE_ROOT}/logs/access
+  Used in:
+    virtual-server
+-->
+<!ELEMENT http-access-log EMPTY>
+<!ATTLIST http-access-log
+    log-directory CDATA "${com.sun.aas.instanceRoot}/logs/access"
+    iponly %boolean; "true">
+<!-- request-processing
+    This element provides attributes to configure the request
+    processing subsystem in the HTTP service.
+  attributes
+    header-buffer-length-in-bytes
+        The size of the buffer used by the request processing threads
+        for reading the request data
+    initial-thread-count
+        The no of request processing threads when the http service is
+        initialized
+    request-timeout-in-seconds
+        Time after which the request times out
+    thread-count
+        Max no of request processing threads.
+    thread-increment
+        The increment in the no of request processing threads when
+        the no. of requests reaches the number specified by
+        request-threads-init
+  Used in:
+    http-service
+-->
+<!ELEMENT request-processing EMPTY>
+<!ATTLIST request-processing
+    thread-count CDATA "128"
+    initial-thread-count CDATA "48"
+    thread-increment CDATA "10"
+    request-timeout-in-seconds CDATA "30"
+    header-buffer-length-in-bytes CDATA "4096">
+<!-- keep-alive
+    Keep-alive subsystem configuration
+  attributes
+    max-connections
+        Max no of connection in the Keep Alive mode
+    thread-count
+        no of Keep Alive threads in the system
+    timeout-in-seconds
+        Keep Alive timeout , max time a connection can be deemed as
+        idle and kept in the keep-alive state
+  Used in:
+    http-service
+-->
+<!ELEMENT keep-alive EMPTY>
+<!ATTLIST keep-alive
+    thread-count CDATA "1"
+    max-connections CDATA "256"
+    timeout-in-seconds CDATA "30">
+<!-- connection-pool
+  attributes
+    max-pending-count
+        Max no of pending connections on the listen socket
+    queue-size-in-bytes
+        Size in bytes of the Connection queue
+    receive-buffer-size-in-bytes
+        The buffer size of the receive buffer used by sockets.
+    send-buffer-size-in-bytes
+        The buffer size of the send buffer used by sockets.
+  Used in:
+    http-service
+-->
+<!ELEMENT connection-pool EMPTY>
+<!ATTLIST connection-pool
+    queue-size-in-bytes CDATA "4096"
+    max-pending-count CDATA "4096"
+    receive-buffer-size-in-bytes CDATA "4096"
+    send-buffer-size-in-bytes CDATA "8192">
+<!-- http-protocol
+    HTTP Protocol related settings
+  attributes
+    default-response-type
+        Setting the default response-type. Specified as a semi-colon
+        delimited string consisting of content-type, encoding,
+        language, charset
+    dns-lookup-enabled
+        If the DNS name for a particular ip address from which the
+        request originates needs to be looked up.
+    forced-response-type
+        The response type to be forced if the content served cannot
+        be matched by any of the MIME mappings for extensions.
+        Specified as a semi-colon delimited string consisting of
+        content-type, encoding, language, charset
+    ssl-enabled
+        Globally enables SSL across the server
+    version
+        The version of the HTTP protocol used by the HTTP Service
+  Used in:
+    http-service
+-->
+<!ELEMENT http-protocol EMPTY>
+<!ATTLIST http-protocol
+    version CDATA "HTTP/1.1"
+    dns-lookup-enabled %boolean; "false"
+    forced-response-type CDATA "text/html; charset=iso-8859-1"
+    default-response-type CDATA "text/html; charset=iso-8859-1"
+    ssl-enabled %boolean; "true">
+<!-- http-file-cache
+  attributes
+    file-caching-enabled
+        Enables the caching of file content if the file size is less
+        than the one specified ny med-file-size-limit
+    file-transmission-enabled
+        This is valid on Windows only. Enables the TransmitFileSystem
+        call.
+    globally-enabled
+        globally enables the file cache
+    hash-init-size
+        Initial no. of hash buckets.
+    max-age-in-seconds
+        Maximum age of a valid cache entry
+    max-files-count
+        Maximum no. of files in the file cache.
+    medium-file-size-limit-in-bytes
+        Maximum size of a cached file that can be stored as a memory
+        mapped file.
+    medium-file-space-in-bytes
+        Total size of all files that are cached as memory mapped
+        files.
+    small-file-size-limit-in-bytes
+        Maximum size of a file that can be read into memory.
+    small-file-space-in-bytes
+        Total size of the files that are read into memory.
+  Used in:
+    http-service
+-->
+<!ELEMENT http-file-cache EMPTY>
+<!ATTLIST http-file-cache
+    globally-enabled %boolean; "true"
+    file-caching-enabled %boolean; "on"
+    max-age-in-seconds CDATA "30"
+    medium-file-size-limit-in-bytes CDATA "537600"
+    medium-file-space-in-bytes CDATA "10485760"
+    small-file-size-limit-in-bytes CDATA "2048"
+    small-file-space-in-bytes CDATA "1048576"
+    file-transmission-enabled %boolean; "false"
+    max-files-count CDATA "1024"
+    hash-init-size CDATA "0">
+<!-- iiop-service
+  Used in:
+    config
+-->
+<!ELEMENT iiop-service (orb, ssl-client-config?, iiop-listener*)>
+<!ATTLIST iiop-service
+    client-authentication-required %boolean; "false">
+<!-- orb
+    Orb Configuration properties
+  attributes
+    max-connections
+        maximum number of incoming connections, on all listeners
+    message-fragment-size
+        GIOPv1.2 messages larger than this will get fragmented.
+        Minimum value is 128.
+    use-thread-pool-ids
+        This would refer to the thread-pool-id(s) defined in the
+        thread-pool sub-element of thread-pool-config element in
+        server.xml. These would be the threadpool(s) used by the ORB.
+        More than one thread-pool-id(s) could be specified by using
+        commas to separate the names e.g. orb-thread-pool-1,
+        orb-thread-pool-2
+  Used in:
+    iiop-service
+-->
+<!ELEMENT orb (property*)>
+<!ATTLIST orb
+    use-thread-pool-ids CDATA #REQUIRED
+    message-fragment-size CDATA "1024"
+    max-connections CDATA "1024">
+<!-- ssl-client-config
+    ssl-client-config element specifies the SSL configuration when
+    the Application Server is making outbound IIOP/SSL connections.
+  Used in:
+    iiop-service
+-->
+<!ELEMENT ssl-client-config (ssl)>
+<!-- iiop-listener
+  children
+    ssl
+        element specifies optional SSL configuration. Note that the
+        ssl2 ciphers are not supported for iiop, and therefore must
+        be disabled.
+  attributes
+    address
+        ip V6 or V4 address or hostname.
+    enabled
+        if false, a configured listener, is disabled
+    id
+        unique identifier for this listener.
+    port
+        port number
+    security-enabled
+        Determines whether the iiop listener runs SSL. You can turn
+        SSL2 or SSL3 on or off and set ciphers using an ssl element
+  Used in:
+    iiop-service
+-->
+<!ELEMENT iiop-listener (ssl?, property*)>
+<!ATTLIST iiop-listener
+    id CDATA #REQUIRED
+    address CDATA #REQUIRED
+    port CDATA "1072"
+    security-enabled %boolean; "false"
+    enabled %boolean; "true">
+<!-- admin-service
+    Admin Service exists in every instance. It is the configuration
+    for either a normal server, DAS or PE instance.
+  attributes
+    type
+        an instance can either be of type
+        das
+            Domain Administration Server in SE/EE or the PE instance
+        das-and-server
+            same as das
+        server
+            Any non-DAS instance in SE/EE. Not valid for PE.
+  Used in:
+    config
+-->
+<!ELEMENT admin-service (jmx-connector*, das-config?, property*)>
+<!ATTLIST admin-service
+    type (das | das-and-server | server) "server"
+    system-jmx-connector-name CDATA #IMPLIED>
+<!-- connector-service
+    Configuration of the Connector Container. The attributes
+    specified in the connector container would apply to all resource
+    adapters deployed in this cluster/server-instance
+  attributes
+    shutdown-timeout-in-seconds
+        integer value (default 30 seconds). Represents the time-out,
+        in seconds, that would be allowed by the application server,
+        during shutdown, to call the ResourceAdapter.stop() method of
+        this connector module's instance to complete.
+        Resource Adapters that take longer than the specified
+        shutdown-timeout-in-seconds time interval would be ignored and the
+        application server shutdown procedure would continue.
+  Used in:
+    config
+-->
+<!ELEMENT connector-service EMPTY>
+<!ATTLIST connector-service
+    shutdown-timeout-in-seconds CDATA "30">
+<!-- jmx-connector
+    The jmx-connector element defines the configuration of a JSR 160
+    compliant remote JMX Connector.
+  attributes
+    accept-all
+        Determines whether the connection can be made on all the
+        network interfaces. A value of false implies that the
+        connections only for this specific address will be selected.
+        This attribute is ignored for SJS AS 8.1.
+    address
+        Specifies the IP address or host-name. Ignored for SJS AS 8.1.
+    auth-realm-name
+        The name of the auth-realm in this config element that
+        represents the special administrative realm. All
+        authentication (from administraive GUI and CLI) will be
+        handled by this realm.
+    enabled
+        Defines if this connector is enabled. For EE this must be
+        enabled.
+    name
+        name of jmx connector used for identification
+    port
+        Specifies the port of the jmx-connector-server. Note that
+        jmx-service-uRL is a function of protocol, port and address
+        as defined by the JSR 160 1.0 Specification.
+    protocol
+        Defines the protocol that this jmx-connector should support.
+        Supported protocols are defined by Entity rjmx-protocol. SJS
+        AS 8.1 PE/SE/EE supports "rmi_jrmp" protocol only. Other
+        protocols can be used by user applications independently. For
+        other protocols supported refer to documentation.
+    security-enabled
+        Decides whether the transport layer security be used in
+        jmx-connector. If true, configure the ssl element.
+  Used in:
+    admin-service, node-agent
+-->
+<!ELEMENT jmx-connector (ssl?, property*)>
+<!ATTLIST jmx-connector
+    name CDATA #REQUIRED
+    enabled %boolean; "true"
+    protocol %rjmx-protocol; "rmi_jrmp"
+    address CDATA #REQUIRED
+    port CDATA #REQUIRED
+    accept-all %boolean; "false"
+    auth-realm-name CDATA #REQUIRED
+    security-enabled %boolean; "true">
+<!-- das-config
+  attributes
+    admin-session-timeout-in-minutes
+        timeout in minutes indicating the administration gui session
+        timeout.
+    autodeploy-dir
+        The source directory (relative to instance root) from which
+        autodeploy service will pick deployable components. You can
+        also specify an absolute directory.
+    autodeploy-enabled
+        This will enable the autodeployment service. If true, the
+        service will automatically starts with the admin-server. Auto
+        Deployment is a feature that enables developers to quickly
+        deploy applications and modules to a running application
+        server withoutrequiring the developer to perform an explicit
+        application server restart or separate deployment operation.
+    autodeploy-jsp-precompilation-enabled
+        If true, JSPs will be pre compiled during deployment of the
+        war module(s).
+    autodeploy-polling-interval-in-seconds
+        The polling interval (in seconds), at the end of which
+        autodeployment service will scan the source directory
+        (specified by "autodeploy-dir" tag) for any new deployable
+        component.
+    autodeploy-verifier-enabled
+        To enable/disable verifier, during auto-deployment. If true,
+        verification will be done before any deployment activity. In
+        the event of any verifier test failure, deployment is not
+        performed.
+    deploy-xml-validation
+        specifies if descriptor validation is required or not.
+        full
+            xml will be validated and in case of xml validation
+            errors, deployment will fail.
+        parsing
+            xml errors will be reported but deployment process will
+            continue.
+        none
+            no xml validation will be perfomed on the standard or
+            runtime deployment descriptors.
+    dynamic-reload-enabled
+        when true, server checks timestamp on a .reload file at every
+        module and application directory level to trigger reload.
+        polling frequency is controlled by
+        reload-poll-interval-in-seconds
+  Used in:
+    admin-service
+-->
+<!ELEMENT das-config (property*)>
+<!ATTLIST das-config
+    dynamic-reload-enabled %boolean; "false"
+    dynamic-reload-poll-interval-in-seconds CDATA "2"
+    autodeploy-enabled %boolean; "false"
+    autodeploy-polling-interval-in-seconds CDATA "2"
+    autodeploy-dir CDATA "autodeploy"
+    autodeploy-verifier-enabled %boolean; "false"
+    autodeploy-jsp-precompilation-enabled %boolean; "false"
+    deploy-xml-validation %validation-level; "full"
+    admin-session-timeout-in-minutes CDATA "60">
+<!-- web-container
+  Used in:
+    config
+-->
+<!ELEMENT web-container (session-config?, property*)>
+<!-- session-config
+  Used in:
+    web-container
+-->
+<!ELEMENT session-config (session-manager?, session-properties?)>
+<!-- session-manager
+  Used in:
+    session-config
+-->
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!-- manager-properties
+  Used in:
+    session-manager
+-->
+<!ELEMENT manager-properties (property*)>
+<!ATTLIST manager-properties
+    session-file-name CDATA #IMPLIED
+    reap-interval-in-seconds CDATA #IMPLIED
+    max-sessions CDATA #IMPLIED
+    session-id-generator-classname CDATA #IMPLIED>
+<!-- store-properties
+  Used in:
+    session-manager
+-->
+<!ELEMENT store-properties (property*)>
+<!ATTLIST store-properties
+    directory CDATA #IMPLIED
+    reap-interval-in-seconds CDATA #IMPLIED>
+<!-- session-properties
+  Used in:
+    session-config
+-->
+<!ELEMENT session-properties (property*)>
+<!ATTLIST session-properties
+    timeout-in-seconds CDATA #IMPLIED>
+<!-- ejb-container
+    Configuration of EJB Container.
+  children
+    ejb-timer-service
+        The ejb-timer-service element contains the configuration for
+        the ejb timer service. There is at most one ejb timer service
+        per server instance.
+  attributes
+    cache-idle-timeout-in-seconds
+        (eb, sfsb) specifies the rate at which the cache cleaner
+        thread is scheduled. All idle instances are passivated at
+        once.
+    cache-resize-quantity
+        (eb,sfsb) Cache elements have identity, hence growth is in
+        unit steps and created on demand. Shrinking of cache happens
+        when cache-idle-timeout-in-seconds timer expires and a cleaner thread
+        passivates beans which have been idle for longer than
+        cache-idle-timeout-in-seconds. All idle instances are passivated at
+        once. cache-resize-quantity does not apply in this case.
+        when max cache size is reached, an asynchronous task is created to
+        bring the size back under the max-cache-size limit. This task removes
+        cache-resize-quantity elements, consulting the victim-selection-policy.
+        Must be greater than 1 and less than max-cache-size.
+    commit-option
+        (eb) Entity Beans caching is controlled by this setting.
+        Commit Option C implies that no caching is performed in the
+        container.
+    max-cache-size
+        (sfsb,eb) specifies the maximum number of instances that can
+        be cached. For entity beans, internally two caches are
+        maintained for higher concurrency: (i) Ready (R$) (ii) Active
+        in an Incomplete Transaction (TX$). The TX$ is populated with
+        instances from R$ or from the Pool directly. When an instance
+        in TX$ completes the transaction, it is placed back in the R$
+        (or in pool, in case an instance with same identity already
+        is in R$). max-cache-size only specifies the upper limit for
+        R$. The container computes an appropriate size for TX$. For
+        SFSBs, after the max-cache-size is reached, beans (as
+        determined by the victim-selection-policy) get passivated.
+    max-pool-size
+        (slsb,eb) maximum size, a pool can grow to. A value of 0
+        implies an unbounded pool. Unbounded pools eventually shrink
+        to the steady-pool-size, in steps defined by
+        pool-resize-quantity.
+    pool-idle-timeout-in-seconds
+        (slsb,eb) defines the rate at which the pool cleaning thread
+        is executed. this thread checks if current size is greater
+        than steady pool size, it removes pool-resize-quantity
+        elements. If the current size is less than steady-pool-size
+        it is increased by pool-resize-quantity, with a ceiling of
+        min (current-pool-size + pool-resize-quantity, max-pool-size)
+        Only objects that have not been accessed for more than
+        pool-idle-timeout-in-seconds are candidates for removal.
+    pool-resize-quantity
+        (slsb,eb) size of bean pool grows (shrinks) in steps
+        specified by pool-resize-quantity, subject to max-pool-size
+        (steady-pool-size) limit.
+    removal-timeout-in-seconds
+        (sfsb) Instance is removed from cache or passivation store,
+        if it is not accesed within this time. All instances that can
+        be removed, will be removed.
+    session-store
+        specifies the directory where passivated beans and persisted
+        HTTP sessions are stored on the file system. Defaults to
+        $INSTANCE-ROOT/session-store
+    steady-pool-size
+        (slsb,eb) number of bean instances normally maintained in
+        pool. When a pool is first created, it will be populated with
+        size equal to steady-pool-size. When an instance is removed
+        from the pool, it is replenished asynchronously, so that the
+        pool size is at or above the steady-pool-size. This additions
+        will be in multiples of pool-resize-quantity. When a bean is
+        disassociated from a method invocation, it is put back in the
+        pool, subject to max-pool-size limit. If the max pool size is
+        exceeded the bean id destroyed immediately. A pool cleaning
+        thread, executes at an interval defined by
+        pool-idle-timeout-in-seconds. This thread reduces the pool
+        size to steady-pool-size, in steps defined by
+        pool-resize-quantity. If the pool is empty, the required
+        object will be created and returned immediately. This
+        prevents threads from blocking till the pool is replenished
+        by the background thread. steady-pool-size must be greater
+        than 1 and at most equal to the max-pool-size.
+    victim-selection-policy
+        (sfsb) Victim selection policy when cache needs to shrink.
+        Victims are passivated. Entity Bean Victims are selected
+        always using fifo discipline. Does not apply to slsb because
+        it does not matter, which particular instances are removed.
+        fifo
+            method picks victims, oldest instance first.
+        lru
+            algorithm picks least recently accessed instances.
+        nru
+            policy tries to pick 'not recently used' instances and is
+            a pseudo-random selection process.
+  Used in:
+    config
+-->
+<!ELEMENT ejb-container (ejb-timer-service?, property*)>
+<!ATTLIST ejb-container
+    steady-pool-size CDATA "32"
+    pool-resize-quantity CDATA "16"
+    max-pool-size CDATA "64"
+    cache-resize-quantity CDATA "32"
+    max-cache-size CDATA "512"
+    pool-idle-timeout-in-seconds CDATA "600"
+    cache-idle-timeout-in-seconds CDATA "600"
+    removal-timeout-in-seconds CDATA "5400"
+    victim-selection-policy (fifo | lru | nru) "nru"
+    commit-option (B | C) "B"
+    session-store CDATA #IMPLIED>
+<!-- ejb-timer-service
+    Configuration for ejb timer service.
+  attributes
+    max-redeliveries
+        is the maximum number of times the ejb timer service will
+        attempt to redeliver a timer expiration due to exception or
+        rollback. The minimum value is 1, per the ejb specification.
+    minimum-delivery-interval-in-millis
+        is the minimum number of milliseconds allowed before the next
+        timer expiration for a particular timer can occur. It guards
+        against extremely small timer increments that can overload
+        the server.
+    redelivery-interval-internal-in-millis
+        is the number of milliseconds the ejb timer service will wait
+        after a failed ejbTimeout delivery before attempting a
+        redelivery.
+    timer-datasource
+        overrides the cmp-resource (jdbc/__TimerPool) specified in
+        sun-ejb-jar.xml of (__ejb_container_timer_app) of the timer
+        service system application. By default this is set to
+        jdbc/__TimerPool, but can be overridden for the cluster or
+        server instance, if they choose to.
+  Used in:
+    ejb-container
+-->
+<!ELEMENT ejb-timer-service (property*)>
+<!ATTLIST ejb-timer-service
+    minimum-delivery-interval-in-millis CDATA "7000"
+    max-redeliveries CDATA "1"
+    timer-datasource CDATA #IMPLIED
+    redelivery-interval-internal-in-millis CDATA "5000">
+<!-- mdb-container
+  attributes
+    idle-timeout-in-seconds
+        idle bean instance in pool becomes a candidate for deletion,
+        when this timeout expires.
+    max-pool-size
+        maximum size, pool can grow to. A non-negative integer.
+    pool-resize-quantity
+        quantum of increase/decrease, when the size of pool
+        grows/shrinks. An integer in the range [0, max-pool-size].
+    steady-pool-size
+        minimum and initial number of message driven beans in pool.
+        An integer in the range [0, max-pool-size].
+  Used in:
+    config
+-->
+<!ELEMENT mdb-container (property*)>
+<!ATTLIST mdb-container
+    steady-pool-size CDATA "10"
+    pool-resize-quantity CDATA "2"
+    max-pool-size CDATA "60"
+    idle-timeout-in-seconds CDATA "600">
+<!-- jms-service
+    The jms-service element specifies information about the
+    bundled/built-in JMS service that is managed by Application
+    Server.
+  attributes
+    addresslist-behavior
+        Determines broker selection from imqAddressList.
+        random
+            causes selection to be performed randomly
+        priority
+            causes selection to be performed sequentially
+    addresslist-iterations
+        Number of times reconnect logic should iterate
+        imqAddressList. This property will not be used if the
+        addresslist-behavior is "random". An integer.
+    default-jms-host
+        reference to a jms-host that to be started when type of
+        jms-service is LOCAL.
+    init-timeout-in-seconds
+        specifies the time server instance will wait at start up, for
+        its corresponding JMS service instance to respond. If there
+        is no response within the specifies timeout period,
+        application server startup is aborted. Default value of 60
+        seconds.
+    mq-scheme
+        Scheme for establishing connection with broker. For example,
+        scheme can be specified as "http" for connecting to MQ broker
+        over http. Default is "mq".
+    mq-service
+        Type of broker service. If a broker supports ssl, then the
+        type of service can be "ssljms". If nothing is specified, MQ
+        will assume 4that service is "jms".
+    reconnect-attempts
+        Total number of attempts to reconnect. An integer.
+    reconnect-enabled
+        Causes reconnect feature to be enabled (true) or disabled
+        (false). A boolean.
+    reconnect-interval-in-seconds
+        Interval between reconnect attempts, in seconds. An integer.
+    start-args
+        specifies the arguments that will be supplied to start up the
+        corresponding JMS service instance.
+    type
+        Type of JMS service.
+  Used in:
+    config
+-->
+<!ELEMENT jms-service (jms-host*, property*)>
+<!ATTLIST jms-service
+    init-timeout-in-seconds CDATA "60"
+    type (LOCAL | REMOTE) "LOCAL"
+    start-args CDATA #IMPLIED
+    default-jms-host CDATA #IMPLIED
+    reconnect-interval-in-seconds CDATA "60"
+    reconnect-attempts CDATA "3"
+    reconnect-enabled %boolean; "true"
+    addresslist-behavior (random | priority) "random"
+    addresslist-iterations CDATA "3"
+    mq-scheme CDATA #IMPLIED
+    mq-service CDATA #IMPLIED>
+<!-- jms-host
+  attributes
+    admin-password
+        attribute specifies the admin password.
+    admin-user-name
+        specifies the admin username.
+    host
+        ip V6 or V4 address or hostname.
+    port
+        the port number used by the JMS service.
+  Used in:
+    jms-service
+-->
+<!ELEMENT jms-host (property*)>
+<!ATTLIST jms-host
+    name CDATA #REQUIRED
+    host CDATA #IMPLIED
+    port CDATA "7676"
+    admin-user-name CDATA "admin"
+    admin-password CDATA "admin">
+<!-- log-service
+    By default, logs would be kept in $INSTANCE-ROOT/logs. The
+    following log files will be stored under the logs directory.
+    access.log
+        keeps default virtual server HTTP access messages.
+    server.log
+        keeps log messages from default virtual server. Messages from
+        other configured virtual servers also go here, unless
+        log-file is explicitly specified in the virtual-server
+        element.
+  attributes
+    alarms
+        if true, will turn on alarms for the logger. The SEVERE and
+        WARNING messages can be routed through the JMX framework to
+        raise SEVERE and WARNING alerts. Alarms are turned off by
+        default.
+    file
+        can be used to rename or relocate server.log using absolute
+        path.
+    log-filter
+        Can plug in a log filter to do custom filtering of log
+        records . By default there is no log filter other than the
+        log level filtering provided by JSR 047 log API.
+    log-handler
+        Can plug in a custom log handler to add it to the chain of
+        handlers to log into a different log destination than the
+        default ones given by the system (which are Console, File and
+        Syslog). It is a requirement that customers use the log
+        formatter provided by the the system to maintain uniformity
+        in log messages. The custom log handler will be added at the
+        end of the handler chain after File + Syslog Handler, Console
+        Handler and JMX Handler. User cannot replace the handler
+        provided by the system, because of loosing precious log
+        statements. The Server Initialization will take care of
+        installing the custom handler with the system formatter
+        initialized. The user need to use JSR 047 Log Handler
+        Interface to implement the custom handler.
+    log-rotation-limit-in-bytes
+        Log Files will be rotated when the file size reaches the
+        limit.
+    log-rotation-timelimit-in-minutes
+        This is a new attribute to enable time based log rotation.
+        The Log File will be rotated only if this value is non-zero
+        and the valid range is 60 minutes (1 hour) to 10*24*60
+        minutes (10 days). If the value is zero then the files will
+        be rotated based on size specified in
+        log-rotation-limit-in-bytes.
+    log-to-console
+        logs will be sent to stderr when asadmin start-domain verbose
+        is used
+    use-system-logging
+        if true, will utilize Unix syslog service or Windows Event
+        Logging to produce and manage logs.
+  Used in:
+    config, node-agent
+-->
+<!ELEMENT log-service (module-log-levels?, property*)>
+<!ATTLIST log-service
+    file CDATA #IMPLIED
+    use-system-logging %boolean; "false"
+    log-handler CDATA #IMPLIED
+    log-filter CDATA #IMPLIED
+    log-to-console %boolean; "false"
+    log-rotation-limit-in-bytes CDATA "500000"
+    log-rotation-timelimit-in-minutes CDATA "0"
+    alarms %boolean; "false">
+<!-- module-log-levels
+  Used in:
+    log-service
+-->
+<!ELEMENT module-log-levels (property*)>
+<!ATTLIST module-log-levels
+    root %log-level; "INFO"
+    server %log-level; "INFO"
+    ejb-container %log-level; "INFO"
+    cmp-container %log-level; "INFO"
+    mdb-container %log-level; "INFO"
+    web-container %log-level; "INFO"
+    classloader %log-level; "INFO"
+    configuration %log-level; "INFO"
+    naming %log-level; "INFO"
+    security %log-level; "INFO"
+    jts %log-level; "INFO"
+    jta %log-level; "INFO"
+    admin %log-level; "INFO"
+    deployment %log-level; "INFO"
+    verifier %log-level; "INFO"
+    jaxr %log-level; "INFO"
+    jaxrpc %log-level; "INFO"
+    saaj %log-level; "INFO"
+    corba %log-level; "INFO"
+    javamail %log-level; "INFO"
+    jms %log-level; "INFO"
+    connector %log-level; "INFO"
+    jdo %log-level; "INFO"
+    cmp %log-level; "INFO"
+    util %log-level; "INFO"
+    resource-adapter %log-level; "INFO"
+    synchronization %log-level; "INFO"
+    node-agent %log-level; "INFO">
+<!-- security-service
+    The security service element defines parameters and configuration
+    information needed by the core J2EE security service. Some
+    container-specific security configuration elements are in the
+    various container configuration elements and not here. SSL
+    configuration is also elsewhere. At this time the security
+    service configuration consists of a set of authentication realms.
+    A number of top-level attributes are defined as well.
+  children
+    message-security-config
+        Optional list of layer specific lists of configured message
+        security providers.
+  attributes
+    anonymous-role
+        Used as role name for default/anonymous role.
+    audit-enabled
+        If true, additional access logging is performed to provide
+        audit information.
+    audit-modules
+        Optional list of audit provider modules which will be used by
+        the audit subsystem. The default value refers to the internal
+        log-based audit module.
+    default-principal
+        Used as the identity of default security contexts when
+        necessary and no principal is provided.
+    default-principal-password
+        Password of default principal.
+    default-realm
+        Specifies which realm (by name) is used by default when no
+        realm is specifically requested. The file realm is the common
+        default.
+    jacc
+        Specifies the name of the jacc-provider element to use for
+        setting up the JACC infrastructure. The default value
+        "default" does not need to be changed unless adding a custom
+        JACC provider.
+  Used in:
+    config
+-->
+<!ELEMENT security-service
+    (auth-realm+, jacc-provider+, audit-module*, message-security-config*,
+    property*)>
+<!ATTLIST security-service
+    default-realm CDATA "file"
+    default-principal CDATA #IMPLIED
+    default-principal-password CDATA #IMPLIED
+    anonymous-role CDATA "ANYONE"
+    audit-enabled %boolean; "false"
+    jacc CDATA "default"
+    audit-modules CDATA "default">
+<!-- audit-module
+    An audit-module specifies an optional plug-in module which
+    implements audit capabilities.
+  attributes
+    classname
+        defines the java class which implements this audit module
+    name
+        defines the name of this realm
+  Used in:
+    security-service
+-->
+<!ELEMENT audit-module (property*)>
+<!ATTLIST audit-module
+    name CDATA #REQUIRED
+    classname CDATA #REQUIRED>
+<!-- auth-realm
+    The auth-realm element defines and configures one authentication
+    realm. There must be at least one realm available for a server
+    instance; any number can be configured, as desired.
+    Authentication realms need provider-specific parameters which vary
+    depending on what a particular implementation needs; these are defined as
+    properties since they vary by provider and cannot be predicted for any
+    custom or add-on providers.
+    For the default file provider, the param used is: file
+  attributes
+    classname
+        defines the java class which implements this realm
+    name
+        defines the name of this realm
+  Used in:
+    node-agent, security-service
+-->
+<!ELEMENT auth-realm (property*)>
+<!ATTLIST auth-realm
+    name CDATA #REQUIRED
+    classname CDATA #REQUIRED>
+<!-- jacc-provider
+    The jacc-provider element defines the standard JACC properties
+    used for setting up the JACC provider. It also allows optional
+    properties which can be used by the provider implementation for
+    its configuration.
+  attributes
+    name
+        A name for this jacc-provider. Is always "default" for the
+        default provider.
+    policy-configuration-factory-provider
+        Corresponds to (and can be overridden by) the system property
+        javax.security.jacc.PolicyConfigurationFactory.provider
+    policy-provider
+        Corresponds to (and can be overridden by) the system property
+        javax.security.jacc.policy.provider
+  Used in:
+    security-service
+-->
+<!ELEMENT jacc-provider (property*)>
+<!ATTLIST jacc-provider
+    name CDATA #REQUIRED
+    policy-provider CDATA #REQUIRED
+    policy-configuration-factory-provider CDATA #REQUIRED>
+<!-- transaction-service
+    Configuration for Transaction Manager.
+  attributes
+    automatic-recovery
+        if true, server instance attempts recovery at restart.
+    heuristic-decision
+        During recovery, if outcome of a transaction cannot be
+        determined from the logs, then this property is used to fix
+        the outcome.
+    keypoint-interval
+        property used to specify the number of transactions between
+        keypoint operations on the log. A Keypoint operations could
+        reduce the size of the transaction log files. A larger value
+        for this property (for example, 1000) will result in larger
+        transaction log files, between log compactions, but less
+        keypoint operations, and potentially better performance. A
+        smaller value (e.g. 20) results in smaller log files but
+        slightly reduced performance due to the greater frequency of
+        keypoint operations.
+    retry-timeout-in-seconds
+        used to determine the retry time in the following scenarios.
+        1 Time to wait at the transaction recovery time, when
+            resources are unreachable.
+        2 If there are any transient
+            exceptions in the second phase of the 2 PC protocol.
+        A negative value indicates infinite retry. '0' indicates no
+        retry. A positive value indicates the number of seconds for
+        which retry will be attempted. Default is 10 minutes which
+        may be appropriate for a database being restarted.
+    timeout-in-seconds
+        amount of time the transaction manager waits for response
+        from a datasource participating in transaction. A value of 0
+        implies infinite timeout.
+    tx-log-dir
+        Transaction service creates a sub directory 'tx' under
+        tx-log-dir to store the transaction logs. The default value
+        of the tx-log-dir is $INSTANCE-ROOT/logs. If this attribute
+        is not explicitly specified in the <transaction-service>
+        element, 'tx' sub directory will be created under the path
+        specified in log-root attribute of <domain> element.
+  Used in:
+    config
+-->
+<!ELEMENT transaction-service (property*)>
+<!ATTLIST transaction-service
+    automatic-recovery %boolean; "false"
+    timeout-in-seconds CDATA "0"
+    tx-log-dir CDATA #IMPLIED
+    heuristic-decision (rollback | commit) "rollback"
+    retry-timeout-in-seconds CDATA "600"
+    keypoint-interval CDATA "2048">
+<!-- monitoring-service
+  Used in:
+    config
+-->
+<!ELEMENT monitoring-service (module-monitoring-levels?, property*)>
+<!-- module-monitoring-levels
+  attributes
+    connector-connection-pool
+        monitoring level for all the connector-connection-pools used
+        by the runtime.
+    ejb-container
+        various ejbs deployed to the server, ejb-pools, ejb-caches
+        and ejb-methods.
+    http-service
+        http engine and the http listeners therein.
+    jdbc-connection-pool
+        monitoring level for all the jdbc-connection-pools used by
+        the runtime.
+    orb
+        specifies the level for connection managers of the orb, which
+        apply to connections to the orb
+    thread-pool
+        all the thread-pools used by the run time.
+    transaction-service
+        transaction subsystem.
+  Used in:
+    monitoring-service
+-->
+<!ELEMENT module-monitoring-levels (property*)>
+<!ATTLIST module-monitoring-levels
+    thread-pool %monitoring-level; "OFF"
+    orb %monitoring-level; "OFF"
+    ejb-container %monitoring-level; "OFF"
+    web-container %monitoring-level; "OFF"
+    transaction-service %monitoring-level; "OFF"
+    http-service %monitoring-level; "OFF"
+    jdbc-connection-pool %monitoring-level; "OFF"
+    connector-connection-pool %monitoring-level; "OFF"
+    connector-service %monitoring-level; "OFF"
+    jms-service %monitoring-level; "OFF"
+    jvm %monitoring-level; "OFF">
+<!-- java-config
+    Java Runtime environment configuration
+  attributes
+    bytecode-preprocessors
+        A comma separated list of classnames, each of which must
+        implement the com.sun.appserv.BytecodePreprocessor interface.
+        Each of the specified preprocessor class will be called in
+        the order specified. At the moment the comelling use is for a
+        3rd party Performance Profiling tool.
+    classpath-prefix
+        A java classpath string that is prefixed to server-classpath
+    classpath-suffix
+        A java classpath string that is appended to server-classpath
+    debug-enabled
+        If set to true, the server starts up in debug mode ready for
+        attaching with a JPDA based debugger.
+    debug-options
+        JPDA based debugging options string.
+    env-classpath-ignored
+        If set to false, the CLASSPATH environment variable will be
+        read and appended to the Application Server classpath, which
+        is constructed as described above. The CLASSPATH environment
+        variable will be added after the classpath-suffix, at the
+        very end.
+    javac-options
+        Options string passed to Java compiler, at application
+        deployment time.
+    java-home
+        Specifies the installation directory for Java runtime. JDK
+        1.4 or higher is supported.
+    native-library-path-prefix
+        is prepended to the native library path, which is constructed
+        internally.
+        Internally, the native library path is automatically constructed to be
+        a concatenation of Application Server installation relative path for
+        its native shared libraries, standard JRE native library path, the
+        shell environment setting (LD-LIBRARY-PATH on Unix) and any path that
+        may be specified in the profile element.
+    native-library-path-suffix
+        is appended to the native library path, which is constructed
+        as described above.
+    rmic-options
+        Options string passed to RMI compiler, at application
+        deployment time.
+    server-classpath
+        A java classpath string that specifies the classes needed by
+        the Application server. Do not expect users to change this
+        under normal conditions.
+  Used in:
+    config
+-->
+<!ELEMENT java-config (profiler?, (jvm-options | property)*)>
+<!ATTLIST java-config
+    java-home CDATA "${com.sun.aas.javaRoot}"
+    debug-enabled %boolean; "false"
+    debug-options CDATA "-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n"
+    rmic-options CDATA "-iiop -poa -alwaysgenerate -keepgenerated -g"
+    javac-options CDATA "-g"
+    classpath-prefix CDATA #IMPLIED
+    classpath-suffix CDATA #IMPLIED
+    server-classpath CDATA #IMPLIED
+    native-library-path-prefix CDATA #IMPLIED
+    native-library-path-suffix CDATA #IMPLIED
+    bytecode-preprocessors CDATA #IMPLIED
+    env-classpath-ignored %boolean; "true">
+<!-- jvm-options
+    String value for options that will be passed to the JVM
+  Used in:
+    java-config, profiler
+-->
+<!ELEMENT jvm-options (#PCDATA)>
+<!-- profiler
+    Profilers could be one of jprobe, optimizeit, hprof, wily and so
+    on jvm-options and property elements are used to record the
+    settings needed to get a particular profiler going. A server
+    instance is tied to a particular profiler, by the profiler
+    element in java-config. Changing the profiler will require a
+    server restart.
+    The adminstrative graphical interfaces, could list multiple supported
+    profilers (incomplete at this point) and will populate server.xml
+    appropriately.
+  Used in:
+    java-config
+-->
+<!ELEMENT profiler ((jvm-options | property)*)>
+<!ATTLIST profiler
+    name CDATA #REQUIRED
+    classpath CDATA #IMPLIED
+    native-library-path CDATA #IMPLIED
+    enabled %boolean; "true">
+<!-- availability-service
+    SE/EE only: TBD Needs explanation
+  attributes
+    store-pool-name
+        This is the jndi-name for the JDBC Connection Pool used
+        potentially by both the Web Container and the EJB Stateful
+        Session Bean Container for use in checkpointing/passivation
+        when persistence-type = "ha". See sfsb-ha-persistence-type
+        and sfsb-persistence-type for more details. It will default
+        to "jdbc/hastore". This attribute can be over-ridden in
+        either web-container-availability (with
+        http-session-store-pool-name) and/or in
+        ejb-container-availability (with sfsb-store-pool-name). If
+        store-pool-name is not over-ridden then both containers will
+        share the same connection pool. If either container
+        over-rides then it may have its own dedicated pool. In this
+        case there must also be a new corresponding JDBC Resource and
+        JDBC Connection Pool defined for this new pool name.
+  Used in:
+    config
+-->
+<!ELEMENT availability-service
+    (web-container-availability?, ejb-container-availability?, property*)>
+<!ATTLIST availability-service
+    availability-enabled %boolean; "true"
+    store-pool-name CDATA #IMPLIED>
+<!-- web-container-availability
+    web-container-availability SE/EE only:
+  attributes
+    availability-enabled
+        This boolean flag controls whether availability is enabled
+        for HTTP session persistence. If this is "false", then
+        session persistence is disabled for all web modules in j2ee
+        apps and stand-alone web modules. If it is "true" (and
+        providing that the global availability-enabled in
+        availability-service is also "true", then j2ee apps and
+        stand-alone web modules may be ha enabled. Finer-grained
+        control exists at lower levels. If this attribute is missing,
+        it "inherits" the value of the global availability-enabled
+        under availability-service.
+    http-session-store-pool-name
+        This is the jndi-name for the JDBC Connection Pool used by
+        the HTTP Session Persistence Framework. If missing, internal
+        code will default it to value of store-pool-name under
+        availability-service (ultimately "jdbc/hastore").
+    persistence-frequency
+        The persistence frequency used by the session persistence
+        framework, when persistence-type = "ha". Values may be
+        "time-based" or "web-event". If it is missing, then the
+        persistence-type will revert to "memory".
+    persistence-scope
+        The persistence scope used by the session persistence
+        framework, when persistence-type = "ha". Values may be
+        "session", "modified-session", "modified-attribute". If it is
+        missing, then the persistence-type will revert to "memory".
+    persistence-store-health-check-enabled
+        Reserved for future use.
+    persistence-type
+        The persistence type used by the session persistence
+        framework.
+    sso-failover-enabled
+        This controls whether Single-Sign-On state will be made
+        available for failover.
+  Used in:
+    availability-service
+-->
+<!ELEMENT web-container-availability (property*)>
+<!ATTLIST web-container-availability
+    availability-enabled %boolean; #IMPLIED
+    persistence-type %persistence-type; "memory"
+    persistence-frequency %session-save-frequency; #IMPLIED
+    persistence-scope %session-save-scope; #IMPLIED
+    persistence-store-health-check-enabled %boolean; "false"
+    sso-failover-enabled %boolean; "false"
+    http-session-store-pool-name CDATA #IMPLIED>
+<!-- ejb-container-availability
+  attributes
+    availability-enabled
+        This boolean flag controls whether availability is enabled
+        for SFSB checkpointing (and potentially passivation). If this
+        is "false", then all SFSB checkpointing is disabled for all
+        j2ee apps and ejb modules. If it is "true" (and providing
+        that the global availability-enabled in availability-service
+        is also "true", then j2ee apps and stand-alone ejb modules
+        may be ha enabled. Finer-grained control exists at lower
+        levels. If this attribute is missing, it inherits the value
+        of the global availability-enabled under availability-service.
+    sfsb-checkpoint-enabled
+        This attribute is deprecated, replaced by
+        availability-enabled and will be ignored if present.
+    sfsb-ha-persistence-type
+        The persistence type used by the EJB Stateful Session Bean
+        Container for checkpointing and passivating
+        availability-enabled beans' state. Values may be "file" or
+        "ha". Default is "ha".
+    sfsb-quick-checkpoint-enabled
+        This attribute is deprecated and will be ignored if present.
+    sfsb-store-pool-name
+        This is the jndi-name for the JDBC Connection Pool used by
+        the EJB Stateful Session Bean Container for use in
+        checkpointing/passivation when persistence-type = "ha". See
+        sfsb-ha-persistence-type and sfsb-persistence-type for more
+        details. It will default to value of store-pool-name under
+        availability-service (ultimately "jdbc/hastore").
+  Used in:
+    availability-service
+-->
+<!ELEMENT ejb-container-availability (property*)>
+<!ATTLIST ejb-container-availability
+    availability-enabled %boolean; #IMPLIED
+    sfsb-ha-persistence-type %sfsb-persistence-type; "ha"
+    sfsb-persistence-type %sfsb-persistence-type; "file"
+    sfsb-checkpoint-enabled %boolean; #IMPLIED
+    sfsb-quick-checkpoint-enabled %boolean; #IMPLIED
+    sfsb-store-pool-name CDATA #IMPLIED>
+<!-- jdbc-connection-pool
+    jdbc-connection-pool defines configuration used to create and
+    manage a pool physical database connections. Pool definition is
+    named, and can be referred to by multiple jdbc-resource elements
+    (See <jdbc-resource>).
+    Each named pool definition results in a pool instantiated at server
+    start-up. Pool is populated when accessed for the first time. If two or
+    more jdbc-resource elements point to the same jdbc-connection-pool
+    element, they are using the same pool of connections, at run time.
+  children
+    property
+        Most JDBC 2.0 drivers permit use of standard property lists,
+        to specify User, Password and other resource configuration.
+        While these are optional properties, according to the
+        specification, several of these properties may be necessary
+        for most databases. See Section 5.3 of JDBC 2.0 Standard
+        Extension API.
+        The following are the names and corresponding values for these
+        properties
+        databaseName
+            Name of the Database
+        serverName
+            Database Server name.
+        port
+            Port where a Database server is listening for requests.
+        networkProtocol
+            Communication Protocol used.
+        user
+            default name of the database user with which connections
+            will be stablished. Programmatic database authentication
+            or default-resource-principal specified in vendor
+            specific web and ejb deployment descriptors will take
+            precedence, over this default. The details and caveats
+            are described in detail in the Administrator's guide.
+        password
+            password for default database user
+        roleName
+            The initial SQL role name.
+        datasourceName
+            used to name an underlying XADataSource, or
+            ConnectionPoolDataSource when pooling of connections is
+            done
+        description
+            Textual Description
+        When one or more of these properties are specified, they are passed as
+        is using set<Name>(<Value>) methods to the vendors Datasource class
+        (specified in datasource-classname). User and Password properties are
+        used as default principal, if Container Managed authentication is
+        specified and a default-resource-principal is not found in application
+        deployment descriptors.
+  attributes
+    connection-validation-method
+        specifies the type of validation to be performed when
+        is-connection-validation-required is true. The following
+        types of validation are supported:
+        auto-commit
+            using connection.autoCommit()
+        meta-data
+            using connection.getMetaData()
+        table
+            performing a query on a user specified table (see
+            validation-table-name).
+    datasource-classname
+        Name of the vendor supplied JDBC datasource resource manager.
+        An XA or global transactions capable datasource class will
+        implement javax.sql.XADatasource interface. Non XA or Local
+        transactions only datasources will implement
+        javax.sql.Datasource interface.
+    fail-all-connections
+        indicates if all connections in the pool must be closed
+        should a single validation check fail. The default is false.
+        One attempt will be made to re-establish failed connections.
+    idle-timeout-in-seconds
+        maximum time in seconds, that a connection can remain idle in
+        the pool. After this time, the pool implementation can close
+        this connection. Note that this does not control connection
+        timeouts enforced at the database server side. Adminsitrators
+        are advised to keep this timeout shorter than the database
+        server side timeout (if such timeouts are configured on the
+        specific vendor's database), to prevent accumulation of
+        unusable connection in Application Server.
+    is-connection-validation-required
+        if true, connections are validated (checked to find out if
+        they are usable) before giving out to the application. The
+        default is false.
+    is-isolation-level-guaranteed
+        Applicable only when a particular isolation level is
+        specified for transaction-isolation-level. The default value
+        is true. This assures that every time a connection is
+        obtained from the pool, it is guaranteed to have the
+        isolation set to the desired value. This could have some
+        performance impact on some JDBC drivers. Can be set to false
+        by that administrator when they are certain that the
+        application does not change the isolation level before
+        returning the connection.
+    max-pool-size
+        maximum number of conections that can be created
+    max-wait-time-in-millis
+        amount of time the caller will wait before getting a
+        connection timeout. The default is 60 seconds. A value of 0
+        will force caller to wait indefinitely.
+    name
+        unique name of the pool definition.
+    pool-resize-quantity
+        number of connections to be removed when
+        idle-timeout-in-seconds timer expires. Connections that have
+        idled for longer than the timeout are candidates for removal.
+        When the pool size reaches steady-pool-size, the connection
+        removal stops.
+    res-type
+        DataSource implementation class could implement one of of
+        javax.sql.DataSource, javax.sql.XADataSource or
+        javax.sql.ConnectionPoolDataSource interfaces. This optional
+        attribute must be specified to disambiguate when a Datasource
+        class implements two or more of these interfaces. An error is
+        produced when this attribute has a legal value and the
+        indicated interface is not implemented by the datasource
+        class. This attribute has no default value.
+    steady-pool-size
+        minimum and initial number of connections maintained in the
+        pool.
+    transaction-isolation-level
+        Specifies the Transaction Isolation Level on the pooled
+        database connections. Optional. Has no default. If left
+        unspecified the pool operates with default isolation level
+        provided by the JDBC Driver. A desired isolation level can be
+        set using one of the standard transaction isolation levels,
+        which see.
+        Applications that change the Isolation level on a pooled connection
+        programmatically, risk polluting the pool and this could lead to
+        program errors. Also see: is-isolation-level-guaranteed
+    validation-table-name
+        specifies the table name to be used to perform a query to
+        validate a connection. This parameter is mandatory, if
+        connection-validation-type set to table. Verification by
+        accessing a user specified table may become necessary for
+        connection validation, particularly if database driver caches
+        calls to setAutoCommit() and getMetaData().
+  Used in:
+    resources
+-->
+<!ELEMENT jdbc-connection-pool (description?, property*)>
+<!ATTLIST jdbc-connection-pool
+    name CDATA #REQUIRED
+    datasource-classname CDATA #REQUIRED
+    res-type (javax.sql.DataSource | javax.sql.XADataSource | javax.sql.ConnectionPoolDataSource) #IMPLIED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    transaction-isolation-level %isolation; #IMPLIED
+    is-isolation-level-guaranteed %boolean; "true"
+    is-connection-validation-required %boolean; "false"
+    connection-validation-method (auto-commit | meta-data | table) "auto-commit"
+    validation-table-name CDATA #IMPLIED
+    fail-all-connections %boolean; "false">
+<!-- connector-connection-pool
+    connector-connection-pool defines configuration used to create
+    and manage a pool of connections to a EIS. Pool definition is
+    named, and can be referred to by multiple connector-resource
+    elements (See connector-resource).
+    Each named pool definition results in a pool instantiated at server
+    start-up. Pool is populated when accessed for the first time. If two or
+    more connector-resource elements point to the same
+    connector-connection-pool element, they are using the same pool of
+    connections, at run time.
+    There can be more than one pool for one connection-definition in one
+    resource-adapter.
+  children
+    property
+        Properties are used to override the ManagedConnectionFactory
+        javabean configuration settings.
+        When one or more of these properties are specified, they are passed as
+        is using set<Name>(<Value>) methods to the Resource Adapter's
+        ManagedConnectionfactory class (specified in ra.xml).
+  attributes
+    connection-definition-name
+        unique name, identifying one connection-definition in a
+        Resource Adapter. Currently this is ConnectionFactory type.
+    fail-all-connections
+        indicates if all connections in the pool must be closed
+        should a single connection fail validation. The default is
+        false. One attempt will be made to re-establish failed
+        connections.
+    idle-timeout-in-seconds
+        maximum time in seconds, that a connection can remain idle in
+        the pool. After this time, the pool implementation can close
+        this connection. Note that this does not control connection
+        timeouts enforced at the database server side. Adminsitrators
+        are advised to keep this timeout shorter than the EIS
+        connection timeout (if such timeouts are configured on the
+        specific EIS), to prevent accumulation of unusable connection
+        in Application Server.
+    max-pool-size
+        maximum number of conections that can be created
+    max-wait-time-in-millis
+        amount of time the caller will wait before getting a
+        connection timeout. The default is 60 seconds. A value of 0
+        will force caller to wait indefinitely.
+    name
+        unique name of the pool definition.
+    pool-resize-quantity
+        number of connections to be removed when
+        idle-timeout-in-seconds timer expires. Connections that have
+        idled for longer than the timeout are candidates for removal.
+        When the pool size reaches steady-pool-size, the connection
+        removal stops.
+    resource-adapter-name
+        This is the name of resource adapter. Name of .rar file is
+        taken as the unique name for the resource adapter.
+    steady-pool-size
+        minimum and initial number of connections maintained in the
+        pool.
+    transaction-support
+        Indicates the level of transaction support that this pool
+        will have. Possible values are "XATransaction",
+        "LocalTransaction" and "NoTransaction". This attribute will
+        override that transaction support attribute in the Resource
+        Adapter in a downward compatible way, i.e it can support a
+        lower/equal transaction level than specified in the RA, but
+        not a higher level.
+  Used in:
+    resources
+-->
+<!ELEMENT connector-connection-pool (description?, security-map*, property*)>
+<!ATTLIST connector-connection-pool
+    name CDATA #REQUIRED
+    resource-adapter-name CDATA #REQUIRED
+    connection-definition-name CDATA #REQUIRED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    fail-all-connections %boolean; "false"
+    transaction-support (XATransaction | LocalTransaction | NoTransaction) #IMPLIED>
+<!-- security-map
+    Perform mapping from principal received during Servlet/EJB
+    authentication, to credentials accepted by the EIS. This mapping
+    is optional.It is possible to map multiple (server) principal to
+    the same backend principal.
+  Used in:
+    connector-connection-pool
+-->
+<!ELEMENT security-map ((principal | user-group)+, backend-principal)>
+<!ATTLIST security-map
+    name CDATA #REQUIRED>
+<!-- principal
+    Principal of the Servlet and EJB client
+  Used in:
+    security-map
+-->
+<!ELEMENT principal (#PCDATA)>
+<!-- user-group
+  Used in:
+    security-map
+-->
+<!ELEMENT user-group (#PCDATA)>
+<!-- backend-principal
+  Used in:
+    security-map
+-->
+<!ELEMENT backend-principal EMPTY>
+<!ATTLIST backend-principal
+    user-name CDATA #REQUIRED
+    password CDATA #IMPLIED>
+<!-- thread-pools
+  Used in:
+    config
+-->
+<!ELEMENT thread-pools (thread-pool+)>
+<!-- thread-pool
+  attributes
+    idle-thread-timeout-in-seconds
+        idle threads are removed from pool, after this time
+    max-thread-pool-size
+        Maximum number of threads in the threadpool servicing
+        requests in this queue. This is the upper bound on the no. of
+        threads that exist in the threadpool.
+    min-thread-pool-size
+        Minimum number of threads in the threadpool servicing
+        requests in this queue. These are created up front when this
+        threadpool is instantiated
+    num-work-queues
+        This denotes the total number of work queues that are
+        serviced by this threadpool.
+    thread-pool-id
+        This is an id for the work-queue e.g. "thread-pool-1",
+        "thread-pool-2" etc
+  Used in:
+    thread-pools
+-->
+<!ELEMENT thread-pool EMPTY>
+<!ATTLIST thread-pool
+    thread-pool-id CDATA #REQUIRED
+    min-thread-pool-size CDATA "0"
+    max-thread-pool-size CDATA "200"
+    idle-thread-timeout-in-seconds CDATA "120"
+    num-work-queues CDATA "1">
+<!-- property
+    Syntax for supplying properties as name value pairs
+  Used in:
+    admin-object-resource, admin-service, alert-service,
+    audit-module, auth-realm, availability-service, cluster, config,
+    connector-connection-pool, connector-resource, custom-resource,
+    das-config, domain, ejb-container, ejb-container-availability,
+    ejb-timer-service, external-jndi-resource, filter-config,
+    http-listener, http-service, iiop-listener, jacc-provider,
+    java-config, jdbc-connection-pool, jdbc-resource, jms-host,
+    jms-service, jmx-connector, lb-config, lifecycle-module,
+    listener-config, log-service, mail-resource, manager-properties,
+    mdb-container, module-log-levels, module-monitoring-levels,
+    monitoring-service, node-agent, orb,
+    persistence-manager-factory-resource, profiler, provider-config,
+    resource-adapter-config, security-service, server,
+    session-properties, store-properties, transaction-service,
+    virtual-server, web-container, web-container-availability
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property
+    name CDATA #REQUIRED
+    value CDATA #REQUIRED>
+<!-- system-property
+    Syntax for supplying system properties as name value pairs
+  Used in:
+    cluster, config, domain, server
+-->
+<!ELEMENT system-property (description?)>
+<!ATTLIST system-property
+    name CDATA #REQUIRED
+    value CDATA #REQUIRED>
+<!-- server
+    J2EE Application Server Configuration
+    Each Application Server instance is a J2EEv1.4 compliant container. One
+    server instance is specially designated as the Administration Server in
+    SE/EE. User applications cannot be deployed to an Adminsitration Server
+    instance.
+  children
+    application-ref
+        References to applications deployed to the server instance
+    resource-ref
+        References to resources deployed to the server instance
+  attributes
+    config-ref
+        points to a named config. needed for stand-alone servers. If
+        the server instance is part of a cluster, then it must not be
+        present, and will be ignored.
+    name
+        name of the server instance.
+    node-agent-ref
+        SE/EE only. Specifies the name of the node agent where the
+        server instance is hosted.
+  Used in:
+    servers
+-->
+<!ELEMENT server
+    (application-ref*, resource-ref*, system-property*, property*)>
+<!ATTLIST server
+    name CDATA #REQUIRED
+    config-ref CDATA #IMPLIED
+    node-agent-ref CDATA #IMPLIED>
+<!-- application-ref
+  attributes
+    disable-timeout-in-minutes
+        The time, in minutes, that it takes this application to reach
+        a quiescent state after having been disabled
+    lb-enabled
+        A boolean flag that causes any and all load-balancers using
+        this application to consider this application unavailable to
+        them. Defaults to unavailable (false).
+  Used in:
+    cluster, server
+-->
+<!ELEMENT application-ref EMPTY>
+<!ATTLIST application-ref
+    enabled %boolean; "true"
+    virtual-servers CDATA #IMPLIED
+    lb-enabled %boolean; "false"
+    disable-timeout-in-minutes CDATA "30"
+    ref CDATA #REQUIRED>
+<!-- resource-ref
+  Used in:
+    cluster, server
+-->
+<!ELEMENT resource-ref EMPTY>
+<!ATTLIST resource-ref
+    enabled %boolean; "true"
+    ref CDATA #REQUIRED>
+<!-- cluster
+    SE/EE Cluster configuration. A cluster defines a homogenous set
+    of server instances that share the same applications, resources,
+    and configuration.
+  children
+    server-ref
+        list of servers in the cluster
+  attributes
+    config-ref
+        points to a named config. All server instances in the cluster
+        will share this config.
+    name
+        cluster name
+  Used in:
+    clusters
+-->
+<!ELEMENT cluster
+    (server-ref*, resource-ref*, application-ref*, system-property*,
+    property*)>
+<!ATTLIST cluster
+    name CDATA #REQUIRED
+    config-ref CDATA #REQUIRED>
+<!-- server-ref
+  attributes
+    disable-timeout-in-minutes
+        The time, in minutes, that it takes this server to reach a
+        quiescent state after having been disabled
+    enabled
+        A boolean flag that causes the server to be enabled to serve
+        end-users, or not. Default is to be enabled (true)
+    lb-enabled
+        A boolean flag that causes any and all load-balancers using
+        this server to consider this server unavailable to them.
+        Defaults to unavailable (false)
+    ref
+        A reference to the name of a server defined elsewhere
+  Used in:
+    cluster, lb-config
+-->
+<!ELEMENT server-ref (health-checker?)>
+<!ATTLIST server-ref
+    ref CDATA #REQUIRED
+    disable-timeout-in-minutes CDATA "30"
+    lb-enabled %boolean; "false"
+    enabled %boolean; "true">
+<!-- node-agent
+    SE/EE Node Controller. The node agent is an agent that manages
+    server instances on a host machine.
+  attributes
+    name
+        Node Controller name
+    start-servers-in-startup
+        If true starts all managed server instances when the Node
+        Controller is started.
+    system-jmx-connector-name
+        The name of the internal jmx connector
+  Used in:
+    node-agents
+-->
+<!ELEMENT node-agent (jmx-connector?, auth-realm?, log-service, property*)>
+<!ATTLIST node-agent
+    name CDATA #REQUIRED
+    system-jmx-connector-name CDATA #IMPLIED
+    start-servers-in-startup %boolean; "true">
+<!-- lb-config
+  attributes
+    https-routing
+        Boolean flag indicating how load-balancer will route https
+        requests. If true then an https request to the load-balancer
+        will result in an https request to the server; if false then
+        https requests to the load-balancer result in http requests
+        to the server. Default is to use http (i.e. value of false);
+    monitoring-enabled
+        Boolean flag that determines whether monitoring is switched
+        on or not. Default is that monitoring is switched off (false)
+    name
+        Name of the load balancer configuration
+    reload-poll-interval-in-seconds
+        Maximum period, in seconds, that a change to the load
+        balancer configuration file takes before it is detected by
+        the load balancer and the file reloaded. A value of 0
+        indicates that reloading is disabled. Default period is 1
+        minute (60)
+    response-timeout-in-seconds
+        Period within which a server must return a response or
+        otherwise it will be considered unhealthy. Default value is
+        60 seconds. Must be greater than or equal to 0. A value of 0
+        effectively turns off this check functionality, meaning the
+        server will always be considered healthy.
+    route-cookie-enabled
+        Boolean flag that determines whether a route cookie is or is
+        not enabled. Default is enabled (true).
+  Used in:
+    lb-configs
+-->
+<!ELEMENT lb-config ((cluster-ref* | server-ref*), property*)>
+<!ATTLIST lb-config
+    name CDATA #REQUIRED
+    response-timeout-in-seconds CDATA "60"
+    https-routing %boolean; "false"
+    reload-poll-interval-in-seconds CDATA "60"
+    monitoring-enabled %boolean; "false"
+    route-cookie-enabled %boolean; "true">
+<!-- health-checker
+    Each cluster would be configured for a ping based health check
+    mechanism.
+  attributes
+    interval-in-seconds
+        Interval, in seconds, between health checks. A value of "0"
+        means that the health check is disabled. Default is 30
+        seconds. Must be 0 or greater.
+    timeout-in-seconds
+        Maximum time, in seconds, that a server must respond to a
+        health check request to be considered healthy. Default is 10
+        seconds. Must be greater than 0.
+    url
+        URL to ping so as to determine the health state of a
+        listener. This must be a relative URL.
+  Used in:
+    cluster-ref, server-ref
+-->
+<!ELEMENT health-checker EMPTY>
+<!ATTLIST health-checker
+    url CDATA "/"
+    interval-in-seconds CDATA "30"
+    timeout-in-seconds CDATA "10">
+<!-- cluster-ref
+    Element relating a reference to a cluster to be load balanced to
+    an (optional) health-checker
+  attributes
+    ref
+        A reference to the name of a cluster defined elsewhere
+  Used in:
+    lb-config
+-->
+<!ELEMENT cluster-ref (health-checker?)>
+<!ATTLIST cluster-ref
+    ref CDATA #REQUIRED>
+<!-- message-security-config
+    The message-security-config element defines the message layer
+    specific provider configurations of the application server.
+    All of the providers within a message-security-config element must be able
+    to perform authentication processing at the message layer defined by the
+    value of the auth-layer attribute.
+  attributes
+    default-client-provider
+        used to identify the client provider to be invoked for any
+        application for which a specific client provider has not been
+        bound.
+    default-provider
+        used to identify the server provider to be invoked for any
+        application for which a specific server provider has not been
+        bound.
+        When a default provider of a type is not defined for a message layer,
+        the container will only invoke a provider of the type (at the layer)
+        for those applications for which a specific provider has been bound.
+  Used in:
+    security-service
+-->
+<!ELEMENT message-security-config (provider-config+)>
+<!ATTLIST message-security-config
+    auth-layer %message-layer; #REQUIRED
+    default-provider CDATA #IMPLIED
+    default-client-provider CDATA #IMPLIED>
+<!-- provider-config
+    The provider-config element defines the configuration of an
+    authentication provider.
+    A provider-config with no contained request-policy or response-policy
+    sub-elements, is a null provider. The container will not instantiate or
+    invoke the methods of a null provider, and as such the implementation
+    class of a null provider need not exist.
+  children
+    request-policy
+        defines the authentication policy requirements associated
+        with the request processing performed by the authentication
+        provider.
+    response-policy
+        defines the authentication policy requirements associated
+        with the response processing performed by the authentication
+        provider.
+  attributes
+    class-name
+        defines the java implementation class of the provider. Client
+        authentication providers must implement the
+        com.sun.enterprise.security.jauth.ClientAuthModule
+        interface. Server-side providers must implement the
+        com.sun.enterprise.security.jauth.ServerAuthModule
+        interface. A provider may implement both interfaces, but it
+        must implement the interface corresponding to its provider
+        type.
+    provider-id
+        Identifier used to uniquely identify this
+        provider-config
+        element
+    provider-type
+        defines whether the provider is a client authentication
+        provider or a server authentication provider.
+  Used in:
+    message-security-config
+-->
+<!ELEMENT provider-config (request-policy?, response-policy?, property*)>
+<!ATTLIST provider-config
+    provider-id CDATA #REQUIRED
+    provider-type (client | server | client-server) #REQUIRED
+    class-name CDATA #REQUIRED>
+<!-- request-policy
+    Used to define the authentication policy requirements associated
+    with the request processing performed by an authentication
+    provider (i.e. when a client provider's
+    ClientAuthModule.initiateRequest()
+    method is called or when a server provider's
+    ServerAuthModule.validateRequest()
+    method is called).
+  attributes
+    auth-recipient
+        defines a requirement for message layer authentication of the
+        reciever of a message to its sender (e.g. by XML encryption).
+        before-content
+            indicates that recipient authentication (e.g. encryption)
+            is to occur before any content authentication (e.g.
+            encrypt then sign) with respect to the target of the
+            containing auth-policy.
+        after-content
+            indicates that recipient authentication (e.g. encryption)
+            is to occur after any content authentication (e.g. sign
+            then encrypt) with respect to the target of the
+            containing auth-policy.
+    auth-source
+        defines a requirement for message layer sender authentication
+        (e.g. username password) or content authentication (e.g.
+        digital signature).
+  Used in:
+    provider-config
+-->
+<!ELEMENT request-policy EMPTY>
+<!ATTLIST request-policy
+    auth-source (sender | content) #IMPLIED
+    auth-recipient (before-content | after-content) #IMPLIED>
+<!-- response-policy
+    Used to define the authentication policy requirements associated
+    with the response processing performed by an authentication
+    provider (i.e. when a client provider's
+    ClientAuthModule.validateResponse()
+    method is called or when a server provider's
+    ServerAuthModule.secureResponse()
+    method is called).
+  attributes
+    auth-recipient
+        defines a requirement for message layer authentication of the
+        reciever of a message to its sender (e.g. by XML encryption).
+        before-content
+            indicates that recipient authentication (e.g. encryption)
+            is to occur before any content authentication (e.g.
+            encrypt then sign) with respect to the target of the
+            containing auth-policy.
+        after-content
+            indicates that recipient authentication (e.g. encryption)
+            is to occur after any content authentication (e.g. sign
+            then encrypt) with respect to the target of the
+            containing auth-policy.
+    auth-source
+        defines a requirement for message layer sender authentication
+        (e.g. username password) or content authentication (e.g.
+        digital signature).
+  Used in:
+    provider-config
+-->
+<!ELEMENT response-policy EMPTY>
+<!ATTLIST response-policy
+    auth-source (sender | content) #IMPLIED
+    auth-recipient (before-content | after-content) #IMPLIED>