初始提交
diff --git a/tomcat-cas/webapps/docs/config/valve.html b/tomcat-cas/webapps/docs/config/valve.html
new file mode 100644
index 0000000..8dbdf0f
--- /dev/null
+++ b/tomcat-cas/webapps/docs/config/valve.html
@@ -0,0 +1,753 @@
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat Configuration Reference (6.0.39) - The Valve Component</title><meta name="author" content="Craig R. McClanahan"><style type="text/css" media="print">
+ .noPrint {display: none;}
+ td#mainBody {width: 100%;}
+ </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="../images/tomcat.gif" align="right" alt="
+ The Apache Tomcat Servlet/JSP Container
+ " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.39, Jan 27 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="../images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li></ul><p><strong>Top Level Elements</strong></p><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul><p><strong>Executors</strong></p><ul><li><a href="executor.html">Executor</a></li></ul><p><strong>Connectors</strong></p><ul><li><a href="http.html">HTTP</a></li><li><a href="ajp.html">AJP</a></li></ul><p><strong>Containers</strong></p><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul><p><strong>Nested Components</strong></p><ul><li><a href="globalresources.html">Global Resources</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="valve.html">Valve</a></li></ul><p><strong>Cluster Elements</strong></p><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/Membership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul><p><strong>Other</strong></p><ul><li><a href="filter.html">Filter</a></li><li><a href="systemprops.html">System properties</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat Configuration Reference</h1><h2>The Valve Component</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Access_Log_Valve">Access Log Valve</a><ol><li><a href="#Access_Log_Valve/Introduction">Introduction</a></li><li><a href="#Access_Log_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Remote_Address_Filter">Remote Address Filter</a><ol><li><a href="#Remote_Address_Filter/Introduction">Introduction</a></li><li><a href="#Remote_Address_Filter/Attributes">Attributes</a></li></ol></li><li><a href="#Remote_Host_Filter">Remote Host Filter</a><ol><li><a href="#Remote_Host_Filter/Introduction">Introduction</a></li><li><a href="#Remote_Host_Filter/Attributes">Attributes</a></li></ol></li><li><a href="#Request_Dumper_Valve">Request Dumper Valve</a><ol><li><a href="#Request_Dumper_Valve/Introduction">Introduction</a></li><li><a href="#Request_Dumper_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Single_Sign_On_Valve">Single Sign On Valve</a><ol><li><a href="#Single_Sign_On_Valve/Introduction">Introduction</a></li><li><a href="#Single_Sign_On_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Basic_Authenticator_Valve">Basic Authenticator Valve</a><ol><li><a href="#Basic_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#Basic_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Digest_Authenticator_Valve">Digest Authenticator Valve</a><ol><li><a href="#Digest_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#Digest_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Form_Authenticator_Valve">Form Authenticator Valve</a><ol><li><a href="#Form_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#Form_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#SSL_Authenticator_Valve">SSL Authenticator Valve</a><ol><li><a href="#SSL_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#SSL_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#WebDAV_Fix_Valve">WebDAV Fix Valve</a><ol><li><a href="#WebDAV_Fix_Valve/Introduction">Introduction</a></li><li><a href="#WebDAV_Fix_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Remote_IP_Valve">Remote IP Valve</a><ol><li><a href="#Remote_IP_Valve/Introduction">Introduction</a></li><li><a href="#Remote_IP_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Stuck_Thread_Detection_Valve">Stuck Thread Detection Valve</a><ol><li><a href="#Stuck_Thread_Detection_Valve/Introduction">Introduction</a></li><li><a href="#Stuck_Thread_Detection_Valve/Attributes">Attributes</a></li></ol></li></ul>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>A <strong>Valve</strong> element represents a component that will be
+ inserted into the request processing pipeline for the associated
+ Catalina container (<a href="engine.html">Engine</a>,
+ <a href="host.html">Host</a>, or <a href="context.html">Context</a>).
+ Individual Valves have distinct processing capabilities, and are
+ described individually below.</p>
+
+ <blockquote><em>
+ <p>The description below uses the variable name $CATALINA_BASE to refer the
+ base directory against which most relative paths are resolved. If you have
+ not configured Tomcat 6 for multiple instances by setting a CATALINA_BASE
+ directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME,
+ the directory into which you have installed Tomcat 6.</p>
+ </em></blockquote>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Access Log Valve"><!--()--></a><a name="Access_Log_Valve"><strong>Access Log Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Access Log Valve/Introduction"><!--()--></a><a name="Access_Log_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Access Log Valve</strong> creates log files in the same
+ format as those created by standard web servers. These logs can later
+ be analyzed by standard log analysis tools to track page hit counts,
+ user session activity, and so on. The files produces by this <code>Valve</code>
+ are rolled over nightly at midnight. This <code>Valve</code>
+ may be associated with any Catalina container (<code>Context</code>,
+ <code>Host</code>, or <code>Engine</code>), and
+ will record ALL requests processed by that container.</p>
+
+ <p>Some requests may be handled by Tomcat before they are passed to a
+ container. These include redirects from /foo to /foo/ and the rejection of
+ invalid requests. Where Tomcat can identify the <code>Context</code> that
+ would have handled the request, the request/response will be logged in the
+ <code>AccessLog</code>(s) associated <code>Context</code>, <code>Host</code>
+ and <code>Engine</code>. Where Tomcat cannot identify the
+ <code>Context</code> that would have handled the request, e.g. in cases
+ where the URL is invalid, Tomcat will look first in the <code>Engine</code>,
+ then the default <code>Host</code> for the <code>Engine</code> and finally
+ the ROOT (or default) <code>Context</code> for the default <code>Host</code>
+ for an <code>AccessLog</code> implementation. Tomcat will use the first
+ <code>AccessLog</code> implementation found to log those requests that are
+ rejected before they are passed to a container.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Access Log Valve/Attributes"><!--()--></a><a name="Access_Log_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Access Log Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.AccessLogValve</strong> to use the
+ default access log valve.</p>
+ </td></tr><tr><td align="left" valign="center"><code>directory</code></td><td align="left" valign="center">
+ <p>Absolute or relative pathname of a directory in which log files
+ created by this valve will be placed. If a relative path is
+ specified, it is interpreted as relative to $CATALINA_BASE. If
+ no directory attribute is specified, the default value is "logs"
+ (relative to $CATALINA_BASE).</p>
+ </td></tr><tr><td align="left" valign="center"><code>encoding</code></td><td align="left" valign="center">
+ <p>Character set used to write the log file. An empty string means
+ to use the system default character set. Default value: use the
+ system default character set.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>pattern</code></td><td align="left" valign="center">
+ <p>A formatting layout identifying the various information fields
+ from the request and response to be logged, or the word
+ <code>common</code> or <code>combined</code> to select a
+ standard format. See below for more information on configuring
+ this attribute. Note that the optimized access does only support
+ <code>common</code> and <code>combined</code> as the value for this
+ attribute.</p>
+ </td></tr><tr><td align="left" valign="center"><code>prefix</code></td><td align="left" valign="center">
+ <p>The prefix added to the start of each log file's name. If not
+ specified, the default value is "access_log.". To specify no prefix,
+ use a zero-length string.</p>
+ </td></tr><tr><td align="left" valign="center"><code>resolveHosts</code></td><td align="left" valign="center">
+ <p>Set to <code>true</code> to convert the IP address of the remote
+ host into the corresponding host name via a DNS lookup. Set to
+ <code>false</code> to skip this lookup, and report the remote IP
+ address instead.</p>
+ </td></tr><tr><td align="left" valign="center"><code>suffix</code></td><td align="left" valign="center">
+ <p>The suffix added to the end of each log file's name. If not
+ specified, the default value is "". To specify no suffix,
+ use a zero-length string.</p>
+ </td></tr><tr><td align="left" valign="center"><code>rotatable</code></td><td align="left" valign="center">
+ <p>Flag to determine if log rotation should occur.
+ If set to <code>false</code>, then this file is never rotated and
+ <code>fileDateFormat</code> is ignored. Use with caution!
+ Default value: <code>true</code>
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>condition</code></td><td align="left" valign="center">
+ <p>Turns on conditional logging. If set, requests will be
+ logged only if <code>ServletRequest.getAttribute()</code> is
+ null. For example, if this value is set to
+ <code>junk</code>, then a particular request will only be logged
+ if <code>ServletRequest.getAttribute("junk") == null</code>.
+ The use of Filters is an easy way to set/unset the attribute
+ in the ServletRequest on many different requests.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>fileDateFormat</code></td><td align="left" valign="center">
+ <p>Allows a customized date format in the access log file name.
+ The date format also decides how often the file is rotated.
+ If you wish to rotate every hour, then set this value
+ to: <code>yyyy-MM-dd.HH</code>
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>buffered</code></td><td align="left" valign="center">
+ <p>Flag to determine if logging will be buffered.
+ If set to <code>false</code>, then access logging will be written after each
+ request. Default value: <code>true</code>
+ </p>
+ </td></tr></table>
+
+ <p>Values for the <code>pattern</code> attribute are made up of literal
+ text strings, combined with pattern identifiers prefixed by the "%"
+ character to cause replacement by the corresponding variable value from
+ the current request and response. The following pattern codes are
+ supported:</p>
+ <ul>
+ <li><b>%a</b> - Remote IP address</li>
+ <li><b>%A</b> - Local IP address</li>
+ <li><b>%b</b> - Bytes sent, excluding HTTP headers, or '-' if zero</li>
+ <li><b>%B</b> - Bytes sent, excluding HTTP headers</li>
+ <li><b>%h</b> - Remote host name (or IP address if
+ <code>resolveHosts</code> is false)</li>
+ <li><b>%H</b> - Request protocol</li>
+ <li><b>%l</b> - Remote logical username from identd (always returns
+ '-')</li>
+ <li><b>%m</b> - Request method (GET, POST, etc.)</li>
+ <li><b>%p</b> - Local port on which this request was received</li>
+ <li><b>%q</b> - Query string (prepended with a '?' if it exists)</li>
+ <li><b>%r</b> - First line of the request (method and request URI)</li>
+ <li><b>%s</b> - HTTP status code of the response</li>
+ <li><b>%S</b> - User session ID</li>
+ <li><b>%t</b> - Date and time, in Common Log Format</li>
+ <li><b>%u</b> - Remote user that was authenticated (if any), else '-'</li>
+ <li><b>%U</b> - Requested URL path</li>
+ <li><b>%v</b> - Local server name</li>
+ <li><b>%D</b> - Time taken to process the request, in millis</li>
+ <li><b>%T</b> - Time taken to process the request, in seconds</li>
+ <li><b>%I</b> - current request thread name (can compare later with stacktraces)</li>
+ </ul>
+
+ <p>
+ There is also support to write information from the cookie, incoming
+ header, the Session or something else in the ServletRequest.
+ It is modeled after the
+ <a href="http://httpd.apache.org/">Apache HTTP Server</a> log configuration
+ syntax:</p>
+ <ul>
+ <li><b><code>%{xxx}i</code></b> for incoming headers</li>
+ <li><b><code>%{xxx}o</code></b> for outgoing response headers</li>
+ <li><b><code>%{xxx}c</code></b> for a specific cookie</li>
+ <li><b><code>%{xxx}r</code></b> xxx is an attribute in the ServletRequest</li>
+ <li><b><code>%{xxx}s</code></b> xxx is an attribute in the HttpSession</li>
+ </ul>
+
+
+ <p>The shorthand pattern name <code>common</code> (which is also the
+ default) corresponds to <strong>'%h %l %u %t "%r" %s %b'</strong>.</p>
+
+ <p>The shorthand pattern name <code>combined</code> appends the
+ values of the <code>Referer</code> and <code>User-Agent</code> headers,
+ each in double quotes, to the <code>common</code> pattern
+ described in the previous paragraph.</p>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter"><!--()--></a><a name="Remote_Address_Filter"><strong>Remote Address Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter/Introduction"><!--()--></a><a name="Remote_Address_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Remote Address Filter</strong> allows you to compare the
+ IP address of the client that submitted this request against one or more
+ <em>regular expressions</em>, and either allow the request to continue
+ or refuse to process the request from this client. A Remote Address
+ Filter can be associated with any Catalina container
+ (<a href="engine.html">Engine</a>, <a href="host.html">Host</a>, or
+ <a href="context.html">Context</a>), and must accept any request
+ presented to this container for processing before it will be passed on.</p>
+
+ <p>The syntax for <em>regular expressions</em> is different than that for
+ 'standard' wildcard matching. Tomcat uses the <code>java.util.regex</code>
+ package. Please consult the Java documentation for details of the
+ expressions supported.</p>
+
+ <p>See also: <a href="#Remote_Host_Filter">Remote Host Filter</a>,
+ <a href="#Remote_IP_Valve">Remote IP Valve</a>.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter/Attributes"><!--()--></a><a name="Remote_Address_Filter/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Remote Address Filter</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.RemoteAddrValve</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>allow</code></td><td align="left" valign="center">
+ <p>A comma-separated list of <em>regular expression</em> patterns
+ that the remote client's IP address is compared to. If this attribute
+ is specified, the remote address MUST match for this request to be
+ accepted. If this attribute is not specified, all requests will be
+ accepted UNLESS the remote address matches a <code>deny</code>
+ pattern.</p>
+ </td></tr><tr><td align="left" valign="center"><code>deny</code></td><td align="left" valign="center">
+ <p>A comma-separated list of <em>regular expression</em> patterns
+ that the remote client's IP address is compared to. If this attribute
+ is specified, the remote address MUST NOT match for this request to be
+ accepted. If this attribute is not specified, request acceptance is
+ governed solely by the <code>accept</code> attribute.</p>
+ </td></tr><tr><td align="left" valign="center"><code>denyStatus</code></td><td align="left" valign="center">
+ <p>HTTP response status code that is used when rejecting denied
+ request. The default value is <code>403</code>. For example,
+ it can be set to the value <code>404</code>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter"><!--()--></a><a name="Remote_Host_Filter"><strong>Remote Host Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter/Introduction"><!--()--></a><a name="Remote_Host_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Remote Host Filter</strong> allows you to compare the
+ hostname of the client that submitted this request against one or more
+ <em>regular expressions</em>, and either allow the request to continue
+ or refuse to process the request from this client. A Remote Host
+ Filter can be associated with any Catalina container
+ (<a href="engine.html">Engine</a>, <a href="host.html">Host</a>, or
+ <a href="context.html">Context</a>), and must accept any request
+ presented to this container for processing before it will be passed on.</p>
+
+ <p>The syntax for <em>regular expressions</em> is different than that for
+ 'standard' wildcard matching. Tomcat uses the <code>java.util.regex</code>
+ package. Please consult the Java documentation for details of the
+ expressions supported.</p>
+
+ <p><strong>Note:</strong> This filter processes the value returned by
+ method <code>ServletRequest.getRemoteHost()</code>. To allow the method
+ to return proper host names, you have to enable "DNS lookups" feature on
+ a <strong>Connector</strong>.</p>
+
+ <p>See also: <a href="#Remote_Address_Filter">Remote Address Filter</a>,
+ <a href="http.html">HTTP Connector</a> configuration.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter/Attributes"><!--()--></a><a name="Remote_Host_Filter/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Remote Host Filter</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.RemoteHostValve</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>allow</code></td><td align="left" valign="center">
+ <p>A comma-separated list of <em>regular expression</em> patterns
+ that the remote client's hostname is compared to. If this attribute
+ is specified, the remote hostname MUST match for this request to be
+ accepted. If this attribute is not specified, all requests will be
+ accepted UNLESS the remote hostname matches a <code>deny</code>
+ pattern.</p>
+ </td></tr><tr><td align="left" valign="center"><code>deny</code></td><td align="left" valign="center">
+ <p>A comma-separated list of <em>regular expression</em> patterns
+ that the remote client's hostname is compared to. If this attribute
+ is specified, the remote hostname MUST NOT match for this request to be
+ accepted. If this attribute is not specified, request acceptance is
+ governed solely by the <code>accept</code> attribute.</p>
+ </td></tr><tr><td align="left" valign="center"><code>denyStatus</code></td><td align="left" valign="center">
+ <p>HTTP response status code that is used when rejecting denied
+ request. The default value is <code>403</code>. For example,
+ it can be set to the value <code>404</code>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Valve"><!--()--></a><a name="Request_Dumper_Valve"><strong>Request Dumper Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Valve/Introduction"><!--()--></a><a name="Request_Dumper_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <em>Request Dumper Valve</em> is a useful tool in debugging
+ interactions with a client application (or browser) that is sending
+ HTTP requests to your Tomcat-based server. When configured, it causes
+ details about each request processed by its associated <code>Engine</code>,
+ <code>Host</code>, or <code>Context</code> to be logged according to
+ the logging configuration for that container.</p>
+
+ <p><strong>WARNING: Using this valve has side-effects.</strong> The
+ output from this valve includes any parameters included with the request.
+ The parameters will be decoded using the default platform encoding. Any
+ subsequent calls to <code>request.setCharacterEncoding()</code> within
+ the web application will have no effect. NOTE: Since all parameters are
+ included in the output, the InputStream is consumed for requests made with
+ the method POST and content-type application/x-www-form-urlencoded.</p>
+
+ </blockquote></td></tr></table>
+
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Valve/Attributes"><!--()--></a><a name="Request_Dumper_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Request Dumper Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.RequestDumperValve</strong>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Single Sign On Valve"><!--()--></a><a name="Single_Sign_On_Valve"><strong>Single Sign On Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Single Sign On Valve/Introduction"><!--()--></a><a name="Single_Sign_On_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <em>Single Sign On Valve</em> is utilized when you wish to give users
+ the ability to sign on to any one of the web applications associated with
+ your virtual host, and then have their identity recognized by all other
+ web applications on the same virtual host.</p>
+
+ <p>See the <a href="host.html#Single Sign On">Single Sign On</a> special
+ feature on the <strong>Host</strong> element for more information.</p>
+
+ </blockquote></td></tr></table>
+
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Single Sign On Valve/Attributes"><!--()--></a><a name="Single_Sign_On_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Single Sign On</strong> Valve supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.authenticator.SingleSignOn</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>requireReauthentication</code></td><td align="left" valign="center">
+ <p>Default false. Flag to determine whether each request needs to be
+ reauthenticated to the security <strong>Realm</strong>. If "true", this
+ Valve uses cached security credentials (username and password) to
+ reauthenticate to the <strong>Realm</strong> each request associated
+ with an SSO session. If "false", the Valve can itself authenticate
+ requests based on the presence of a valid SSO cookie, without
+ rechecking with the <strong>Realm</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>cookieDomain</code></td><td align="left" valign="center">
+ <p>Sets the host domain to be used for sso cookies.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Basic Authenticator Valve"><!--()--></a><a name="Basic_Authenticator_Valve"><strong>Basic Authenticator Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Basic Authenticator Valve/Introduction"><!--()--></a><a name="Basic_Authenticator_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Basic Authenticator Valve</strong> is automatically added to
+ any <a href="context.html">Context</a> that is configured to use BASIC
+ authentication.</p>
+
+ <p>If any non-default settings are required, the valve may be configured
+ within <a href="context.html">Context</a> element with the required
+ values.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Basic Authenticator Valve/Attributes"><!--()--></a><a name="Basic_Authenticator_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Basic Authenticator Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.authenticator.BasicAuthenticator</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>changeSessionIdOnAuthentication</code></td><td align="left" valign="center">
+ <p>Controls if the session ID is changed if a session exists at the
+ point where users are authenticated. This is to prevent session fixation
+ attacks. If not set, the default value of <code>true</code> will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>cnonceCacheSize</code></td><td align="left" valign="center">
+ <p>To protect against replay attacks, the DIGEST authenticator tracks
+ client nonce and nonce count values. This attribute controls the size
+ of that cache. If not specified, the default value of 1000 is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>disableProxyCaching</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers but will also cause secured pages to be
+ cached by proxies which will almost certainly be a security issue.
+ <code>securePagesWithPragma</code> offers an alternative, secure,
+ workaround for browser caching issues. If not set, the default value of
+ <code>true</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>key</code></td><td align="left" valign="center">
+ <p>The secret key used by digest authentication. If not set, a secure
+ random value is generated. This should normally only be set when it is
+ necessary to keep key values constant either across server restarts
+ and/or across a cluster.</p>
+ </td></tr><tr><td align="left" valign="center"><code>nonceValidity</code></td><td align="left" valign="center">
+ <p>The time, in milliseconds, that a server generated nonce will be
+ considered valid for use in authentication. If not specified, the
+ default value of 300000 (5 minutes) will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>opaque</code></td><td align="left" valign="center">
+ <p>The opaque server string used by digest authentication. If not set, a
+ random value is generated. This should normally only be set when it is
+ necessary to keep opaque values constant either across server restarts
+ and/or across a cluster.</p>
+ </td></tr><tr><td align="left" valign="center"><code>securePagesWithPragma</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers by using
+ <code>Cache-Control: private</code> rather than the default of
+ <code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
+ If not set, the default value of <code>true</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>validateUri</code></td><td align="left" valign="center">
+ <p>Should the URI be validated as required by RFC2617? If not specified,
+ the default value of <code>true</code> will be used. This should
+ normally only be set when Tomcat is located behind a reverse proxy and
+ the proxy is modifying the URI passed to Tomcat such that DIGEST
+ authentication always fails.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Digest Authenticator Valve"><!--()--></a><a name="Digest_Authenticator_Valve"><strong>Digest Authenticator Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Digest Authenticator Valve/Introduction"><!--()--></a><a name="Digest_Authenticator_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Digest Authenticator Valve</strong> is automatically added to
+ any <a href="context.html">Context</a> that is configured to use DIGEST
+ authentication.</p>
+
+ <p>If any non-default settings are required, the valve may be configured
+ within <a href="context.html">Context</a> element with the required
+ values.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Digest Authenticator Valve/Attributes"><!--()--></a><a name="Digest_Authenticator_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Digest Authenticator Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>cache</code></td><td align="left" valign="center">
+ <p>Should we cache authenticated Principals if the request is part of an
+ HTTP session? If not specified, the default value of <code>false</code>
+ will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.authenticator.DigestAuthenticator</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>changeSessionIdOnAuthentication</code></td><td align="left" valign="center">
+ <p>Controls if the session ID is changed if a session exists at the
+ point where users are authenticated. This is to prevent session fixation
+ attacks. If not set, the default value of <code>true</code> will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>disableProxyCaching</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers but will also cause secured pages to be
+ cached by proxies which will almost certainly be a security issue.
+ <code>securePagesWithPragma</code> offers an alternative, secure,
+ workaround for browser caching issues. If not set, the default value of
+ <code>true</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>key</code></td><td align="left" valign="center">
+ <p>The secret key used by digest authentication. If not set, a secure
+ random value is generated. This should normally only be set when it is
+ necessary to keep key values constant either across server restarts
+ and/or across a cluster.</p>
+ </td></tr><tr><td align="left" valign="center"><code>nonceCacheSize</code></td><td align="left" valign="center">
+ <p>To protect against replay attacks, the DIGEST authenticator tracks
+ server nonce and nonce count values. This attribute controls the size
+ of that cache. If not specified, the default value of 1000 is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>nonceValidity</code></td><td align="left" valign="center">
+ <p>The time, in milliseconds, that a server generated nonce will be
+ considered valid for use in authentication. If not specified, the
+ default value of 300000 (5 minutes) will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>opaque</code></td><td align="left" valign="center">
+ <p>The opaque server string used by digest authentication. If not set, a
+ random value is generated. This should normally only be set when it is
+ necessary to keep opaque values constant either across server restarts
+ and/or across a cluster.</p>
+ </td></tr><tr><td align="left" valign="center"><code>securePagesWithPragma</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers by using
+ <code>Cache-Control: private</code> rather than the default of
+ <code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
+ If not set, the default value of <code>true</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>validateUri</code></td><td align="left" valign="center">
+ <p>Should the URI be validated as required by RFC2617? If not specified,
+ the default value of <code>true</code> will be used. This should
+ normally only be set when Tomcat is located behind a reverse proxy and
+ the proxy is modifying the URI passed to Tomcat such that DIGEST
+ authentication always fails.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Form Authenticator Valve"><!--()--></a><a name="Form_Authenticator_Valve"><strong>Form Authenticator Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Form Authenticator Valve/Introduction"><!--()--></a><a name="Form_Authenticator_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Form Authenticator Valve</strong> is automatically added to
+ any <a href="context.html">Context</a> that is configured to use FORM
+ authentication.</p>
+
+ <p>If any non-default settings are required, the valve may be configured
+ within <a href="context.html">Context</a> element with the required
+ values.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Form Authenticator Valve/Attributes"><!--()--></a><a name="Form_Authenticator_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Form Authenticator Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.authenticator.FormAuthenticator</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>changeSessionIdOnAuthentication</code></td><td align="left" valign="center">
+ <p>Controls if the session ID is changed if a session exists at the
+ point where users are authenticated. This is to prevent session fixation
+ attacks. If not set, the default value of <code>true</code> will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>characterEncoding</code></td><td align="left" valign="center">
+ <p>Character encoding to use to read the username and password parameters
+ from the request. If not set, the encoding of the request body will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>disableProxyCaching</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers but will also cause secured pages to be
+ cached by proxies which will almost certainly be a security issue.
+ <code>securePagesWithPragma</code> offers an alternative, secure,
+ workaround for browser caching issues. If not set, the default value of
+ <code>true</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>securePagesWithPragma</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers by using
+ <code>Cache-Control: private</code> rather than the default of
+ <code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
+ If not set, the default value of <code>true</code> will be used.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Authenticator Valve"><!--()--></a><a name="SSL_Authenticator_Valve"><strong>SSL Authenticator Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Authenticator Valve/Introduction"><!--()--></a><a name="SSL_Authenticator_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>SSL Authenticator Valve</strong> is automatically added to
+ any <a href="context.html">Context</a> that is configured to use SSL
+ authentication.</p>
+
+ <p>If any non-default settings are required, the valve may be configured
+ within <a href="context.html">Context</a> element with the required
+ values.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Authenticator Valve/Attributes"><!--()--></a><a name="SSL_Authenticator_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>SSL Authenticator Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.authenticator.SSLAuthenticator</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>changeSessionIdOnAuthentication</code></td><td align="left" valign="center">
+ <p>Controls if the session ID is changed if a session exists at the
+ point where users are authenticated. This is to prevent session fixation
+ attacks. If not set, the default value of <code>true</code> will be
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>disableProxyCaching</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers but will also cause secured pages to be
+ cached by proxies which will almost certainly be a security issue.
+ <code>securePagesWithPragma</code> offers an alternative, secure,
+ workaround for browser caching issues. If not set, the default value of
+ <code>true</code> will be used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>securePagesWithPragma</code></td><td align="left" valign="center">
+ <p>Controls the caching of pages that are protected by security
+ constraints. Setting this to <code>false</code> may help work around
+ caching issues in some browsers by using
+ <code>Cache-Control: private</code> rather than the default of
+ <code>Pragma: No-cache</code> and <code>Cache-control: No-cache</code>.
+ If not set, the default value of <code>true</code> will be used.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="WebDAV Fix Valve"><!--()--></a><a name="WebDAV_Fix_Valve"><strong>WebDAV Fix Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="WebDAV Fix Valve/Introduction"><!--()--></a><a name="WebDAV_Fix_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>Microsoft operating systems have two WebDAV clients. One is used with
+ port 80, the other is used for all other ports. The implementation used with
+ port 80 does not adhere to the WebDAV specification and fails when trying to
+ communicate with the Tomcat WebDAV Servlet. This valve provides a fix for
+ this by forcing the use of the WebDAV implementation that works, even when
+ connecting via port 80.</p>
+
+ <p>This Valve may be used at the <code>Engine</code>, <code>Host</code> or
+ <code>Context</code> level as required. Normally, this Valve would be used
+ at the <code>Context</code> level.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="WebDAV Fix Valve/Attributes"><!--()--></a><a name="WebDAV_Fix_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>WebDAV Fix Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.WebdavFixValve</strong>.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Valve"><!--()--></a><a name="Remote_IP_Valve"><strong>Remote IP Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Valve/Introduction"><!--()--></a><a name="Remote_IP_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>Tomcat port of
+ <a href="http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html">mod_remoteip</a>,
+ this valve replaces the apparent client remote IP address and hostname for
+ the request with the IP address list presented by a proxy or a load balancer
+ via a request headers (e.g. "X-Forwarded-For").</p>
+
+ <p>Another feature of this valve is to replace the apparent scheme
+ (http/https), server port and <code>request.secure</code> with the scheme presented
+ by a proxy or a load balancer via a request header
+ (e.g. "X-Forwarded-Proto").</p>
+
+ <p>This Valve may be used at the <code>Engine</code>, <code>Host</code> or
+ <code>Context</code> level as required. Normally, this Valve would be used
+ at the <code>Engine</code> level.</p>
+
+ <p>If used in conjunction with Remote Address/Host valves then this valve
+ should be defined first to ensure that the correct client IP address is
+ presented to the Remote Address/Host valves.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Valve/Attributes"><!--()--></a><a name="Remote_IP_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Remote IP Valve</strong> supports the
+ following configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.RemoteIpValve</strong>.</p>
+ </td></tr><tr><td align="left" valign="center"><code>remoteIpHeader</code></td><td align="left" valign="center">
+ <p>Name of the HTTP Header read by this valve that holds the list of
+ traversed IP addresses starting from the requesting client. If not
+ specified, the default of <code>x-forwarded-for</code> is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>internalProxies</code></td><td align="left" valign="center">
+ <p>List of internal proxies' IP addresses as comma separated regular
+ expressions. If they appear in the <strong>remoteIpHeader</strong>
+ value, they will be trusted and will not appear in the
+ <strong>proxiesHeader</strong> value. If not specified the default value
+ of <code>10\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?,
+ 192\.168\.\d\d?\d?\.\d\d?\d?,
+ 169\.254\.\d\d?\d?\.\d\d?\d?,
+ 127\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?</code> will
+ be used.</p>
+ <p>
+ Note that the individual regular expressions <i>must not</i>
+ contain commas themselves, as the <code>internalProxies</code>
+ value is first split by commas, then parsed into separate regular
+ expression patterns.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>proxiesHeader</code></td><td align="left" valign="center">
+ <p>Name of the HTTP header created by this valve to hold the list of
+ proxies that have been processed in the incoming
+ <strong>remoteIpHeader</strong>. If not specified, the default of
+ <code>x-forwarded-by</code> is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>trustedProxies</code></td><td align="left" valign="center">
+ <p>List of trusted proxies' IP addresses as comma separated regular
+ expressions. If they appear in the <strong>remoteIpHeader</strong>
+ value, they will be trusted and will appear in the
+ <strong>proxiesHeader</strong> value. If not specified, no proxies will
+ be trusted.</p>
+ </td></tr><tr><td align="left" valign="center"><code>protocolHeader</code></td><td align="left" valign="center">
+ <p>Name of the HTTP Header read by this valve that holds the protocol
+ used by the client to connect to the proxy. If not specified, the
+ default of <code>null</code> is used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>protocolHeaderHttpsValue</code></td><td align="left" valign="center">
+ <p>Value of the <strong>protocolHeader</strong> to indicate that it is
+ an HTTPS request. If not specified, the default of <code>https</code> is
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>httpServerPort</code></td><td align="left" valign="center">
+ <p>Value returned by <code>ServletRequest.getServerPort()</code>
+ when the <strong>protocolHeader</strong> indicates <code>http</code>
+ protocol. If not specified, the default of <code>80</code> is
+ used.</p>
+ </td></tr><tr><td align="left" valign="center"><code>httpsServerPort</code></td><td align="left" valign="center">
+ <p>Value returned by <code>ServletRequest.getServerPort()</code>
+ when the <strong>protocolHeader</strong> indicates <code>https</code>
+ protocol. If not specified, the default of <code>443</code> is
+ used.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Stuck Thread Detection Valve"><!--()--></a><a name="Stuck_Thread_Detection_Valve"><strong>Stuck Thread Detection Valve</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Stuck Thread Detection Valve/Introduction"><!--()--></a><a name="Stuck_Thread_Detection_Valve/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>This valve allows to detect requests that take a long time to process, which might
+ indicate that the thread that is processing it is stuck.</p>
+ <p>When such a request is detected, the current stack trace of its thread is written
+ to Tomcat log with a WARN level.</p>
+ <p>The IDs and names of the stuck threads are available through JMX in the
+ <code>stuckThreadIds</code> and <code>stuckThreadNames</code> attributes.
+ The IDs can be used with the standard Threading JVM MBean
+ (<code>java.lang:type=Threading</code>) to retrieve other information
+ about each stuck thread.</p>
+
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Stuck Thread Detection Valve/Attributes"><!--()--></a><a name="Stuck_Thread_Detection_Valve/Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
+
+ <p>The <strong>Stuck Thread Detection Valve</strong> supports the
+ following configuration attributes:</p>
+
+ <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><strong><code>className</code></strong></td><td align="left" valign="center">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.StuckThreadDetectionValve</strong>.
+ </p>
+ </td></tr><tr><td align="left" valign="center"><code>threshold</code></td><td align="left" valign="center">
+ <p>Minimum duration in seconds after which a thread is considered stuck.
+ Default is 600 seconds. If set to 0, the detection is disabled.</p>
+ <p>Note: since the detection is done in the background thread of the Container
+ (Engine, Host or Context) declaring this Valve, the threshold should be higher
+ than the <code>backgroundProcessorDelay</code> of this Container.</p>
+ </td></tr></table>
+
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
+ Copyright © 1999-2014, Apache Software Foundation
+ </em></font></div></td></tr></table></body></html>
\ No newline at end of file