You can configure name-value pairs of data, where the name is a property key and the value is a string value that you can use to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available in the administrative console. The following is a list of some of the available Web container custom properties.
To specify Web container custom properties:
Following is a list of custom properties provided with the Application Server.
This property is only valid on the z/OS platform. Use the MutualAuthCBindCheck property to specify whether or not a client certificate should be resolved to a SAF principal. If this property is set to true, all SSL connections from a browser must have a client certificate, and the user ID associated with that client certificate must have RACF CONTROL authority for CB.BIND.servername. Regardless whether client certificate authentication is being used in a SSL connection or not, if these conditions are not met, the connection will be closed. Issue the following RACF command to give the user ID associated with that client certificate RACF CONTROL authority:
PERMIT CB.BIND.servername CLASS(CBIND) ID(clientCertUserid) ACCESS(CONTROL)
Data type | String |
Value | true or false |
Default | false |
Web application archive (WAR) files that are packaged using third-party tools cannot specify behavior for the services that are exposed by the Web container internal servlets. You can globally enable and disable internal servlets for all Web applications at the Web container level by creating name-value pairs such as:
Name | Value |
fileServingEnabled | true |
directoryBrowsingEnabled | true |
serveServletsByClassnameEnabled | true |
Settings that are defined in an assembly tool take precedence over the global settings that are set through the custom properties at the Web container level.
Web application deployment extensions continue to hold configuration information for the services that are provided by the internal servlets, and take precedence over the global settings that are set through the custom properties at the Web container level.
You must define unique values for the host and port on each application server. You cannot define the values of host and port as wild cards denoted by the asterisk symbol (*) when you enable the optimized communication between the Web services application and the Web container. Using wild cards indicate that the local Web container can handle Web services requests for all destinations.
When the serveServletsByClassnameEnabled property is enabled, it is possible to access servlets directly, resulting in a possible security exposure. Define the following custom property to disallow the use of the serveServletsByClassnameEnabled property across the entire application server level.
Name | Value |
com.ibm.ws.webcontainer.disallowserveservletsbyclassname | true |
The com.ibm.ws.webcontainer.donotservebyclassname custom property specifies a list of classes that cannot be served by the class name.
Name | Value |
com.ibm.ws.webcontainer.donotservebyclassname | A semi-colon delimited list of classes to be completely disallowed from being served by class name. |
The UTF-8 encoded URL feature, which provides UTF-8 encoded Uniform Resource Locators (URLs) to support the double-byte characters in URLs is enabled by default. You can prevent the Web container from explicitly decoding URLs in UTF-8 and have them use the ISO-8859 standard as per the current HTTP specification by using the following name-value pair:
Name | Value |
DecodeUrlAsUTF8 | false |
The servlet specification supports applications registering listeners for servlet-related events on an individual application basis through the web.xml descriptor. However, using the listeners custom property, a server can listen to servlet events across Web applications. To implement global listening, a listener is registered at the Web container level and is propagated to all of the installed and new Web applications. This global behavior of internal servlet listeners is controlled by the listeners custom property by using the following name-value pair format:
Name | Value |
listeners | listener_class |
The values for this property is a string specifying a comma separated list of listener classes. The listener supplied must implement standard listener classes from the Java™ Servlet API or IBM® listener extension classes.
The UseOracleBLOB custom property creates the HTTP session database table using the Binary Large Object (BLOB) data type for the medium column. This property increases performance of persistent sessions when Oracle databases are used. Due to an Oracle restriction, BLOB support requires use of the Oracle's oci database driver for more than 4000 bytes of data. You must also ensure that a new sessions table is created before the server is restarted by dropping your old sessions table or by changing the datasource definition to reference a database that does not contain a sessions table. To create a sessions table using the BLOB data type, use the following name-vaule pair:
Name | Value |
UseOracleBLOB | true |
The DebugSessionCrossover custom property enables code to perform additional checks to verify that only the session associated with the request is accessed or referenced. Messages are logged if any discrepancies are detected. To enable session data crossover detection, use the following name-value pair:
Name | Value |
DebugSessionCrossover | true |
See article, HTTP session problems, for additional information.
The com.ibm.wsspi.jsp.disableTldSearch custom property can be used to improve application startup time. By default, when an application starts, the JSP engine searches the application installation directories for the taglib descriptor (TLD) files. This search process might increase the startup time for large applications with a large number of files and directories. To disable this search process, use the following name-value pair:
Name | Value |
com.ibm.wsspi.jsp.disableTldSearch | true |
To improve performance, there is an optimized communication path between a Web services client application and a Web container that are located in the same application server process. Requests from the Web services client that are normally sent to the Web container using a network connection are delivered directly to the Web container using an optimized local path. The local path is available because the Web services client application and the Web container are running in the same process. This optimized communication path is disabled by default. Before enabling this property, make sure that wild cards are not specified for the Web container ports. Use specific ports for the web container when the optimized communication path is enabled. To enable the optimized communication path, use the following name-value pair:
Name | Value |
enableInProcessConnections | true |
You can enable the local communication path with the enableInProcessConnections custom property.
See article, Web services client to Web container optimized communication, for additional information.Before configuring this custom property, make sure that you are not using wild cards for host names in your Web container end points. Set this property to true in the Web container to enabled the optimized local communication path. When disabled, the Web services client and the Web container communicate using network transports.
WebSphere® Application Server 5.x accepts Uniform Resource Locators (URLs) without leading front slashes ( / ) and to preserve compatibility, You can set the custom property, prependSlashToResource to true. To ignore the specification and consider URLs without the leading front slash, use the following name-value pair:
Name | Value |
prependSlashToResource | true |
The custom property httpsIndicatorHeader manages HTTPS requests that are forwarded to an application server from an SSL offloader that is used in front of WebSphere Application Server. When an HTTPS request is received by a SSL offloader it is redirected over HTTP to an application server using WebSphere Application Server. The SSL offloader adds a header indicating the original request was over HTTP. The httpsIndicatorHeader property specifies the header name added by the SSL box. The application server checks this indicator to determine if SSL is required. If it determines the request is SSL over HTTP, an HTTPS scheme is chosen.
Name | Value |
httpsIndicatorHeader | Request header key name |
The custom property HttpSessionIdReuse determines whether the session manager can use the session ID sent from a browser to preserve session data across Web applications that are running in an environment that is not configured for session persistence. In a multi-JVM environment that is not configured for session persistence setting this property to true enables the session manager to use the same session information for all of a user's requests even if the Web applications that are handling these requests are governed by different JVMs. The default value for this property is false. To enable the session manager to use the session ID sent from a browser to preserve session data across Web applications that are running in an environment that is not configured for session persistence, use the following name-value pair:
Name | Value |
HttpSessionIdReuse | true |
trusthostheaderport = true com.ibm.ws.webcontainer.extractHostHeaderPort = true
Or you can set these properties as Web container custom properties in the administrative console using the following two sets of name-value pairs:
Name | Value |
com.ibm.ws.webcontainer.extractHostHeaderPort | true |
trusthostheaderport | true |
The JSP translation code was modified to handle escape characters and quotations properly when determining whether to evaluate an expression or to treat it as a literal string. To apply this behavior globally across all Web applications, add the following name-value pair as a Web container custom property:
Name | Value |
com.ibm.wsspi.jsp.evalQuotedAndEscapedExpression | true |
<jspAttributes xmi:id="JSPAttribute_1" name="evalQuotedAndEscapedExpression" value="true"/>The attribute id value must be unique.
If a JSP file contains an action and that property has not been set, the JSP engine returns null on WebSphere Application Server versions 6.0 and 6.1. However, in WebSphere Application Server version 5.1 an empty string is returned. This custom property was added to provide backwards compatibility. When it is set to true, the value returned on a call to jsp:getProperty is an empty string instead of null for versions 6.0 and 6.1.
Name | Value |
com.ibm.ws.jsp.getParameterReturnEmptyString | true |
A JSP engine parameter can be configured for different levels of JDK, but this requires that you set the jdkSourceLevel JSP attribute in the Web extension file for each Web module. However, you can use the com.ibm.ws.jsp.jdkSourceLevel custom property to set the JSP attribute globally using the Web container custom property. If this attribute is also defined in the Web extension file, the property defined in the Web extension file supersedes the custom property for that particular application. This custom property is not case sensitive. The default value is 13.
Name | Value |
com.ibm.ws.jsp.jdkSourceLevel | 13, 14, or 15 |
When processing a request, the Web container recognizes servlet mappings to "*" as the same as servlet mappings to "/*". To provide the same behavior with filter mapping, set the com.ibm.ws.webcontainer.mapFiltersToAsterisk custom property to true. Setting the com.ibm.ws.webcontainer.mapFiltersToAsterisk custom property to true causes the Web container to recognize filter mappings to "*" as a filter mapping to "/*" . This custom property is not case sensitive.
Name | Value |
com.ibm.ws.webcontainer.mapFiltersToAsterisk | true |
Name | Value |
com.ibm.ws.webcontainer.enableErrorExceptionTypeFirst | true |
You can enable file serving on a global level across a given application server by using the fileServingEnabled custom property. However, the fileServingEnabled property is overridden by the specific deployment information of each application. Therefore,, the current fileServingEnabled custom property only applies as a backup in case an application does not define the fileServingEnabled setting itself. To globally override this setting on a specific application server to prevent the application server from serving static files regardless of their individual deployment settings, set the Web container custom property com.ibm.ws.webcontainer.disallowAllFileServing to true to by using the following name-value pair:
Name | Value |
com.ibm.ws.webcontainer.disallowAllFileServing | true |
By default, the Web container uses asynchronous writes to write response data in chunks of up to the response buffer size. For larger responses that are greater than the response buffer size, the Web container continues to buffer response data into memory while waiting for an asynchronous write of a response data chunk to complete. This can result in part of a large response held in memory, which can lead to high memory usage and potentially an out of memory error. An application server hang may also occur when a server is simultaneously processing more requests than Web container defined threads.
If the com.ibm.ws.webcontainer.channelwritetype property is set to sync, synchronous writing is used, otherwise asynchronous writing is used by default. With synchronous writing, response data are written synchronously in chunks of up to the value of responsebuffersize and no response data are buffered into memory while waiting for a synchronous write of a response data chunk to complete. As a result, the approximate maximum amount of response data that is held in memory is equal to the responsebuffersize * number of Web container threads. The maximum number of requests that can be processed simultaneously by the Web container is limited by the number of Web container threads. Additional requests are queued, waiting for a request that is in process to complete.
The responsebuffersize Web container custom property defines the maximum amount of response data written by the Web container in a single chunk, and is 32k by default. As a result, it is used to change the number of writes needed by the Web container to send complete response data. However, if an application flushes response data, any response data held by the Web container is immediately written irrespective of the responsebuffersize.
Use the following name-value pair to write chunks of data using synchronous writes.
Name | Value |
com.ibm.ws.webcontainer.channelwritetype | sync |
If your requests normally are not bound by a response time limit, specify 0 for this property.
If you want to invalidate your sessions after a certain amount of time has elapsed, specify the appropriate positive integer for this property.
Name | Value |
ForceSessionInvalidationMultiple | 1 |
Typically, when a recursive error occurs in an application, the trace audit method sends the resulting exception message to the z/OS® system console. Because these messages are informational messages, and no response action is required, you might want this type of message sent to the error log file instead of to the z/OS system console.
You can set the com.ibm.ws.webcontainer.divertrecursiveexceptiontoerrorlog Web container custom property to true if you want to have error page exception messages sent to the error log file instead of to the z/OS system console.
Name | Value |
com.ibm.ws.webcontainer.divertrecursiveexceptiontoerrorlog | true |
Set the com.ibm.wsspi.jsp.convertAttrValueToString Web container custom property to true to convert start and end attributes of the repeat tag to strings before they are used.
Name | Value |
com.ibm.wsspi.jsp.convertAttrValueToString | true |
Set the com.ibm.wsspi.jsp.disableElCache Web container custom property to true to disable the commons-el expression cache if you are experiencing out of memory conditions because the hash maps are held by the expression evaluator.
Name | Value |
com.ibm.wsspi.jsp.disableElCache | true |
Set the com.ibm.ws.webcontainer.throwMissingJspException Web container custom property to true When set to true, a FileNotFoundException is created when a resource included by a JSP file is missing. If this property is not set to true, an error page is displayed.
Name | Value |
com.ibm.ws.webcontainer.throwMissingJspException | true |
When JavaServer Pages files (or user-defined JSP files) are complied in an environment that has multiple servants, the JSP container uses locking to prevent both servants from trying to concurrently compile the same JSP file. If two requests for a JSP need to be compiled at the same time, and are routed to separate servants, the JSP container locks the JSP file until the compilation for the first servant completes. If the second servant has to wait for more than 120 seconds for the lock to be released, the request for the JSP fails.
If you expect the compilation time for any of your JSP files to be more than 120 seconds, specify, in seconds, a value greater than 120 for the com.ibm.ws.jsp.zosFileLockRetrying custom property. The new setting should extend the wait time, such that the new wait time prevents a JSP request from failing in situations where two requests for the same JSP file need to be handled at approximately the same time, but the requests are routed to different servants.
Name | Default value |
com.ibm.ws.jsp.zosFileLockRetrying | 120 seconds |
If a servlet creates an exception, it is logged in the systemErr log file. For some applications, this is undesirable as it may fill up the log. In WebSphere Application Server Version 5, servlet exceptions are created but they are not logged in the systemErr log file. Beginning with WebSphere Application Server Version 6.0.2, all servlet exceptions are logged. You can use the following custom property to specify that the Web container does not log the servlet exceptions that are created in the systemErr file:
Name | Value |
com.ibm.ws.webcontainer.suppressServletExceptionLogging | true |
In WebSphere Application Server Version 5.1 processing of static files is performed by SimpleFileServlet which generates both SMF and PMI data. In Version 6.0.1, static files are handled by a file wrapper that does not generate SMF and PMI data for static files. Specify the following custom property to generate SMF and PMI data when serving the static files.
Name | Value |
com.ibm.ws.webcontainer.fileWrapperEvents | true |
When a recursive error occurs in an application, the exception message is logged by the trace audit method, which directs the message to the system console. However, the message needs to be logged in the error log instead. The Web container code was modified to redirect the exception message to the error log. Set the following Web container custom property to true to redirect an error exception page to the error log.
Name | Value |
com.ibm.ws.webcontainer.divertrecursiveexceptiontoerrorlog | true |
If a system application is the first to start, and the application attempts to load a global listener in a shared library that is associated with the server classloader, the application does not load that listener and prevents the listener from being loaded or invoked by a later non-system application. Set the com.ibm.ws.webcontainer.disableSystemAppGlobalListenerLoading custom property to true to prevent system applications from loading global listeners. When this property is set to true, the system application does not attempt to load the global listeners and later non-system applications can load them from a shared library associated with a server class loader.
Name | Value |
com.ibm.ws.webcontainer.disableSystemAppGlobalListenerLoading | true |
By default, when an application is stopped the Web container waits up to 60 seconds for each active request for a resource of that application to complete. You can now define the com.ibm.ws.webcontainer.ServletDestroyWaitTime Web container custom property to control the amount of time that the Web container waits for an active request to complete when the owning application is stopped.
Set the com.ibm.ws.webcontainer.ServletDestroyWaitTime custom property to an integer value, which specifies the number of seconds to wait for a request to complete. The default value is 60 seconds.
Name | Value |
com.ibm.ws.webcontainer.ServletDestroyWaitTime | integer |
During the translation phase of a tag file that is compiled, the JSP container implicitly uses the pageContext variable for the PageContext object. The use of the pageContext variable as an implicit variable name in tag files does not comply with the JSP Specification.
If compilation errors occur for applications that use a local pageContext variable in their tag file, set the com.ibm.wsspi.jsp.modifyPageContextVariable custom property totrue to remove the use of the pageContext variable name in the generated Java code for tag files.
Name | Value |
com.ibm.wsspi.jsp.modifyPageContextVariable | true |