Appendix A. Reference Material

A.1. Provided Undertow Handlers


For the complete list of handlers, you must check the source JAR file of the Undertow core in the version that matches the Undertow core in your JBoss EAP installation. You can download the Undertow core source JAR file from the JBoss EAP Maven Repository, and then refer to the available handlers in the /io/undertow/server/handlers/ directory.

You can verify the Undertow core version used in your current installation of JBoss EAP by searching the server.log file for the INFO message that is printed during JBoss EAP server startup, similar to the one shown in the example below:

INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0003: Undertow 1.4.18.Final-redhat-1 starting

Class Name: io.undertow.server.handlers.AccessControlListHandler

Name: access-control

Handler that can accept or reject a request based on an attribute of the remote peer.

Table A.1. Parameters



ACL rules. This parameter is required.


Exchange attribute string. This parameter is required.


Boolean specifying whether handler accepts or rejects a request by default. Defaults to false.


Class Name: io.undertow.server.handlers.accesslog.AccessLogHandler

Name: access-log

Access log handler. This handler generates access log messages based on the provided format string and pass these messages into the provided AccessLogReceiver.

This handler can log any attribute that is provides via the ExchangeAttribute mechanism.

This factory produces token handlers for the following patterns.

Table A.2. Patterns



Remote IP address


Local IP address


Bytes sent, excluding HTTP headers or - if no bytes were sent


Bytes sent, excluding HTTP headers


Remote host name


Request protocol


Remote logical username from identd (always returns -)


Request method


Local port


Query string (excluding the ? character)


First line of the request


HTTP status code of the response


Date and time, in Common Log Format format


Remote user that was authenticated


Requested URL path


Local server name


Time taken to process the request, in milliseconds


Time taken to process the request, in seconds


Current Request thread name (can compare later with stack traces)


%h %l %u %t "%r" %s %b


%h %l %u %t "%r" %s %b "%{i,Referer}" "%{i,User-Agent}"

There is also support to write information from the cookie, incoming header, or the session.

It is modeled after the Apache syntax:

  • %{i,xxx} for incoming headers
  • %{o,xxx} for outgoing response headers
  • %{c,xxx} for a specific cookie
  • %{r,xxx} where xxx is an attribute in the ServletRequest
  • %{s,xxx} where xxx is an attribute in the HttpSession

Table A.3. Parameters



Format used to generate the log messages. This is the default parameter.


Handler that whitelists certain HTTP methods. Only requests with a method in the allowed methods set are allowed to continue.

Class Name: io.undertow.server.handlers.AllowedMethodsHandler

Name: allowed-methods

Table A.4. Parameters



Methods to allow, for example GET, POST, PUT, and so on. This is the default parameter.


An HttpHandler that initiates a blocking request. If the thread is currently running in the I/O thread it is dispatched.

Class Name: io.undertow.server.handlers.BlockingHandler

Name: blocking

This handler has no parameters.


Handler for range requests. This is a generic handler that can handle range requests to any resource of a fixed content length, for example, any resource where the content-length header has been set. This is not necessarily the most efficient way to handle range requests, as the full content is generated and then discarded. At present this handler can only handle simple, single range requests. If multiple ranges are requested the Range header is ignored.

Class Name: io.undertow.server.handlers.ByteRangeHandler

Name: byte-range

Table A.5. Parameters



Boolean value on whether or not to send accept ranges. This is the default parameter.


This handler transforms a relative path to a canonical path.

Class Name: io.undertow.server.handlers.CanonicalPathHandler

Name: canonical-path

This handler has no parameters.


Handler that disables response caching by browsers and proxies.

Class Name: io.undertow.server.handlers.DisableCacheHandler

Name: disable-cache

This handler has no parameters.


Handler that blacklists certain HTTP methods.

Class Name: io.undertow.server.handlers.DisallowedMethodsHandler

Name: disallowed-methods

Table A.6. Parameters



Methods to disallow, for example GET, POST, PUT, and so on. This is the default parameter.


This handler serves as the basis for content encoding implementations. Encoding handlers are added as delegates to this handler, with a specified server side priority.

The q value will be used to determine the correct handler. If a request comes in with no q value then the server picks the handler with the highest priority as the encoding to use.

If no handler matches then the identity encoding is assumed. If the identity encoding has been specifically disallowed due to a q value of 0 then the handler sets the response code 406 (Not Acceptable) and returns.

Class Name: io.undertow.server.handlers.encoding.EncodingHandler

Name: compress

This handler has no parameters.


Handler that serves up a file from disk to serve as an error page. This handler does not serve up any response codes by default, you must configure the response codes it responds to.

Class Name: io.undertow.server.handlers.error.FileErrorPageHandler

Name: error-file

Table A.7. Parameters



Location of file to serve up as an error page.


List of response codes that result in a redirect to the defined error page file.


A handler that handles HTTP trace requests.

Class Name: io.undertow.server.handlers.HttpTraceHandler

Name: trace

This handler has no parameters.


Handler that can accept or reject a request based on the IP address of the remote peer.

Class Name: io.undertow.server.handlers.IPAddressAccessControlHandler

Name: ip-access-control

Table A.8. Parameters



String representing the access control list. This is the default parameter.


Integer representing the status code to return on rejected requests.


Boolean representing whether or not to allow by default.


Class Name: io.undertow.server.handlers.JDBCLogHandler

Name: jdbc-access-log

Table A.9. Parameters



Specifies the JDBC Log pattern. Default value is common. You can also use combined, which adds the VirtualHost, request method, referrer, and user agent information to the log message.


Name of the datasource to log. This parameter is required and is the default parameter.


Table name.


Remote Host address.




















Handler that builds up a cache of resources that a browser requests, and uses server push to push them when supported.

Class Name: io.undertow.server.handlers.LearningPushHandler

Name: learning-push

Table A.10. Parameters



Integer representing the maximum time of a cache entry.


Integer representing the maximum number of cache entries


A handler that performs DNS lookup to resolve a local address. Unresolved local address can be created when a front end server has sent a X-forwarded-host header or AJP is in use.

Class Name: io.undertow.server.handlers.LocalNameResolvingHandler

Name: resolve-local-name

This handler has no parameters.


A handler that translates non-slash separator characters in the URL into a slash. In general this will translate backslash into slash on Windows systems.

Class Name: io.undertow.server.handlers.PathSeparatorHandler

Name: path-separator

This handler has no parameters.


A handler that performs reverse DNS lookup to resolve a peer address.

Class Name: io.undertow.server.handlers.PeerNameResolvingHandler

Name: resolve-peer-name

This handler has no parameters.


Handler that sets the peer address to the value of the X-Forwarded-For header. This should only be used behind a proxy that always sets this header, otherwise it is possible for an attacker to forge their peer address.

Class Name: io.undertow.server.handlers.ProxyPeerAddressHandler

Name: proxy-peer-address

This handler has no parameters.


A redirect handler that redirects to the specified location via a 302 redirect. The location is specified as an exchange attribute string.

Class Name: io.undertow.server.handlers.RedirectHandler

Name: redirect

Table A.11. Parameters



Destination for the redirect. This is the default parameter.


Handler that buffers all request data.

Class Name: io.undertow.server.handlers.RequestBufferingHandler

Name: buffer-request

Table A.12. Parameters



Integer that defines the maximum number of buffers. This is the default parameter.


Handler that dumps an exchange to a log.

Class Name: io.undertow.server.handlers.RequestDumpingHandler

Name: dump-request

This handler has no parameters.


A handler that limits the maximum number of concurrent requests. Requests beyond the limit will block until the previous request is complete.

Class Name: io.undertow.server.handlers.RequestLimitingHandler

Name: request-limit

Table A.13. Parameters



Integer that represents the maximum number of concurrent requests. This is the default parameter and is required.


A handler for serving resources.

Class Name: io.undertow.server.handlers.resource.ResourceHandler

Name: resource

Table A.14. Parameters



Location of resources. This is the default parameter and is required.


Boolean value to determine whether or not to allow directory listings.


Handler that limits the download rate to a set number of bytes/time.

Class Name: io.undertow.server.handlers.ResponseRateLimitingHandler

Name: response-rate-limit

Table A.15. Parameters



Number of bytes to limit the download rate. This parameter is required.


Time in seconds to limit the download rate. This parameter is required.


A handler that sets a fixed response header.

Class Name: io.undertow.server.handlers.SetHeaderHandler

Name: header

Table A.16. Parameters



Name of header attribute. This parameter is required.


Value of header attribute. This parameter is required.


Handler that sets SSL information on the connection based on the following headers:


If this handler is present in the chain it always overrides the SSL session information, even if these headers are not present.

This handler must only be used on servers that are behind a reverse proxy, where the reverse proxy has been configured to always set these headers for every request or to strip existing headers with these names if no SSL information is present. Otherwise it might be possible for a malicious client to spoof an SSL connection.

Class Name: io.undertow.server.handlers.SSLHeaderHandler

Name: ssl-headers

This handler has no parameters.


This handler detects requests that take a long time to process, which might indicate that the thread that is processing it is stuck.

Class Name: io.undertow.server.handlers.StuckThreadDetectionHandler

Name: stuck-thread-detector

Table A.17. Parameters



Integer value in seconds that determines the threshold for how long a request should take to process. Default value is 600 (10 minutes). This is the default parameter.


A handler that decodes the URL and query parameters to the specified charset. If you are using this handler you must set the UndertowOptions.DECODE_URL parameter to false.

This is not as efficient as using the parser’s built in UTF-8 decoder. Unless you need to decode to something other than UTF-8 you should rely on the parsers decoding instead.

Class Name: io.undertow.server.handlers.URLDecodingHandler

Name: url-decoding

Table A.18. Parameters



Charset to decode. This is the default parameter and it is required.

A.2. Persistence Unit Properties

Persistence unit definition supports the following properties, which can be configured from the persistence.xml file.


Name of the persistence provider module. Default is org.hibernate. Should be the application name if a persistence provider is packaged with the application.

Name of the integration classes that help JBoss EAP to work with the persistence provider.

Class name of the integration adapter.

Set to false to disable container-managed JPA access to the persistence unit. The default is true.

Set to false to disable class transformers for the persistence unit. The default is true, which allows class transforming.

Hibernate also needs persistence unit property hibernate.ejb.use_class_enhancer to be true for class transforming to be enabled.

Specify the qualified application-scoped persistence unit name to be used. By default, this is set to the application name and persistence unit name, collectively. The hibernate.cache.region_prefix defaults to whatever you set to. Make sure you set the value to a value not already in use by other applications deployed on the same application server instance.

Controls whether transaction-scoped persistence context used in non-JTA transaction thread, will detach loaded entities after each EntityManager invocation or when the persistence context is closed. The default value is false. If set to true, the detach is deferred until the context is closed.


Set to true to choose the default persistence unit in an application. This is useful if you inject a persistence context without specifying the unitName, but have multiple persistence units specified in your persistence.xml file.


Persistence providers allow a two-phase persistence unit bootstrap, which improves JPA integration with CDI. Setting the wildfly.jpa.twophasebootstrap value to false disables the two-phase bootstrap for the persistence unit that contains the value.


Set to false to prevent persistence unit from using the default datasource. The default value is true. This is only important for persistence units that do not specify a datasource.

Controls which version of Hibernate Search to include on the classpath. The default is auto; other valid values are none or a full module identifier to use an alternative version.

A.3. Policy Provider Properties

Table A.19. policy-provider Attributes



A custom policy provider definition.


A policy provider definition that sets up JACC and related services.

Table A.20. custom-policy Attributes



The name of a implementation referencing a policy provider.


The name of the module to load the provider from.

Table A.21. jacc-policy Attributes



The name of a implementation referencing a policy provider.


The name of a implementation referencing a policy configuration factory provider.


The name of the module to load the provider from.

A.4. Java EE 8 Profiles and Technologies Reference

The following tables list the Java EE 8 technologies and JSRs by category and note whether they are included in the Web Profile or Full Platform profiles.

See Java™ EE 8 Technologies for the complete list of Java EE 8 APIs.

Table A.22. Java EE 8 Web Application Technologies

TechnologyJSRWeb ProfileFull Platform

Java API for WebSocket 1.1

JSR 356

Java API for JSON Binding 1.0

JSR 367

Java API for JSON Processing 1.1

JSR 374

Java Servlet 4.0

JSR 369

JavaServer Faces 2.3

JSR 372

Expression Language 3.0

JSR 341

JavaServer Pages 2.3

JSR 245

Standard Tag Library for JavaServer Pages (JSTL) 1.2 1

JSR 52

1 Additional Standard Tag Library (JSTL) information:


A known security risk in JBoss EAP exists where the Java Standard Tag Library (JSTL) allows the processing of external entity references in untrusted XML documents which could access resources on the host system and, potentially, allow arbitrary code execution.

To avoid this, the JBoss EAP server has to be run with system property org.apache.taglibs.standard.xml.accessExternalEntity correctly set, usually with an empty string as value. This can be done in two ways:

  • Configuring the system properties and restarting the server.

  • Passing -Dorg.apache.taglibs.standard.xml.accessExternalEntity="" as an argument to the or scripts.

Table A.23. Java EE 8 Enterprise Application Technologies

TechnologyJSRWeb ProfileFull Platform

Batch Applications for the Java Platform 1.0

JSR 352


Concurrency Utilities for Java EE 1.0

JSR 236


Contexts and Dependency Injection for Java 2.0

JSR 365

Dependency Injection for Java 1.0

JSR 330

Bean Validation 2.0

JSR 380

Managed Beans 1.0


Enterprise JavaBeans 3.2

JSR 345


Interceptors 1.2

JSR 318

Java EE Connector Architecture 1.7

JSR 322


Java Persistence 2.2

JSR 338

Common Annotations for the Java Platform 1.3

JSR 250


Java Message Service API 2.0

JSR 343


Java Transaction API (JTA) 1.2

JSR 907

JavaMail 1.6

JSR 919


Table A.24. Java EE 8 Web Services Technologies

TechnologyJSRWeb ProfileFull Platform

Java API for RESTful Web Services (JAX-RS) 2.1

JSR 370


Implementing Enterprise Web Services 1.3

JSR 109


Web Services Metadata for the Java Platform 2.1

JSR 181


Java API for XML-Based RPC (JAX-RPC) 1.1 (Optional)

JSR 101


Java API for XML Registries (JAXR) 1.0 (Optional)

JSR 93


Table A.25. Java EE 8 Management and Security Technologies

TechnologyJSRWeb ProfileFull Platform

Java EE Security API 1.0

JSR 375

Java Authentication Service Provider Interface for Containers 1.1

JSR 196

Java Authorization Contract for Containers 1.5

JSR 115


Java EE Application Deployment 1.2 (Optional)

JSR 88


J2EE Management 1.1

JSR 77


Debugging Support for Other Languages 1.0

JSR 45


Revised on 2019-09-26 10:38:51 UTC