<!--

    Copyright (c) 2012, 2021 Oracle and/or its affiliates. All rights reserved.

    This program and the accompanying materials are made available under the
    terms of the Eclipse Public License v. 2.0, which is available at
    http://www.eclipse.org/legal/epl-2.0.

    This Source Code may also be made available under the following Secondary
    Licenses when the conditions for such availability set forth in the
    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
    version 2 with the GNU Classpath Exception, which is available at
    https://www.gnu.org/software/classpath/license.html.

    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0

-->

<domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="10.0">
<security-configurations>
    <authentication-service default="true" name="adminAuth" use-password-credential="true">
      <security-provider name="spcrealm" type="LoginModule" provider-name="adminSpc">
        <login-module-config name="adminSpecialLM" control-flag="sufficient" module-class="com.sun.enterprise.admin.util.AdminLoginModule">
          <property name="config" value="server-config"></property>
          <property name="auth-realm" value="admin-realm"></property>
        </login-module-config>
      </security-provider>
      <security-provider name="filerealm" type="LoginModule" provider-name="adminFile">
        <login-module-config name="adminFileLM" control-flag="sufficient" module-class="com.sun.enterprise.security.auth.login.FileLoginModule">
          <property name="config" value="server-config"></property>
          <property name="auth-realm" value="admin-realm"></property>
        </login-module-config>
      </security-provider>
    </authentication-service>
    <authorization-service default="true" name="authorizationService">
      <security-provider name="simpleAuthorization" type="Simple" provider-name="simpleAuthorizationProvider">
        <authorization-provider-config support-policy-deploy="false" name="simpleAuthorizationProviderConfig"></authorization-provider-config>
      </security-provider>
    </authorization-service>
  </security-configurations>
  <system-applications />
  <resources>
    <jdbc-resource pool-name="__TimerPool" jndi-name="jdbc/__TimerPool" object-type="system-all" />
    <jdbc-resource pool-name="DerbyPool" jndi-name="jdbc/__default" object-type="system-all-req" />
    <jdbc-connection-pool name="__TimerPool" datasource-classname="org.apache.derby.jdbc.EmbeddedXADataSource" res-type="javax.sql.XADataSource">
      <property value="${com.sun.aas.instanceRoot}/lib/databases/ejbtimer" name="databaseName" />
      <property value=";create=true" name="connectionAttributes" />
    </jdbc-connection-pool>
    <jdbc-connection-pool is-isolation-level-guaranteed="false" name="DerbyPool" datasource-classname="org.apache.derby.jdbc.ClientDataSource" res-type="javax.sql.DataSource">
      <property value="1527" name="PortNumber" />
      <property value="APP" name="Password" />
      <property value="APP" name="User" />
      <property value="localhost" name="serverName" />
      <property value="sun-appserv-samples" name="DatabaseName" />
      <property value=";create=true" name="connectionAttributes" />
    </jdbc-connection-pool>
  </resources>
  <servers>
    <server name="%%%SERVER_ID%%%" config-ref="%%%CONFIG_MODEL_NAME%%%">
      <resource-ref ref="jdbc/__TimerPool" />
      <resource-ref ref="jdbc/__default" />
    </server>
  </servers>
  <nodes>
    <node name="localhost-%%%DOMAIN_NAME%%%" type="CONFIG" node-host="localhost" install-dir="${com.sun.aas.productRoot}"/>
  </nodes>
 <configs>
   <config name="%%%CONFIG_MODEL_NAME%%%">
      <!--%%%TOKENS_HERE%%%-->
      <!--%%%PORT_BASE%%%-->
      <http-service>
        <access-log/>
        <virtual-server id="server" network-listeners="http-listener-1,http-listener-2"/>
        <virtual-server id="__asadmin" network-listeners="admin-listener"/>
      </http-service>
      <iiop-service>
        <orb use-thread-pool-ids="thread-pool-1" />
        <iiop-listener address="0.0.0.0" port="%%%ORB_LISTENER_PORT%%%" id="orb-listener-1" lazy-init="true"/>
        <iiop-listener security-enabled="true" address="0.0.0.0" port="%%%ORB_SSL_PORT%%%" id="SSL">
          <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" />
        </iiop-listener>
        <iiop-listener security-enabled="true" address="0.0.0.0" port="%%%ORB_MUTUALAUTH_PORT%%%" id="SSL_MUTUALAUTH">
          <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true" />
        </iiop-listener>
      </iiop-service>
      <admin-service auth-realm-name="admin-realm" type="das-and-server" system-jmx-connector-name="system">
        <jmx-connector auth-realm-name="admin-realm" security-enabled="false" address="0.0.0.0" port="%%%JMX_SYSTEM_CONNECTOR_PORT%%%" name="system" />
        <property value="/admin" name="adminConsoleContextRoot" />
        <property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
        <property value="${com.sun.aas.installRoot}/.." name="ipsRoot" />
      </admin-service>
      <connector-service shutdown-timeout-in-seconds="30">
      </connector-service>
       <transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" />
       <diagnostic-service />
      <security-service>
        <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
          <property value="${com.sun.aas.instanceRoot}/config/admin-keyfile" name="file" />
          <property value="fileRealm" name="jaas-context" />
        </auth-realm>
        <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
          <property value="${com.sun.aas.instanceRoot}/config/keyfile" name="file" />
          <property value="fileRealm" name="jaas-context" />
        </auth-realm>
        <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
        <jacc-provider policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory" policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="default">
          <property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
        </jacc-provider>
        <jacc-provider policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory" policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="simple" />
        <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
          <property value="false" name="auditOn" />
        </audit-module>
        <message-security-config auth-layer="SOAP">
          <provider-config provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
            <request-policy auth-source="content" />
            <response-policy auth-source="content" />
            <property value="s1as" name="encryption.key.alias" />
            <property value="s1as" name="signature.key.alias" />
            <property value="false" name="dynamic.username.password" />
            <property value="false" name="debug" />
          </provider-config>
          <provider-config provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
            <request-policy auth-source="content" />
            <response-policy auth-source="content" />
            <property value="s1as" name="encryption.key.alias" />
            <property value="s1as" name="signature.key.alias" />
            <property value="false" name="dynamic.username.password" />
            <property value="false" name="debug" />
            <property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
          </provider-config>
          <provider-config provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
            <request-policy auth-source="content" />
            <response-policy auth-source="content" />
            <property value="s1as" name="encryption.key.alias" />
            <property value="s1as" name="signature.key.alias" />
            <property value="false" name="debug" />
          </provider-config>
          <provider-config provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
            <request-policy auth-source="content" />
            <response-policy auth-source="content" />
            <property value="s1as" name="encryption.key.alias" />
            <property value="s1as" name="signature.key.alias" />
            <property value="false" name="debug" />
            <property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
          </provider-config>
        </message-security-config>
        <message-security-config auth-layer="HttpServlet">
            <provider-config provider-type="server" provider-id="GFConsoleAuthModule" class-name="org.glassfish.admingui.common.security.AdminConsoleAuthModule">
                <request-policy auth-source="sender"></request-policy>
                <response-policy></response-policy>
                <property name="loginPage" value="/login.jsf"></property>
                <property name="loginErrorPage" value="/loginError.jsf"></property>
            </provider-config>
        </message-security-config>
        <property value="SHA-256" name="default-digest-algorithm" />
      </security-service>
      <java-config classpath-suffix="" system-classpath="" debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:%%%JAVA_DEBUGGER_PORT%%%">
        <jvm-options>-Djava.awt.headless=true</jvm-options>
        <jvm-options>-Djdk.corba.allowOutputStreamSubclass=true</jvm-options>
        <jvm-options>-Djdk.tls.rejectClientInitiatedRenegotiation=true</jvm-options>
        <jvm-options>-Djavax.xml.accessExternalSchema=all</jvm-options>
        <jvm-options>-Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder</jvm-options>
        <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
        <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
        <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
        <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
        <jvm-options>-Xmx512m</jvm-options>
        <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
        <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
        <jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options>
        <jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
        <jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options>
        <!-- Configure post startup bundle list here. This is a comma separated list of bundle sybolic names. -->
        <jvm-options>-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall</jvm-options>
        <!-- Configuration of various third-party OSGi bundles like
             Felix Remote Shell, FileInstall, etc. -->
        <!-- Port on which remote shell listens for connections.-->
        <jvm-options>-Dosgi.shell.telnet.port=%%%OSGI_SHELL_TELNET_PORT%%%</jvm-options>
        <!-- How many concurrent users can connect to this remote shell -->
        <jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
        <!-- From which hosts users can connect -->
        <jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
        <!-- Gogo shell configuration -->
        <jvm-options>-Dgosh.args=--nointeractive</jvm-options>
        <!-- Directory being watched by fileinstall. -->
        <jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
        <!-- Time period fileinstaller thread in ms. -->
        <jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
        <!-- log level: 1 for error, 2 for warning, 3 for info and 4 for debug. -->
        <jvm-options>-Dfelix.fileinstall.log.level=2</jvm-options>
        <!-- should new bundles be started or installed only?
             true => start, false => only install
        -->
        <jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
        <!-- should watched bundles be started transiently or persistently -->
        <jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options>
        <!-- Should changes to configuration be saved in corresponding cfg file? false: no, true: yes
             If we don't set false, everytime server starts from clean osgi cache, the file gets rewritten.
        -->
        <jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options>
        <!-- End of OSGi bundle configurations -->

        <!-- For ORB compatibility with JDK11+ JDKs see https://github.com/eclipse-ee4j/orb-gmbal/issues/22 -->
        <jvm-options>-Dorg.glassfish.gmbal.no.multipleUpperBoundsException=true</jvm-options>

        <!-- Woodstox property needed to pass StAX TCK -->
        <jvm-options>-Dcom.ctc.wstx.returnNullForDefaultNamespace=true</jvm-options>

        <jvm-options>-XX:NewRatio=2</jvm-options>
        <jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
        <jvm-options>--add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED</jvm-options>
        <jvm-options>--add-opens=java.base/sun.net.www.protocol.jrt=ALL-UNNAMED</jvm-options>
        <jvm-options>--add-opens=java.base/java.lang=ALL-UNNAMED</jvm-options>
        <jvm-options>--add-opens=java.base/java.util=ALL-UNNAMED</jvm-options>
        <jvm-options>--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED</jvm-options>
        <jvm-options>--add-opens=java.naming/javax.naming.spi=ALL-UNNAMED</jvm-options>
        <jvm-options>--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
      </java-config>
      <network-config>
        <protocols>
          <protocol name="http-listener-1">
            <http default-virtual-server="server" max-connections="250">
              <file-cache enabled="false"></file-cache>
            </http>
          </protocol>
          <protocol security-enabled="true" name="http-listener-2">
            <http default-virtual-server="server" max-connections="250">
              <file-cache enabled="false"></file-cache>
            </http>
            <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as"></ssl>
          </protocol>
          <protocol name="admin-listener">
            <http default-virtual-server="__asadmin" max-connections="250" encoded-slash-enabled="true" >
              <file-cache enabled="false"></file-cache>
            </http>
          </protocol>
        </protocols>
        <network-listeners>
          <network-listener port="%%%HTTP_PORT%%%" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool"></network-listener>
          <network-listener port="%%%HTTP_SSL_PORT%%%" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool"></network-listener>
          <network-listener port="%%%ADMIN_PORT%%%" protocol="admin-listener" transport="tcp" name="admin-listener" thread-pool="admin-thread-pool"></network-listener>
        </network-listeners>
        <transports>
          <transport name="tcp"></transport>
        </transports>
      </network-config>
      <thread-pools>
          <thread-pool name="admin-thread-pool" max-thread-pool-size="50" max-queue-size="256"></thread-pool>
          <thread-pool name="http-thread-pool" max-queue-size="4096"></thread-pool>
          <thread-pool name="thread-pool-1" max-thread-pool-size="200"/>
      </thread-pools>
    </config>
     <config name="default-config" dynamic-reconfiguration-enabled="true" >
         <http-service>
             <access-log/>
             <virtual-server id="server" network-listeners="http-listener-1, http-listener-2" >
                 <property name="default-web-xml" value="${com.sun.aas.instanceRoot}/config/default-web.xml"/>
             </virtual-server>
             <virtual-server id="__asadmin" network-listeners="admin-listener" />
         </http-service>
         <iiop-service>
             <orb use-thread-pool-ids="thread-pool-1" />
             <iiop-listener port="${IIOP_LISTENER_PORT}" id="orb-listener-1" address="0.0.0.0" />
             <iiop-listener port="${IIOP_SSL_LISTENER_PORT}" id="SSL" address="0.0.0.0" security-enabled="true">
                 <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" />
             </iiop-listener>
             <iiop-listener port="${IIOP_SSL_MUTUALAUTH_PORT}" id="SSL_MUTUALAUTH" address="0.0.0.0" security-enabled="true">
                 <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true" />
             </iiop-listener>
         </iiop-service>
         <admin-service system-jmx-connector-name="system" type="server">
             <!-- JSR 160  "system-jmx-connector" -->
             <jmx-connector address="0.0.0.0" auth-realm-name="admin-realm" name="system" port="${JMX_SYSTEM_CONNECTOR_PORT}" protocol="rmi_jrmp" security-enabled="false"/>
             <!-- JSR 160  "system-jmx-connector" -->
             <property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
         </admin-service>
         <connector-service shutdown-timeout-in-seconds="30">
         </connector-service>
         <web-container>
             <session-config>
                 <session-manager>
                     <manager-properties/>
                     <store-properties />
                 </session-manager>
                 <session-properties />
             </session-config>
         </web-container>
         <ejb-container session-store="${com.sun.aas.instanceRoot}/session-store">
             <ejb-timer-service />
         </ejb-container>
         <mdb-container />
         <jms-service type="EMBEDDED" default-jms-host="default_JMS_host" addresslist-behavior="priority">
             <jms-host name="default_JMS_host" host="localhost" port="${JMS_PROVIDER_PORT}" admin-user-name="admin" admin-password="admin" lazy-init="true"/>
         </jms-service>
         <log-service log-rotation-limit-in-bytes="2000000" file="${com.sun.aas.instanceRoot}/logs/server.log">
             <module-log-levels />
         </log-service>
         <security-service>
             <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
                 <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile" />
                 <property name="jaas-context" value="fileRealm" />
             </auth-realm>
             <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
                 <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile" />
                 <property name="jaas-context" value="fileRealm" />
             </auth-realm>
             <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
             <jacc-provider policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="default" policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory">
                 <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
             </jacc-provider>
             <jacc-provider policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory" />
             <audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
                 <property value="false" name="auditOn" />
             </audit-module>
             <message-security-config auth-layer="SOAP">
                 <provider-config provider-type="client" provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
                     <request-policy auth-source="content" />
                     <response-policy auth-source="content" />
                     <property name="encryption.key.alias" value="s1as" />
                     <property name="signature.key.alias" value="s1as" />
                     <property name="dynamic.username.password" value="false" />
                     <property name="debug" value="false" />
                 </provider-config>
                 <provider-config provider-type="client" provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule">
                     <request-policy auth-source="content" />
                     <response-policy auth-source="content" />
                     <property name="encryption.key.alias" value="s1as" />
                     <property name="signature.key.alias" value="s1as" />
                     <property name="dynamic.username.password" value="false" />
                     <property name="debug" value="false" />
                     <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" />
                 </provider-config>
                 <provider-config provider-type="server" provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule">
                     <request-policy auth-source="content" />
                     <response-policy auth-source="content" />
                     <property name="encryption.key.alias" value="s1as" />
                     <property name="signature.key.alias" value="s1as" />
                     <property name="debug" value="false" />
                 </provider-config>
                 <provider-config provider-type="server" provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule">
                     <request-policy auth-source="content" />
                     <response-policy auth-source="content" />
                     <property name="encryption.key.alias" value="s1as" />
                     <property name="signature.key.alias" value="s1as" />
                     <property name="debug" value="false" />
                     <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" />
                 </provider-config>
             </message-security-config>
         </security-service>
         <transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" automatic-recovery="true" />
         <diagnostic-service />
         <java-config debug-options="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:${JAVA_DEBUGGER_PORT}" system-classpath="" classpath-suffix="">
             <jvm-options>-server</jvm-options>
             <jvm-options>-Djava.awt.headless=true</jvm-options>
             <jvm-options>-Djdk.corba.allowOutputStreamSubclass=true</jvm-options>
             <jvm-options>-Djdk.tls.rejectClientInitiatedRenegotiation=true</jvm-options>
             <jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
             <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
             <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
             <jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
             <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
             <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
             <jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options>
             <jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
             <jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options>
             <jvm-options>-XX:NewRatio=2</jvm-options>
             <jvm-options>-Xmx512m</jvm-options>
             <!-- Configure post startup bundle list here. This is a comma separated list of bundle sybolic names.
                  The remote shell bundle has been disabled for cluster and remote instances. -->
             <jvm-options>-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.fileinstall</jvm-options>
             <!-- Port on which remote shell listens for connections.-->
             <jvm-options>-Dosgi.shell.telnet.port=${OSGI_SHELL_TELNET_PORT}</jvm-options>
             <!-- How many concurrent users can connect to this remote shell -->
             <jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
             <!-- From which hosts users can connect -->
             <jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
             <!-- Gogo shell configuration -->
             <jvm-options>-Dgosh.args=--noshutdown -c noop=true</jvm-options>
             <!-- Directory being watched by fileinstall. -->
             <jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
             <!-- Time period fileinstaller thread in ms. -->
             <jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
             <!-- log level: 1 for error, 2 for warning, 3 for info and 4 for debug. -->
             <jvm-options>-Dfelix.fileinstall.log.level=3</jvm-options>
             <!-- should new bundles be started or installed only?
                 true => start, false => only install
             -->
             <jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
             <!-- should watched bundles be started transiently or persistently -->
             <jvm-options>-Dfelix.fileinstall.bundles.startTransient=true</jvm-options>
             <!-- Should changes to configuration be saved in corresponding cfg file? false: no, true: yes
                  If we don't set false, everytime server starts from clean osgi cache, the file gets rewritten.
             -->
             <jvm-options>-Dfelix.fileinstall.disableConfigSave=false</jvm-options>
             <!-- End of OSGi bundle configurations -->

             <!-- For ORB compatibility with JDK11+ JDKs see https://github.com/eclipse-ee4j/orb-gmbal/issues/22 -->
             <jvm-options>-Dorg.glassfish.gmbal.no.multipleUpperBoundsException=true</jvm-options>

             <jvm-options>-Xbootclasspath/a:${com.sun.aas.installRoot}/lib/grizzly-npn-api.jar</jvm-options>
             <jvm-options>--add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED</jvm-options>
             <jvm-options>--add-opens=java.base/sun.net.www.protocol.jrt=ALL-UNNAMED</jvm-options>
             <jvm-options>--add-opens=java.base/java.lang=ALL-UNNAMED</jvm-options>
             <jvm-options>--add-opens=java.base/java.util=ALL-UNNAMED</jvm-options>
             <jvm-options>--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED</jvm-options>
             <jvm-options>--add-opens=java.naming/javax.naming.spi=ALL-UNNAMED</jvm-options>
             <jvm-options>--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED</jvm-options>
         </java-config>
         <availability-service>
             <web-container-availability/>
             <ejb-container-availability sfsb-store-pool-name="jdbc/hastore"/>
             <jms-availability/>
         </availability-service>
         <network-config>
             <protocols>
                 <protocol name="http-listener-1">
                     <http default-virtual-server="server">
                         <file-cache />
                     </http>
                 </protocol>
                 <protocol security-enabled="true" name="http-listener-2">
                     <http default-virtual-server="server">
                         <file-cache />
                     </http>
                     <ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as" />
                 </protocol>
                 <protocol name="admin-listener">
                     <http default-virtual-server="__asadmin" max-connections="250">
                         <file-cache enabled="false" />
                     </http>
                 </protocol>
                 <protocol security-enabled="true" name="sec-admin-listener">
                   <http default-virtual-server="__asadmin" encoded-slash-enabled="true">
                     <file-cache></file-cache>
                   </http>
                   <ssl client-auth="want" ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="glassfish-instance" renegotiate-on-client-auth-want="false"></ssl>
                 </protocol>
                 <protocol name="admin-http-redirect">
                   <http-redirect secure="true"></http-redirect>
                 </protocol>
                 <protocol name="pu-protocol">
                   <port-unification>
                     <protocol-finder protocol="sec-admin-listener" name="http-finder" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder"></protocol-finder>
                     <protocol-finder protocol="admin-http-redirect" name="admin-http-redirect" classname="org.glassfish.grizzly.config.portunif.HttpProtocolFinder"></protocol-finder>
                   </port-unification>
                 </protocol>

             </protocols>
             <network-listeners>
                 <network-listener address="0.0.0.0" port="${HTTP_LISTENER_PORT}" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool" />
                 <network-listener address="0.0.0.0" port="${HTTP_SSL_LISTENER_PORT}" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool" />
                 <network-listener port="${ASADMIN_LISTENER_PORT}" protocol="pu-protocol" transport="tcp" name="admin-listener" thread-pool="http-thread-pool" />
             </network-listeners>
             <transports>
                 <transport name="tcp" />
             </transports>
         </network-config>
         <thread-pools>
             <thread-pool name="http-thread-pool" />
             <thread-pool max-thread-pool-size="200" idle-thread-timeout-in-seconds="120" name="thread-pool-1" />
         </thread-pools>
         <group-management-service/>
         <!--%%%DEFAULT_TOKENS_HERE%%%-->
         <system-property name="ASADMIN_LISTENER_PORT" value="24848"/>
         <system-property name="HTTP_LISTENER_PORT" value="28080"/>
         <system-property name="HTTP_SSL_LISTENER_PORT" value="28181"/>
         <system-property name="IIOP_LISTENER_PORT" value="23700"/>
         <system-property name="IIOP_SSL_LISTENER_PORT" value="23820"/>
         <system-property name="IIOP_SSL_MUTUALAUTH_PORT" value="23920"/>
         <system-property name="JMX_SYSTEM_CONNECTOR_PORT" value="28686"/>
         <system-property name="OSGI_SHELL_TELNET_PORT" value="26666"/>
         <system-property name="JAVA_DEBUGGER_PORT" value="29009"/>
     </config>
  </configs>
  <property name="administrative.domain.name" value="%%%DOMAIN_NAME%%%"/>
  <secure-admin special-admin-indicator="%%%SECURE_ADMIN_IDENTIFIER%%%">
      <secure-admin-principal dn="%%%ADMIN_CERT_DN%%%"></secure-admin-principal>
      <secure-admin-principal dn="%%%INSTANCE_CERT_DN%%%"></secure-admin-principal>
  </secure-admin>
</domain>