framework/webapp/dtd/site-conf.xsd
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
<xs:element name="site-conf">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="include"/>
<xs:element minOccurs="0" ref="description"/>
<xs:element minOccurs="0" ref="owner"/>
<xs:element minOccurs="0" ref="errorpage"/>
<xs:element minOccurs="0" ref="status-code"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="handler"/>
<xs:element minOccurs="0" ref="protect"/>
<xs:element minOccurs="0" ref="firstvisit"/>
<xs:element minOccurs="0" ref="preprocessor"/>
<xs:element minOccurs="0" ref="postprocessor"/>
<xs:element minOccurs="0" ref="pre-view-render"/>
<xs:element minOccurs="0" ref="post-view-render"/>
<xs:element minOccurs="0" ref="pre-screen-render"/>
<xs:element minOccurs="0" ref="post-screen-render"/>
<xs:element minOccurs="0" ref="after-login"/>
<xs:element minOccurs="0" ref="before-logout"/>
<xs:element minOccurs="0" ref="after-logout"/><!-- SCIPIO -->
<xs:element minOccurs="0" ref="default-request"/>
<xs:element minOccurs="0" ref="view-as-json"/><!-- SCIPIO: 2017-05-15: new -->
<xs:element minOccurs="0" ref="common-settings"/><!-- SCIPIO: 2018-06-13: new -->
<xs:element minOccurs="0" ref="input-output-filters"/><!-- SCIPIO: 2.1.0: Added new -->
<xs:element minOccurs="0" maxOccurs="unbounded" ref="request-map"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="view-map"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="include">
<xs:annotation>
<xs:documentation>
This includes all elements of the controller.xml file references.
Note that if you define any of the event blocks in this file (the including file) they
will override (replace) the one in the included file, effectively emptying it. The event
blocks are: firstvisit, preprocessor, postprocessor, after-login, before-logout, after-logout.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.include"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.include">
<xs:attribute type="xs:string" name="location" use="required">
<xs:annotation>
<xs:documentation>
Controller location, in component:// notation.
SCIPIO: 2.1.0: Now supports wildcard component name in the form:
component://*/somefile.xxx
This includes the named file from each component, following the load order; optional="true" must
always be specified, and now supports order="pre-local" and order="post-local". e.g.:
* location="component://*/webapp/hooks/ordermgr-controller-pre.xml" optional="true" order="pre-local"
* location="component://*/webapp/hooks/ordermgr-controller-post.xml" optional="true" order="post-local"
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="recursive" default="full">
<xs:annotation>
<xs:documentation>
SCIPIO: controls the scope of the include. The default and original stock
behavior is 'full' include, but now possible to specify 'no' disable recursion past one level.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="no"/>
<xs:enumeration value="full"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute type="xs:boolean" name="optional" default="false">
<xs:annotation>
<xs:documentation>
SCIPIO: If true, the include will not cause or report as error if resource is missing.
Added 2017-05-03.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="order" default="pre-local">
<xs:annotation>
<xs:documentation>
SCIPIO: Can be set to "post-local" so that definitions in the included files
will crush the ones defined directly in the including file.
Added 2017-05-03.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="pre-local"/>
<xs:enumeration value="post-local"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="description" type="xs:string"/>
<xs:element name="owner" type="xs:string"/>
<xs:element name="errorpage" type="xs:string">
<xs:annotation>
<xs:documentation>
URI to forward when error occurs.
SCIPIO: 2017-11-14: This now supports flexible expressions (${}) and the
request attributes and servlet context attributes are now available to reference here.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="status-code" type="xs:string">
<xs:annotation>
<xs:documentation>
A redirection HTTP status-code
If set it will override, for this whole controller, the default status-code sets in requestHandler.properties
Most possible redirection status-codes are 301, 303 and 307.
302 (the Java default) is not recommended for SEO reasons, 301 is preferred.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="handler">
<xs:annotation>
<xs:documentation>
Defines a Java class which handles a specific named type (either request or view).
This allows different logics for processing input from requests.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.handler"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.handler">
<xs:attribute type="xs:string" name="name" use="required"/>
<xs:attribute name="type" default="request">
<xs:annotation>
<xs:documentation>
To keep it short, request is for action when view is for rendering.
SCIPIO: 2018-11-23: Now supports "request-handler-wrapper" type, which defines a "super" event handler
which runs for all event types (service, java, etc.), and effectively wraps
the regular "request" handlers. The scope parameter may be specified to limit
the triggers for which this super handler will run. The class
must implement org.ofbiz.webapp.event.EventHandlerWrapper.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="request"/>
<xs:enumeration value="view"/>
<xs:enumeration value="request-handler-wrapper"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute type="xs:string" name="class" use="required"/>
<xs:attribute type="xs:string" name="triggers" default="all">
<xs:annotation>
<xs:documentation>
SCIPIO: Currently works ONLY for "request-handler-wrapper": Restricts which event triggers
this handler should apply to. Comma-separated list (no spaces). Possible values:
all, firstvisit, preprocessor, security-auth, request, postprocessor, after-login, before-logout
Added 2018-11-23.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="protect">
<xs:annotation>
<xs:documentation>
Mechanism used to protect from data leakage (data stolen from a login/password couple compromised).
It works like the grey list anti-spam feature (aka tarpitting).
Any error will be ignored and will not affect the requests processing flow.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.protect"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.protect">
<xs:attribute type="xs:string" name="view" use="required"/>
</xs:attributeGroup>
<xs:element name="firstvisit">
<xs:annotation>
<xs:documentation>
Event runs at the 1st visit and only then.
Any error will be ignored and will not affect the requests processing flow.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="preprocessor">
<xs:annotation>
<xs:documentation>
Event runs before each request.
Any error will be ignored and will not affect the requests processing flow.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="postprocessor">
<xs:annotation>
<xs:documentation>
Event runs after each request.
Any error will be ignored and will not affect the requests processing flow.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="pre-view-render">
<xs:annotation>
<xs:documentation>
Event before each view render before view handler selection and before initial response commit.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="post-view-render">
<xs:annotation>
<xs:documentation>
Event after each view render after view handler returns.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="pre-screen-render">
<xs:annotation>
<xs:documentation>
Event before each screen render (macro screen and CMS renderers ONLY), before screen markup it output
but after response is committed.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="post-screen-render">
<xs:annotation>
<xs:documentation>
Event runs after each completed screen render, before view handler returns.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="after-login">
<xs:annotation>
<xs:documentation>
Event runs after login and only then.
Any error will be ignored and will not affect the requests processing flow.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="before-logout">
<xs:annotation>
<xs:documentation>
Event runs before logout and only then.
Any error will be ignored and will not affect the requests processing flow.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="after-logout">
<xs:annotation>
<xs:documentation>
SCIPIO: Event runs right after logout and only then.
Any error will be ignored and will not affect the requests processing flow.
Added 2018-12-03.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="event"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="default-request">
<xs:annotation>
<xs:documentation>
If a request cannot be called, or is not defined, the default-request is used
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.default-request"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.default-request">
<xs:attribute type="xs:string" name="request-uri" use="required"/>
</xs:attributeGroup>
<xs:element name="view-as-json">
<xs:annotation>
<xs:documentation>
SCIPIO: Configures view-as-json rendering.
This allows any rendered view to be returned as a json data object
entry along with potentially other entries, for any request that receives
the request parameter "scpViewAsJson=true".
Added 2017-05-15.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.view-as-json"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.view-as-json">
<xs:attribute type="xs:boolean" name="enabled" use="required">
<xs:annotation>
<xs:documentation>
If set to true, view-as-json will run for any request that receives
the request parameter "scpViewAsJson=true".
If set to false, view-as-json will never execute for this webapp.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="json-request-uri" use="required">
<xs:annotation>
<xs:documentation>
The request URI we should use to generate the JSON response.
It should be a secure one, such as the provided "jsonExplicit" in common controllers.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="update-session" default="false">
<xs:annotation>
<xs:documentation>
If set to true, by default, view-as-json renders will still update
session such as view-last logic.
If set to false, this will try to prevent (where applicable/possible) session
data such as view-last logic.
NOTE: 2017-05-15: when false, this is currently not guaranteed to prevent all
session writes, but at least prevents updating the view-last/view-home/etc. attributes.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="regular-login" default="false">
<xs:annotation>
<xs:documentation>
If set to true, the regular login view will be used when not logged in.
If set to false, the special ajaxLogin view will be used when not logged in.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="common-settings">
<xs:annotation>
<xs:documentation>
SCIPIO: Can be used to set some defaults for request, response, view mappings.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="request-map-settings">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="response-settings">
<xs:complexType>
<xs:sequence>
<xs:element name="view-last">
<xs:complexType>
<xs:attribute type="xs:string" name="default-view"/>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" ref="allow-view-save-default"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" name="view-map-settings">
<xs:complexType>
<xs:attribute name="default-view-access">
<xs:annotation>
<xs:documentation>Default visibility for all views toward public-facing services (SCIPIO).
Default: Typically configured in component://, otherwise "public" (legacy default)
When set to internal, behaves like direct-request false in request URIs: views cannot
be accessed by view switch, only by direct invocation by requests.
Warning: Default "public" but may be changed to "internal" in future or certain controllers</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="public"/>
<xs:enumeration value="internal"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attributeGroup ref="attlist.common-settings"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.common-settings">
</xs:attributeGroup>
<xs:attributeGroup name="attlist.name-filter">
<xs:attribute type="xs:boolean" name="value">
<xs:annotation>
<xs:documentation>
SCIPIO: Common name filtering attributes.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:complexType name="name-filter">
<xs:attribute name="prefix" type="xs:string">
<xs:annotation>
<xs:documentation>
SCIPIO: Use filter if the name starts with this string.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="suffix" type="xs:string">
<xs:annotation>
<xs:documentation>
SCIPIO: Use filter if the name ends with this string.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="regexp" type="xs:string">
<xs:annotation>
<xs:documentation>
SCIPIO: Use filter if the name matches this regexp (from beginning).
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
<xs:element name="allow-view-save-default">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="name-filter">
<xs:complexType>
<xs:complexContent>
<xs:extension base="name-filter">
<xs:attribute name="field" use="required">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="view-name"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute type="xs:boolean" name="use-value" use="required">
<xs:annotation>
<xs:documentation>
SCIPIO: If the name matches this filter, sets this value.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attributeGroup ref="attlist.allow-view-save-default"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.allow-view-save-default">
<xs:attribute type="xs:boolean" name="value">
<xs:annotation>
<xs:documentation>
SCIPIO: Global default for allow-view-save.
Default: true.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="input-output-filters">
<xs:annotation>
<xs:documentation>
Allows filtering input and output parameters to and from attributes and json, like a firewall.
SCIPIO: 2.1.0: Added.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" name="request-parameter-filter" type="input-output-field-filter"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:complexType name="input-output-field-filter">
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" name="input">
<xs:annotation>
<xs:documentation>
Input field filters.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="field" type="input-output-field-filter-field" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="default-access" use="optional">
<xs:annotation>
<xs:documentation>
The default access level for all input, whitelist or blacklist, respectively.
Default: allow (legacy system default)
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value=""/>
<xs:enumeration value="allow"/>
<xs:enumeration value="deny"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="output">
<xs:annotation>
<xs:documentation>
Output field filters.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="field" type="input-output-field-filter-field" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="default-access" use="required">
<xs:annotation>
<xs:documentation>
The default access level for all output, whitelist or blacklist, respectively.
Default: allow (legacy system default)
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value=""/>
<xs:enumeration value="allow"/>
<xs:enumeration value="deny"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="input-output">
<xs:annotation>
<xs:documentation>
Field definitions placed in both input and output filters.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="field" type="input-output-field-filter-field" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="input-output-field-filter-field">
<xs:attribute type="xs:string" name="name" use="required"/>
<xs:attribute type="xs:string" name="name-regex" use="optional"/>
<xs:attribute name="access" use="required">
<xs:simpleType>
<xs:restriction base="xs:token">
<!--<xs:enumeration value=""/>-->
<xs:enumeration value="allow"/>
<xs:enumeration value="deny"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
<xs:element name="request-map">
<xs:annotation>
<xs:documentation>
Place where are defined the elements of a request.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" ref="description"/>
<xs:element minOccurs="0" ref="security"/>
<xs:element minOccurs="0" ref="metric"/>
<xs:element minOccurs="0" ref="event"/>
<xs:element maxOccurs="unbounded" ref="response"/>
</xs:sequence>
<xs:attributeGroup ref="attlist.request-map"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.request-map">
<xs:attribute type="xs:string" name="uri" use="required">
<xs:annotation>
<xs:documentation>
The name of this request. This will be the name used to access the request.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="method" use="optional"><!-- default="all" -->
<xs:annotation>
<xs:documentation>
The HTTP method of this request. This will be the HTTP method used to access the request. Default: all.
SCIPIO: NOTE: This attribute does not currently influence request resolution;
it behaves more like the security checks done for attributes on the security element
(https, direct-request).
Added 2018-09-19.
Possible values (allows comma-separated; avoid space and uppercase):
all (default), get, post, head, put, delete, patch, options
</xs:documentation>
</xs:annotation>
<!--<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="get"/>
<xs:enumeration value="post"/>
<xs:enumeration value="head"/>
<xs:enumeration value="put"/>
<xs:enumeration value="delete"/>
<xs:enumeration value="patch"/>
<xs:enumeration value="options"/>
<xs:enumeration value="all"/>
</xs:restriction>
</xs:simpleType>-->
</xs:attribute>
<xs:attribute type="xs:boolean" name="edit"><!-- default="true" --><!-- SCIPIO: make default implicit -->
<xs:annotation>
<xs:documentation>
Reserved for future use (not used yet). Default: true.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="track-visit"><!-- default="true" --><!-- SCIPIO: make default implicit -->
<xs:annotation>
<xs:documentation>
Allow or not to track first visit (related to firstvisit preprocessor). Default: true.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="track-serverhit"><!-- default="true" --><!-- SCIPIO: make default implicit -->
<xs:annotation>
<xs:documentation>
Allow or not to track statistics. Default: true.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="override-mode" default="replace">
<xs:annotation>
<xs:documentation>
SCIPIO: Controls how the request-map should override or inherit from any existing request-maps with
the same uri. Default: replace.
* replace: Replaces the entire request-map definition and all elements (default/legacy behavior).
* merge: Merges the responses and keeps information not specified from the existing request-map definition.
NOTE: The override-mode flag itself is not inherited, only the other settings are.
NOTE: 2018-11-07: Currently the security element flags are treated as a single setting by
merge logic, so to inherit security with merge you must omit the security element entirely
(this may change in future).
Added 2018-11-07.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="replace">
<xs:annotation>
<xs:documentation>
Replaces the entire request-map definition and all elements (default/legacy behavior)
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="merge">
<xs:annotation>
<xs:documentation>
Merges the responses and keeps information not specified from the existing request-map definition.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="security">
<xs:annotation>
<xs:documentation>
Define the security of the request-map, using https and auth boolean attributes.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.security"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.security">
<xs:attribute type="xs:boolean" name="https" default="true"><!-- SCIPIO: 2018-07-09: default is now true -->
<xs:annotation>
<xs:documentation>
If https=true, redirect to/use/generate the secured HTTPS protocol if necessary and possible.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="auth" default="false">
<xs:annotation>
<xs:documentation>
If auth=true, when you hit the request if you are not logged in you will be forwarded to the login page.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="auth-check-event"><!-- default="checkLogin" -->
<xs:annotation>
<xs:documentation>
Name of an alternative request URI whose event to use for login check (SCIPIO). Default: "checkLogin"
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="cert" default="false">
<xs:annotation>
<xs:documentation>
It true, check for HTTPS client (x.509) security.
If the request is not secured throws an exception
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="external-view" default="true">
<xs:annotation>
<xs:documentation>
If false, prevent to pass a view through the url ("chaining" it after the request,
like control/request/view in an FTL file).
Default to true.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="direct-request" default="true">
<xs:annotation>
<xs:documentation>
If false the request can only be accessed in a chained request, default to true.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="metric">
<xs:annotation>
<xs:documentation>
Calculate and maintain a moving average response time for a Request or Event. Request Metrics can be used
for monitoring and reporting, Event Metrics only for reporting. Request Metrics can also be used to trigger an alternate
response if the optional threshold attribute is used.
The metric works by gathering statistics until a configurable maximum is reached (number of
requests or elapsed time), then the average is calculated. A smoothing factor is used to
smooth differences between calculations.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>
Each metric must have a unique name.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="estimation-size" type="xs:string">
<xs:annotation>
<xs:documentation>
Positive integer number of requests to include in the metrics calculation. Defaults to "100".
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="estimation-time" type="xs:string">
<xs:annotation>
<xs:documentation>
Positive integer number of milliseconds to include in the metrics calculation. Defaults to "1000".
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="smoothing" type="xs:string">
<xs:annotation>
<xs:documentation>
Positive decimal smoothing factor - used to smooth the differences between calculations. A value of "1" disables smoothing. Defaults to "0.7".
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="threshold" type="xs:string">
<xs:annotation>
<xs:documentation>
The metric threshold in milliseconds. If the average response time exceeds this setting,
then a "threshold-exceeded" response code will be generated. That response code can be used
in a response element. The threshold check will ignore the first three requests - to give
the metric a chance to stablize after startup. A value of "0.0" disables the threshold.
Defaults to "0.0".
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="event">
<xs:annotation>
<xs:documentation>
Defines a piece of code (see handlers) which will handles the request need.
Return any string which is then used to route to different responses.
Only one event by request-map.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" ref="metric"/>
<xs:element minOccurs="0" maxOccurs="unbounded" name="property">
<xs:annotation>
<xs:documentation>
SCIPIO: Defines arbitrary name-value properties that can be used by the event handler depending on
the support by its type (without need to modify the *.xsd) and may even be used by custom handlers
and events. Currently these are load-time properties (not runtime) and currently don't natively support EL expressions
(to facilitate static analysis). TODO: Support runtime properties with EL support
Scipio-supported event attributes, by event type:
* service:
* mode-parameter = ((String), default: (disabled)) Name of a request attribute or parameter
that will override the default service invocation mode set for the "path" attribute.
The parameter supports values: sync, async, async-persist, async-onetime
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="name" type="xs:string" use="required"/>
<xs:attribute name="value" type="xs:string" use="required"/>
<xs:attribute name="type" default="String">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="PlainString" />
<xs:enumeration value="String" />
<xs:enumeration value="BigDecimal" />
<xs:enumeration value="Double" />
<xs:enumeration value="Float" />
<xs:enumeration value="Long" />
<xs:enumeration value="Integer" />
<xs:enumeration value="Date" />
<xs:enumeration value="Time" />
<xs:enumeration value="Timestamp" />
<xs:enumeration value="Boolean" />
<xs:enumeration value="Object" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<!-- TODO: future
<xs:attribute name="scope" default="static">
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="static" />
<xs:enumeration value="runtime" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
-->
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="synchronized"/><!-- SCIPIO: 2018-11-19 -->
<xs:element minOccurs="0" maxOccurs="unbounded" name="param-to-attr">
<xs:annotation>
<xs:documentation>
Defines name or names of request parameters that should be transferred to request attributes
before the event (SCIPIO). override attribute must be specified to indicate whether existing (non-null)
request attributes may be overridden by parameters or not.
The source parameters are by default from the parameters map (UtilHttp.getParameterMap)
and support application/json body parameters this way.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>
Comma-separated list of parameter names.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="to-name" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>
Comma-separated list of parameter names. If multiple, should correspond to list of names.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="override" type="xs:boolean" use="required"/>
<xs:attribute name="set-if-null" type="xs:boolean" use="optional" default="true"/>
<xs:attribute name="set-if-empty" type="xs:boolean" use="optional" default="true"/>
</xs:complexType>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="script"><!-- SCIPIO: 2019-02-05 -->
<xs:annotation>
<xs:documentation>Inline script body (SCIPIO), alternative to script location.
NOTE: 2019-02-05: Currently, this is only supported for the "groovy" event type.
Inline groovy events automatically import the following packages:
import org.ofbiz.base.util.*
import org.ofbiz.entity.*
import org.ofbiz.service.*
import org.ofbiz.webapp.event.EventUtil
</xs:documentation>
<!-- TODO?: This currently depends on the "groovy" event handler, but ideally we should also
have a dedicated generalized script handler, e.g.: `<event type="script"><script lang="groovy">...`
instead of only supporting groovy via: `<event type="groovy"><script>...` -->
</xs:annotation>
<xs:complexType mixed="true"/>
</xs:element>
</xs:sequence>
<xs:attributeGroup ref="attlist.event"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.event">
<xs:attribute name="type" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>
There are as much as types (of type request) as available defined and accessible event handlers.
Most used are java, service, service-multi, simple and groovy (or bsf).
A most comprehensive list can be found in the common-controller.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="name" type="xs:string">
<xs:annotation>
<xs:documentation>
Event name, mostly used with special events
(firstvisit,
preprocessor,
postprocessor,
after-login,
before-logout)
where the name allows to differentiate them.
Most of the time reques-maps, which have only 1 event, don't use it.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="path" type="xs:string">
<xs:annotation>
<xs:documentation>
The path to the class or XML file containing this event.
Leave empty for services, except if you want to run it as a job, then use "async"
SCIPIO: 2020-02-07: This now supports explicit: async-persist, async-onetime
NOTE: These new modes will print a default success message, like sync invocations, unlike
"async" (due to compatibility issues).
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="invoke" type="xs:string">
<xs:annotation>
<xs:documentation>
The name of the method or service to be run.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="global-transaction" default="true">
<xs:annotation>
<xs:documentation>
For service-multi, defines if the event should be wrapped in a transaction, default to true
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="transaction-timeout" type="xs:int" default="0">
<xs:annotation>
<xs:documentation>
Defines the timeout for the transaction, in seconds.
Defaults to the value set in the TransactionFactory being used (typically 60 seconds).
SCIPIO: FIXME: 2018-08-30: Currently this setting only applies to pure java events.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="transaction">
<xs:annotation>
<xs:documentation>
SCIPIO: General event transaction enable/disable.
NOTE: Currently this has NO effect on stock behavior and is here for future use/compatibility.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="abort-transaction">
<xs:annotation>
<xs:documentation>
SCIPIO: If on-error-result and the event returned "error", abort running transaction.
NOTE: Currently only implemented for Java events.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="on-error-result"/>
<xs:enumeration value="on-exception"/>
<xs:enumeration value="on-any-error"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="synchronized">
<xs:annotation>
<xs:documentation>
SCIPIO: Synchronizes the event on a Java object from request, session or application attributes.
If the object is null, no synchronization occurs - typically you can setup the object using
preprocessor events or filter init method.
Added 2018-11-19.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute name="value" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>
An expression that determines the value to fetch. (${...} brackets may be omitted; implied)
Supports the following expression types (similar to request responses):
* requestAttributes.xxx
* sessionAttributes.xxx
* applicationAttributes.xxx
e.g.: value="${sessionAttributes.shoppingCart}"
In addition, it is possible to specify groovy in form: value="${groovy:xxx}", however,
this is slow and not recommended (only "request" and "response" objects may be available).
NOTE: There is currently little to no support for real flexible expressions here;
if complex, the object should be determined by a preprocessor event.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="response">
<xs:annotation>
<xs:documentation>
You can have one response for each possible return code from the event.
An event can return any string, and that string can be used to route to different responses.
At least one response by request-map.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="1" ref="redirect-attributes"/><!-- SCIPIO: new -->
<xs:element minOccurs="0" maxOccurs="1" ref="redirect-parameters"/><!-- SCIPIO: new -->
<xs:element minOccurs="0" maxOccurs="unbounded" ref="redirect-parameter">
<xs:annotation>
<xs:documentation>
Defines a possible parameter to redirect
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
<xs:attributeGroup ref="attlist.response"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.response">
<xs:attribute name="name" type="xs:string" use="required">
<xs:annotation>
<xs:documentation>
The name of the response, wich also matches the string returned by the event
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="type" use="required">
<xs:annotation>
<xs:documentation>
One of the possible types between:
none,
view,
view-last,
view-last-noparam,
view-home,
request,
request-redirect,
request-redirect-noparam,
request-redirect-last,
url,
cross-redirect
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="none">
<xs:annotation>
<xs:documentation>
This is used in situations where the event will actually
be generating the response. If you have an event that
returns a binary download for example, you would use
a response of type=none, so that the control servlet
doesn't try to render anything and send it down to the
client.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="view">
<xs:annotation>
<xs:documentation>
Send to a view for final rendering
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="view-last">
<xs:annotation>
<xs:documentation>
Will use the view from the last request unless there
is a saved from some previous request (using the save-last-view
attribute). Use the value attribute to specify a default view
in case no previous view can be retrieved.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="view-last-noparam">
<xs:annotation>
<xs:documentation>
Same than view-last but no parameters are redirect
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="view-home">
<xs:annotation>
<xs:documentation>
Will use the view from the last saved 'home' position
(using the save-home-view attribute).
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="request">
<xs:annotation>
<xs:documentation>
Internally chains to another request
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="request-redirect">
<xs:annotation>
<xs:documentation>
Send a redirect down to the browser telling it to go to the new request.
Automatically redirect all current request parameters to the new request or only redirected parameters if specified.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="request-redirect-noparam">
<xs:annotation>
<xs:documentation>
Send a redirect down to the browser telling it to go to the new request.
No current request parameters are sent to the new request, nor redirected parameters if specified.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="request-redirect-last">
<xs:annotation>
<xs:documentation>
SCIPIO: Redirects to the last GET URL visited. NOTE: This is not necessarily the last view.
Added 2018-12-06.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="url">
<xs:annotation>
<xs:documentation>
Any URL, relative or absolute. Redirected parameters are not used, you can put them in the url.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
<xs:enumeration value="cross-redirect">
<xs:annotation>
<xs:documentation>
Works like request-redirect for cross applications calls.
</xs:documentation>
</xs:annotation>
</xs:enumeration>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="value" type="xs:string">
<xs:annotation>
<xs:documentation>
Depending on the type of response, will either
be the view or request name (ie view-map-name or request-map URI).
Can be an URL.
***
SCIPIO: This field is enhanced to support dynamic variable response values extracted
from the request. It uses EL-like notation ("${...}") in the form: "${scope.name}"
The following scopes are currently recognized:
* requestAttributes
* requestParameters
* requestAttrParam - checks attributes; if empty string, returns empty string; if null, uses params
* sessionAttributes
* applicationAttributes
If a field is missing, it will evaluate to empty string, and the effect will depend on the
response type and other factors.
Examples:
type="request" value="${requestAttributes.myForwardRequestName}"
type="request-redirect" value="${requestAttributes.myDynamicRedirect}"
This facility only provides basic substitution, such that it is not useful on its own
and events must be written to set the scopes to proper values and perform validation of the values.
WARNING: Use with care; events should always validate the attributes. Improper validation may
lead to security issues. Use of requestParameters and requestAttrParam is discouraged
and mainly provided for testing.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="allow-view-save">
<xs:annotation>
<xs:documentation>
SCIPIO: If set to false, explicitly prevents saving this view (to session), such that it will
not be known to the "view-last" type responses or any of the other "view-*" responses,
and will not crush the previously saved view. If false, causes the other save-*-view attributes to be ignored.
Default: true
NOTE: This can also be requested by passing "_ALLOW_VIEW_SAVE_=N" as request parameter.
Added 2018-06-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="save-last-view" default="false">
<xs:annotation>
<xs:documentation>
Saves the last (previous) request's view for future use, generally
with the view-last type of response.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="save-current-view" default="false">
<xs:annotation>
<xs:documentation>
Saves the current request's view for future use, generally with
the view-last type of response.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="save-home-view" default="false">
<xs:annotation>
<xs:documentation>
Saves the current request's view for future use, generally with
the view-home type of response.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="status-code" type="xs:string">
<xs:annotation>
<xs:documentation>
A redirection HTTP status-code
If set it will override, for this request, the default status-code sets in requestHandler.properties
and the possible status-code sets at the controller level (included controllers inclusive)
Most possible redirection status-codes are 301, 303 and 307.
302 (the Java default) is not recommended for SEO reasons, 301 is preferred.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="save-request">
<xs:annotation>
<xs:documentation>
SCIPIO: For redirects only: whether to save request attributes (from event) to pass over to the next request (via session).
Default: "none" for all EXCEPT (currently, 2018-12-06) "all" by default for "request-redirect" and "request-redirect-noparam".
The attributes can be specified, excluded or added to using the "redirect-attributes" child element.
Added 2018-12-06.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="all"/>
<xs:enumeration value="messages"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="connection-state" default="">
<xs:annotation>
<xs:documentation>
SCIPIO: For redirects only: You can set this to "close" to force a "Connection: close" HTTP header
for performance reasons.
Default: Does not change the header.
Added 2018-12-13.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="allow-cache-redirect"><!-- default="false" -->
<xs:annotation>
<xs:documentation>
SCIPIO: For redirects only: If set to true, allow browser to cache 301 redirects.
Default: false (new behavior, set on 2019-12-04)
Added 2019-12-04.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="redirect-parameter">
<xs:annotation>
<xs:documentation>
Adds a parameter with the given name to the redirect. Finds value in a
request attribute if exists, or a request parameter if no attribute is found.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.redirect-parameter"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.redirect-parameter">
<xs:attribute type="xs:string" name="name" use="required">
<xs:annotation>
<xs:documentation>
Name of the parameter to redirect
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="from" use="optional">
<xs:annotation>
<xs:documentation>
If specified used instead of the value of name for the key to find
a request attribute or parameter.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="value" use="optional">
<xs:annotation>
<xs:documentation>
Set a string value to the parameter.
</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:attributeGroup>
<xs:element name="redirect-parameters">
<xs:annotation>
<xs:documentation>
SCIPIO: Advanced redirect parameter definitions and control.
Added 2017-04-24.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" name="param">
<xs:annotation>
<xs:documentation>
Adds a parameter with the given name to the redirect. Finds value in a
request attribute if exists, or a request parameter if no attribute is found.
SCIPIO: NOTE: This is the same as the original 'request-parameter' attribute.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attributeGroup ref="attlist.redirect-parameter"/>
<xs:attribute name="mode" default="include">
<xs:annotation>
<xs:documentation>
SCIPIO: If this is set to exclude, the parameter is excluded instead of
included.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="include"/>
<xs:enumeration value="exclude"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attribute name="include-mode" default="auto">
<xs:annotation>
<xs:documentation>
Controls whether to automatically include parameters, or only set those explicitly defined.
* auto (default) - the stock ofbiz behavior: if any "parameter" elements are defined,
only those are included ("explicit" mode). if no "parameter" elements are defined,
then all previous URL-only parameters are included ("url-only"), unless they are
specifically excluded by exclude entries.
* url-params - includes all incoming get url parameters, except those explicitly excluded.
* all-params - includes all incoming parameters, even those from post.
* explicit - only include the specifically listed parameters.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="auto"/>
<xs:enumeration value="explicit"/>
<xs:enumeration value="url-params"/>
<xs:enumeration value="all-params"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="redirect-attributes">
<xs:annotation>
<xs:documentation>
SCIPIO: Controls which request attributes should apply/not-apply for the save-request feature.
Generally, if any "include" request-attributes are specified, it turns this filter into a whitelist,
whereas if only "exclude", it behaves as a blacklist. The generally overrides the value of
save-request (which is a convenience feature) except for "messages", where "include"
specifies additional attributes to save in addition to the messages.
NOTE: If you specify redirect-attributes without specifying save-request="...", it will automatically
enable save-request (for the specified attributes, or all minus your excludes).
Added 2018-12-06.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" name="request-attribute">
<xs:complexType>
<xs:attribute type="xs:string" name="name" use="required"/>
<xs:attribute name="mode" default="include">
<xs:annotation>
<xs:documentation>
SCIPIO: If this is set to exclude, the parameter is excluded instead of
included.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="include"/>
<xs:enumeration value="exclude"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="view-map">
<xs:annotation>
<xs:documentation>
Place where are defined the elements of a view.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" ref="description"/>
<xs:element minOccurs="0" maxOccurs="unbounded" name="property">
<xs:annotation>
<xs:documentation>
Static properties associated to views (SCIPIO).
Can be used similar to *.properties files internally.
Property namespace is considered global, prefix necessary.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:attribute type="xs:string" name="name" use="required"/>
<xs:attribute type="xs:string" name="value" use="required"/>
</xs:complexType>
</xs:element>
</xs:sequence>
<xs:attributeGroup ref="attlist.view-map"/>
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.view-map">
<xs:attribute type="xs:string" name="name" use="required">
<xs:annotation>
<xs:documentation>
The name of this view. This will be the name used to access the view.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="page">
<xs:annotation>
<xs:documentation>
The page mapped to this view.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="type" default="default">
<xs:annotation>
<xs:documentation>
The name of the view handler that will render the output: screen, screenfop, ftl etc...
A most comprehensive list can be found in the handlers-controller.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="info">
<xs:annotation>
<xs:documentation>
Extended information passed to the view handler.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="content-type">
<xs:annotation>
<xs:documentation>
Content-type in the HTML sense
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:string" name="encoding">
<xs:annotation>
<xs:documentation>
Charset in the HTML sense. By default "text/html" is used.
If the encoding is "none" then no charset will be used.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute type="xs:boolean" name="no-cache" default="false">
<xs:annotation>
<xs:documentation>
Send no-cache headers if set to true.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="x-frame-options" default="sameorigin">
<xs:annotation>
<xs:documentation>
Provides clickjacking protection by instructing browsers that this page should not be placed within a frame.
Possible values are:
deny - no rendering within a frame,
sameorigin - no rendering if origin mismatch, and
allow-from: - allow rendering if framing page is within the specified URI domain.
Allow from is supported by IE and Firefox, but not Chrome or Safari.
It will also interfere with In Page Google Analytics since it requires your page to be framed by Google.
</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="deny"/>
<xs:enumeration value="sameorigin"/>
<xs:enumeration value="allow-from"/>
<xs:enumeration value="none"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute type="xs:string" name="strict-transport-security">
<xs:annotation>
<xs:documentation>
HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server.
This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks.
HSTS also disables the ability for users to ignore SSL negotiation warnings.
If the security of the connection cannot be ensured (e.g. the server's TLS certificate is not trusted),
it shows an error message and do not allow the user to access the web application.
As recommended by OWASP, by default "max-age=31536000; includeSubDomains" is used except if the server is localhost or 127.0.0.1.
If the strict-transport-security is "none" then it will not be used.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="access">
<xs:annotation>
<xs:documentation>Visibility of the attribute toward public-facing services (SCIPIO).
Default: Typically configured in component://, otherwise "public" (legacy default)
When set to internal, behaves like direct-request false in request URIs: views cannot
be accessed by view switch, only by direct invocation by requests.
Warning: Default "public" but may be changed to "internal" in future or certain controllers</xs:documentation>
</xs:annotation>
<xs:simpleType>
<xs:restriction base="xs:token">
<xs:enumeration value="public"/>
<xs:enumeration value="internal"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:attributeGroup>
</xs:schema>