Download pulse

More container configurations

There are quite a few more settings for the pulse container. All their configurations are also located within WEB-INF/conf. You will definitely have to adapt the logging configuration and probably also the ServiceRequest and user-attributes settings. The information below is sorted by the likeliness you may want or have to change the default settings.

Configure logging

Though pulse uses SLF4J internally, the log provider is Log4J. The configuration can be found in log4j-config.xml and is a standard XML based Log4J configuration.

<appender name="LOG" class="org.apache.log4j.DailyRollingFileAppender">
    <param name="File" value="../webapps/pulse/WEB-INF/log/pulse.log"/>
    <!-- For more information on how to use the date pattern see the javadoc of 
         DailyRollingFileAppender. -->
    <param name="DatePattern" value="'.'yyyy-MM-dd"/>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5p [%-15x] %c - %m%n"/>

The above snippet shows the section, you will have to change - namely the destination of the logfile in the file parameter. We recommend that you use an absolute path here.

Configuring the ServiceRequest

Upload limits

<!-- global settings for file uploads -->

pulse enforces a global limit for file uploads which can be changed in the section shown above. This configuration also sets the default temporary directory for file uploads. You should ensure that this directory will not be scanned by on-access virus software, as this may lead to unpredictable results due to locked files. If you need virus scanning, take a look at the input stream scanner configuration below.

Session handling

Per default pulse only accepts and uses cookie based sessions. This setting should not be changed unless you have a compelling reason to do so. Using cookie based sessions exclusively greatly reduces the risk of session hijacking.

<!-- session setting: 
       - COOKIES_ONLY: use and accept only cookie based sessions (recommended)
       - ALLOW_URL_ENCODED: use only cookie based sessions, but accept URL encoded session
       - USE_URL_ENCODED: use cookie and URL encoded sessions

Activating and configuring IntelliCache

If you activate IntelliCache, private ETag based caching will be allowed for dynamic requests as long as no data has been put into the ServiceSession, i.e. the session is considered to be stateless. The configurable timespan specifies how long such an ETag should be considered valid, i.e. a "304 Not Modified" response shall be sent.

To disable this behaviour, either comment the configuration setting below or choose "0" as the timespan.


For more information see org.torweg.pulse.service.IntelliCache's JavaDoc.

Search engine spider filters

    <spider name="Google" user-agent="googlebot"/>
    <spider name="Altavista" user-agent="scooter"/>

This section configures parts of user-agents for known spiders to avoid the creation of too many unused sesssion and more important to avoid duplicate content when using URL encoded sessions. For a list of known user-agents of search engines you can refer to

Available locales and content negotiation

All available locales of a site being run by pulse are configured within the ServiceRequest configuration. This section also defines the content negotiation scheme to be used.

<locale-manager rfc-compliant="true">
    <locale inactive="false" default="true" language="en" country="US">
        <alias inactive="false" default="false" language="en"/>
    <locale inactive="true" default="false" language="fr" country="FR"/>
    <locale inactive="false" default="false" language="de" country="DE"/>

The above section defines three locales: en_US (as the default locale with an alias locale of en), fr_FR and de_DE. The locale fr_FR is marked as inactive, i.e. it will never be considered during content negotiation. The content negotiation is configured to be RFC 2161 compliant.

As already said, the locale manager is also responsible for content-negotiation. It knows two modes of content-negotiation:

  • RFC 2161 compliant: trying all languages provided by the Accept-Languages header in descending preference. If no matching locale could be found, it tries to include the geo-location.
  • geo-location based: pulse tries to determine the locale based on the users geo-location. It includes the users language preferences, so it can present the preferred content, for multi-lingual countries. If no matching locale can be found based on the geo-location, it falls back on RFC 2161 compliant negotiation.

If the fallback method also cannot find a matching locale, the locale manager will use the default locale.

User attributes (deprecated; will be cancelled with pulse 0.8)

The user-attributes.xml is relict which will be changed to role based access checking in the next version of pulse. Until then it is required to grant non-root users bundle and locale based editing access to the Sitemap and the Content Registry.

<user name="name of user">
    <attribute name="Core.Edit.locales">
    <attribute name="CMS.Edit.locales">


The access grants are defined per user (identified by the user name) according to the following scheme:

{Name of the bundle}.Edit.locales, e.g. for the bundle named Core the attribute would be named Core.Edit.locales. The enclosed value containers state the locales the user has editing access for.

The input stream scanner chain – protecting your site from malicious uploads

The input stream scanner chain defined in org.torweg.pulse.util.streamscanner.InputStreamScannerChain.xml is used to scan both form-based and WebDAV file uploads.

It can be used to protect your site from malicious user provided files. pulse already includes two scanner implementations:

To use one or both simply uncomment it in the configuration.

Fine tune authentication

The way authentication works can be fine tuned within org.torweg.pulse.accesscontrol.authentication.Authentication.xml. This configuration is pretty much self-explaining and usually you will not want to make any changes here.

Attribute factory (deprecated; will be cancelled with pulse 0.8)

In very simple words: do not use it. This was a first try to provide user profiles with a too generic and overly complicated solution.

The global MIME type map

org.torweg.pulse.util.MimeMap.xml contains a listing matching file extensions to MIME types.