[GitHub] matthiasblaesing closed pull request #958: [NETBEANS-1074] Module review j2ee.sun.dd

[GitBox <gi...@apache.org>]

matthiasblaesing closed pull request #958: [NETBEANS-1074] Module review j2ee.sun.dd
URL: https://github.com/apache/incubator-netbeans/pull/958
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/enterprise/j2ee.sun.dd/build.xml b/enterprise/j2ee.sun.dd/build.xml
index 59ba398775..f1f188c88c 100644
--- a/enterprise/j2ee.sun.dd/build.xml
+++ b/enterprise/j2ee.sun.dd/build.xml
@@ -22,8 +22,4 @@
 <project basedir="." default="build" name="enterprise/j2ee.sun.dd">
   <import file="../../nbbuild/templates/projectized.xml"/>
 
-  <property name="j2ee.sun.dd.resources.dir" value="./src/org/netbeans/modules/j2ee/sun/dd/impl/"/>
-   <target name="build-init" depends="projectized.build-init">
-       <unzip src="external/j2ee.sun.dd-glassfish-ext-resources.zip" dest="${j2ee.sun.dd.resources.dir}"/> 
-   </target>
 </project>
diff --git a/enterprise/j2ee.sun.dd/external/binaries-list b/enterprise/j2ee.sun.dd/external/binaries-list
deleted file mode 100644
index 01d8657953..0000000000
--- a/enterprise/j2ee.sun.dd/external/binaries-list
+++ /dev/null
@@ -1 +0,0 @@
-23DE1086E264B98FC11800D0695589C083183F6A j2ee.sun.dd-glassfish-ext-resources.zip
diff --git a/enterprise/j2ee.sun.dd/external/j2ee.sun.dd-glassfish-license.txt b/enterprise/j2ee.sun.dd/external/j2ee.sun.dd-glassfish-license.txt
deleted file mode 100644
index 833a843cfe..0000000000
--- a/enterprise/j2ee.sun.dd/external/j2ee.sun.dd-glassfish-license.txt
+++ /dev/null
@@ -1,274 +0,0 @@
-COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL)Version 1.1
-
-1. Definitions.
-
-     1.1. "Contributor" means each individual or entity that creates or contributes to the creation of Modifications.
-
-     1.2. "Contributor Version" means the combination of the Original Software, prior Modifications used by a Contributor (if any), and the Modifications made by that particular Contributor.
-
-     1.3. "Covered Software" means (a) the Original Software, or (b) Modifications, or (c) the combination of files containing Original Software with files containing Modifications, in each case including portions thereof.
-
-     1.4. "Executable" means the Covered Software in any form other than Source Code.
-
-     1.5. "Initial Developer" means the individual or entity that first makes Original Software available under this License.
-
-     1.6. "Larger Work" means a work which combines Covered Software or portions thereof with code not governed by the terms of this License.
-
-     1.7. "License" means this document.
-
-     1.8. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein.
-
-     1.9. "Modifications" means the Source Code and Executable form of any of the following:
-
-     A. Any file that results from an addition to, deletion from or modification of the contents of a file containing Original Software or previous Modifications;
-
-     B. Any new file that contains any part of the Original Software or previous Modification; or
-
-     C. Any new file that is contributed or otherwise made available under the terms of this License.
-
-     1.10. "Original Software" means the Source Code and Executable form of computer software code that is originally released under this License.
-
-     1.11. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor.
-
-     1.12. "Source Code" means (a) the common form of computer software code in which modifications are made and (b) associated documentation included in or with such code.
-
-     1.13. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.
-
-2. License Grants.
-
-     2.1. The Initial Developer Grant.
-
-     Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, the Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license:
-
-     (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer, to use, reproduce, modify, display, perform, sublicense and distribute the Original Software (or portions thereof), with or without Modifications, and/or as part of a Larger Work; and
-
-     (b) under Patent Claims infringed by the making, using or selling of Original Software, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Software (or portions thereof).
-
-     (c) The licenses granted in Sections 2.1(a) and (b) are effective on the date Initial Developer first distributes or otherwise makes the Original Software available to a third party under the terms of this License.
-
-     (d) Notwithstanding Section 2.1(b) above, no patent license is granted: (1) for code that You delete from the Original Software, or (2) for infringements caused by: (i) the modification of the Original Software, or (ii) the combination of the Original Software with other software or devices.
-
-     2.2. Contributor Grant.
-
-     Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license:
-
-     (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof), either on an unmodified basis, with other Modifications, as Covered Software and/or as part of a Larger Work; and
-
-     (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: (1) Modifications made by that Contributor (or portions thereof); and (2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination).
-
-     (c) The licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first distributes or otherwise makes the Modifications available to a third party.
-
-     (d) Notwithstanding Section 2.2(b) above, no patent license is granted: (1) for any code that Contributor has deleted from the Contributor Version; (2) for infringements caused by: (i) third party modifications of Contributor Version, or (ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or (3) under Patent Claims infringed by Covered Software in the absence of Modifications made by that Contributor.
-
-3. Distribution Obligations.
-
-     3.1. Availability of Source Code.
-
-     Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License. You must include a copy of this License with every copy of the Source Code form of the Covered Software You distribute or otherwise make available. You must inform recipients of any such Covered Software in Executable form as to how they can obtain such Covered Software in Source Code form in a reasonable manner on or through a medium customarily used for software exchange.
-
-     3.2. Modifications.
-
-     The Modifications that You create or to which You contribute are governed by the terms of this License. You represent that You believe Your Modifications are Your original creation(s) and/or You have sufficient rights to grant the rights conveyed by this License.
-
-     3.3. Required Notices.
-
-     You must include a notice in each of Your Modifications that identifies You as the Contributor of the Modification. You may not remove or alter any copyright, patent or trademark notices contained within the Covered Software, or any notices of licensing or any descriptive text giving attribution to any Contributor or the Initial Developer.
-
-     3.4. Application of Additional Terms.
-
-     You may not offer or impose any terms on any Covered Software in Source Code form that alters or restricts the applicable version of this License or the recipients' rights hereunder. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, you may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear that any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer.
-
-     3.5. Distribution of Executable Versions.
-
-     You may distribute the Executable form of the Covered Software under the terms of this License or under the terms of a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable form does not attempt to limit or alter the recipient's rights in the Source Code form from the rights set forth in this License. If You distribute the Covered Software in Executable form under a different license, You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer.
-
-     3.6. Larger Works.
-
-     You may create a Larger Work by combining Covered Software with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Software.
-
-4. Versions of the License.
-
-     4.1. New Versions.
-
-     Oracle is the initial license steward and may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Except as provided in Section 4.3, no one other than the license steward has the right to modify this License.
-
-     4.2. Effect of New Versions.
-
-     You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. If the Initial Developer includes a notice in the Original Software prohibiting it from being distributed or otherwise made available under any subsequent version of the License, You must distribute and make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. Otherwise, You may also choose to use, distribute or otherwise make the Covered Software available under the terms of any subsequent version of the License published by the license steward.
-
-     4.3. Modified Versions.
-
-     When You are an Initial Developer and You want to create a new license for Your Original Software, You may create and use a modified version of this License if You: (a) rename the license and remove any references to the name of the license steward (except to note that the license differs from this License); and (b) otherwise make it clear that the license contains terms which differ from this License.
-
-5. DISCLAIMER OF WARRANTY.
-
-     COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
-
-6. TERMINATION.
-
-     6.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive.
-
-     6.2. If You assert a patent infringement claim (excluding declaratory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You assert such claim is referred to as "Participant") alleging that the Participant Software (meaning the Contributor Version where the Participant is a Contributor or the Original Software where the Participant is the Initial Developer) directly or indirectly infringes any patent, then any and all rights granted directly or indirectly to You by such Participant, the Initial Developer (if the Initial Developer is not the Participant) and all Contributors under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively and automatically at the expiration of such 60 day notice period, unless if within such 60 day period You withdraw Your claim with respect to the Participant Software against such Participant either unilaterally or pursuant to a written agreement with Participant.
-
-     6.3. If You assert a patent infringement claim against Participant alleging that the Participant Software directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license.
-
-     6.4. In the event of termination under Sections 6.1 or 6.2 above, all end user licenses that have been validly granted by You or any distributor hereunder prior to termination (excluding licenses granted to You by any distributor) shall survive termination.
-
-7. LIMITATION OF LIABILITY.
-
-     UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.
-
-8. U.S. GOVERNMENT END USERS.
-
-     The Covered Software is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" (as that term is defined at 48 C.F.R. ? 252.227-7014(a)(1)) and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Software with only those rights set forth herein. This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFAR, or other clause or provision that addresses Government rights in computer software under this License.
-
-9. MISCELLANEOUS.
-
-     This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by the law of the jurisdiction specified in a notice contained within the Original Software (except to the extent applicable law, if any, provides otherwise), excluding such jurisdiction's conflict-of-law provisions. Any litigation relating to this License shall be subject to the jurisdiction of the courts located in the jurisdiction and venue specified in a notice contained within the Original Software, with the losing party responsible for costs, including, without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. You agree that You alone are responsible for compliance with the United States export administration regulations (and the export control laws and regulation of any other countries) when You use, distribute or otherwise make available any Covered Software.
-
-10. RESPONSIBILITY FOR CLAIMS.
-
-     As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability.
-
-----------
-NOTICE PURSUANT TO SECTION 9 OF THE COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL)
-The code released under the CDDL shall be governed by the laws of the State of California (excluding conflict-of-law provisions). Any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California and the state courts of the State of California, with venue lying in Santa Clara County, California.
-
-
-
-
-The GNU General Public License (GPL) Version 2, June 1991
-
-
-Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
-
-Preamble
-
-The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.
-
-When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
-
-To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
-
-For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
-
-We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
-
-Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
-
-Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
-
-The precise terms and conditions for copying, distribution and modification follow.
-
-
-TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
-
-1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
-
-2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
-
-   a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
-
-   b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
-
-   c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
-
-3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
-
-   a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
-
-   b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
-
-   c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
-
-If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
-
-4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
-
-5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
-
-6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
-
-7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
-
-This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
-
-8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
-
-9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
-
-10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
-
-NO WARRANTY
-
-11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-END OF TERMS AND CONDITIONS
-
-
-How to Apply These Terms to Your New Programs
-
-If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
-
-To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
-
-   One line to give the program's name and a brief idea of what it does.
-
-   Copyright (C)
-
-   This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
-
-   Gnomovision version 69, Copyright (C) year name of author
-   Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:
-
-   Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-   signature of Ty Coon, 1 April 1989
-   Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.
-
-
-"CLASSPATH" EXCEPTION TO THE GPL VERSION 2
-
-Certain source files distributed by Oracle are subject to the following clarification and special exception to the GPL Version 2, but only where Oracle has expressly included in the particular source file's header the words "Oracle designates this particular file as subject to the "Classpath" exception as provided by Oracle in the License file that accompanied this code."
-
-Linking this library statically or dynamically with other modules is making a combined work based on this library.  Thus, the terms and conditions of the GNU General Public License Version 2 cover the whole combination.
-
-As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module.  An independent module is a module which is not derived from or based on this library.  If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so.  If you do not wish to do so, delete this exception statement from your version.
diff --git a/enterprise/j2ee.sun.dd/licenseinfo.xml b/enterprise/j2ee.sun.dd/licenseinfo.xml
new file mode 100644
index 0000000000..94dd900323
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/licenseinfo.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<licenseinfo>
+    <fileset>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_2.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application_6_0-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application-client_6_0-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-resources_1_5.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-web-app_3_0-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/static-verification_1_4.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_3-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_4-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_5_0-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_6_0-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_3-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_5_0-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_6_0-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_0-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_1-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_3.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_3-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-1.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_5-0.dtd</file>
+        <file>src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_3_0-0.dtd</file>
+        <license ref="CDDL-1.1" />
+        <comment type="CATEGORY_B" />
+    </fileset>
+</licenseinfo>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements.dtd
index 0aaeb8c53f..f4b9aa52d8 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements.dtd
@@ -1,3 +1,24 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
 <!-- This is a dummy element for S2B generation to hold onto -->
 <!ELEMENT dummy #PCDATA>
 
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_2_1-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_2_1-1.dtd
new file mode 100644
index 0000000000..0f88c03b90
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_2_1-1.dtd
@@ -0,0 +1,503 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+<!-- This is a dummy element for S2B generation to hold onto -->
+<!ELEMENT dummy #PCDATA>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+This node holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+This node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!ELEMENT default-resource-principal (name, password)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+
+<!--
+Information about a web service endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, 
+        transport-guarantee?, service-qname?, tie-class?, servlet-impl-class? )>
+
+<!--
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+Runtime information about a web service.
+wsdl-publish-location is optionally used to specify
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Port used in port-info.
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!--
+JAXRPC property values that should be set on a stub before it's returned to
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!--
+JAXRPC property values that should be set on a Call object before it's
+returned to the web service client.  The property names can be any
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This info is used only by studio plug-in;it is NOT the part of the orgianl DTD.
+Used by plugin to store parameters needed to execute an Application client.
+-->
+<!ELEMENT plugin-data ( auto-generate-sql?, client-jar-path?, client-args? )>
+<!ELEMENT auto-generate-sql (#PCDATA)>
+<!ELEMENT client-jar-path (#PCDATA)>
+<!ELEMENT client-args (#PCDATA)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+The text in this node is a jndi name.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+The name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+
+<!ELEMENT group-name (#PCDATA)>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+auth-method element describes the authentication method. The only supported value
+is USERNAME_PASSWORD
+-->
+<!ELEMENT auth-method ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application
+does not require any transport guarantees. A value of INTEGRAL means
+that the application requires that the data sent between the client
+and server be sent in such a way that it can't be changed in transit.
+CONFIDENTIAL means that the application requires that the data be
+transmitted in a fashion that prevents other entities from observing
+the contents of the transmission. In most cases, the presence of the
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  CDATA #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!ELEMENT method-params (method-param*)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_3_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_3_0-0.dtd
index 0a1bc08300..617d1d5111 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_3_0-0.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/common_elements_3_0-0.dtd
@@ -1,3 +1,24 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
 <!-- This is a dummy element for S2B generation to hold onto -->
 <!ELEMENT dummy #PCDATA>
 
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application-client_6_0-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application-client_6_0-1.dtd
new file mode 100644
index 0000000000..61f44ec6c3
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application-client_6_0-1.dtd
@@ -0,0 +1,554 @@
+<!--
+
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+    Copyright (c) 2010 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+    or packager/legal/LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at packager/legal/LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
+
+-->
+
+<!--
+  XML DTD for Glassfish Application Server specific Java EE Client Application
+  deployment descriptor. This is a companion DTD to application-client_6.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE glassfish-application-client PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Java EE Application Client 6.0//EN" "http://glassfish.org/dtds/glassfish-application-client_6_0-1.dtd">
+
+-->
+
+<!--
+glassfish-application-client is the root element describing all the runtime bindings of a single application client
+-->
+<!ELEMENT glassfish-application-client (ejb-ref*, resource-ref*, resource-env-ref*, service-ref*,
+	message-destination-ref*, message-destination*, java-web-start-access?, version-identifier?)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's
+destination.  Required for a Topic destination, if subscription-durability is set to
+Durable (in ejb-jar.xml)
+-->
+
+<!--
+  			W E B   S E R V I C E S
+-->
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*,
+		wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!--
+Port used in port-info.
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!--
+JAXRPC property values that should be set on a stub before it's returned to
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!--
+JAXRPC property values that should be set on a Call object before it's
+returned to the web service client.  The property names can be any
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!--
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used
+to accomplish the latter; in which case the specified
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config
+and thus the authentication provider that is to be used to satisfy
+the application specific message security requirements. If a value for
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used.
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced.
+
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes
+the message security requirements that pertain to the request and
+response messages of the containing endpoint. When contained within a
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element.
+
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security
+element apply to all the operations of the endpoint
+with the specified (and potentially overloaded) operation name.
+
+Default:
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class
+indicated by the context in which the java-method is contained.
+
+Default:
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default:
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default:
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ *
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ *
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default:
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+<!--
+                            J A V A   W E B   S T A R T    A C C E S S
+-->
+
+<!--
+The java-web-start-access element contains all information relevant to Java
+Web Start access to the app client.
+
+Note that all elements that support Java Web Start access appear below
+the java-web-start-access definition alphabetically by tag name.
+
+The context-root subelement allows the developer to specify what context root
+will be used for addressing the app client via Java Web Start.  If absent, the
+app server uses a default context root value.
+
+The eligible subelement allows the developer to control whether this app client
+should allow Java Web Start access.  If this value is false, then Java Web Start
+will never be allowed access.  Default: true.
+
+The vendor subelement allows the developer to specify the vendor name that Java
+Web Start should display to the end-user as the app client is downloaded and launched.
+
+The jnlp-doc subelement gives the developer a way to direct the generation of
+the JNLP document describing the app client launch.
+
+Used in: glassfish-application-client
+-->
+<!ELEMENT java-web-start-access (context-root?, eligible?, vendor?, jnlp-doc?)>
+
+<!--
+The context-root element allows the developer to specify the context root
+with which Java Web Start should access the app client.  The app server
+provides a default value if the developer omits this.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!--
+The eligible element allows the developer to indicate whether Java Web Start
+access should ever be permitted to launch this app client.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT eligible (#PCDATA)>
+
+<!--
+The vendor element allows the developer to indicate what vendor name Java Web Start
+should display in the splash screen as the app client is downloaded and/or launched.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT vendor (#PCDATA)>
+
+<!--
+The jnlp-doc element's href attribute refers to a JNLP file in the app
+client or in the EARwhich is merged with the generated JNLP to create the final
+JNLP which is used to launch the app client.  This href must be a relative
+URI
+
+Used in: java-web-start-access
+-->
+<!ELEMENT jnlp-doc EMPTY>
+<!ATTLIST jnlp-doc href CDATA #REQUIRED>
+
+<!--
+The version-identifier element contains the version information. The value is
+ retrieved at deployment.
+-->
+<!ELEMENT version-identifier (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application_6_0-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application_6_0-1.dtd
index 6e503f12fe..3eef710d87 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application_6_0-1.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-application_6_0-1.dtd
@@ -1,12 +1,43 @@
 <!--
-  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 
-  Copyright 2010 Oracle and/or its affiliates. All rights reserved.
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 
-Oracle and Java are registered trademarks of Oracle and/or its affiliates.
-Other names may be trademarks of their respective owners.
+    Copyright (c) 2010 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+    or packager/legal/LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at packager/legal/LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
 
-  Use is subject to License Terms
 -->
 
 <!--
@@ -22,7 +53,7 @@ Other names may be trademarks of their respective owners.
 <!--
 This is the root element of the runtime descriptor document.
 -->
-<!ELEMENT glassfish-application (web*, pass-by-reference?, unique-id?, security-role-mapping*, realm?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, message-destination*, archive-name?, compatibility?) >
+<!ELEMENT glassfish-application (web*, pass-by-reference?, unique-id?, security-role-mapping*, realm?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, message-destination*, archive-name?, compatibility?, keep-state?, version-identifier?) >
 
 <!ELEMENT web (web-uri, context-root)>
 <!ELEMENT web-uri (#PCDATA)>
@@ -499,3 +530,15 @@ visible to various modules within an EAR file. Setting this element to v2
 removes these Java EE 6 restrictions.
 -->
 <!ELEMENT compatibility (#PCDATA)>
+
+<!--
+The keep-state element indicates whether the state information should be
+preserved across redeployment.
+-->
+<!ELEMENT keep-state (#PCDATA)>
+
+<!--
+The version-identifier element contains the version information. The value is
+ retrieved at deployment.
+-->
+<!ELEMENT version-identifier (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.dtd
new file mode 100644
index 0000000000..c3a3c0c425
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.dtd
@@ -0,0 +1,1186 @@
+<!--
+
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+    Copyright (c) 2010 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+    or packager/legal/LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at packager/legal/LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
+
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_3_1.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE glassfish-ejb-jar PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 EJB 3.1//EN" "http://glassfish.org/dtds/glassfish-ejb-jar_3_1-1.dtd">
+
+-->
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT glassfish-ejb-jar (security-role-mapping*, enterprise-beans, compatibility?, disable-nonportable-jndi-names?, keep-state?, version-identifier?) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?,
+	message-destination*, webservice-description*, property*)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, message-destination-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?, service-ref*
+
+Additional properties applicable to a stateless session bean:
+    bean-pool, webservice-endpoint
+
+Additional properties applicable to a stateful session bean:
+    bean-cache, webservice-endpoint, checkpointed-methods?, checkpoint-at-end-of-method?
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?, flush-at-end-of-method?
+
+Additional properties applicable to a message-driven bean:
+   mdb-resource-adapter?, mdb-connection-factory?, jms-durable-subscription-name?, 
+   jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, cmt-timeout-in-seconds?, use-thread-pool-id?, gen-classes?, 
+               bean-pool?, bean-cache?, mdb-resource-adapter?, webservice-endpoint*, flush-at-end-of-method?, checkpointed-methods?, checkpoint-at-end-of-method?, per-request-load-balancing?)>
+
+<!-- 
+This attribute is only applicable for stateful session bean 
+-->
+<!ATTLIST ejb availability-enabled CDATA #IMPLIED>
+
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+
+Used in ejb, method
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This element contains a true/false flag that controls the per-request load balancing
+behavior of EJB 2.x/3.x Remote client invocations on a stateless session bean. If set
+to true, per-request load balancing is enabled for the associated stateless session
+bean.  If set to false or not set, per-request load balancing is not enabled. 
+-->
+<!ELEMENT per-request-load-balancing (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+It is used for both ejb remote reference and ejb local reference.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?, prefetch-disabled?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This element in deprecated. It has been left in the DTD for validation purposes.
+Any value will be ignored by the runtime.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This element allows to selectively disable relationship prefetching for finders of a bean.
+Used in: cmp
+-->
+<!ELEMENT prefetch-disabled (query-method+)>
+
+<!--
+Used in: prefetch-disabled
+-->
+<!ELEMENT query-method (method-name, method-params)>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?,  query-ordering?)>
+
+<!--
+The method-name element contains a name of an enterprise bean method
+or the asterisk (*) character. The asterisk is used when the element
+denotes all the methods of an enterprise bean's component and home
+interfaces.
+
+Used in: method, finder, query-method, java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This optional element contains the ordering specification for CMP 1.1 finder.
+-->
+
+<!ELEMENT query-ordering (#PCDATA)>
+
+<!--
+This element identifies the database and the policy for processing CMP beans
+storage. The jndi-name element identifies either the persistence-manager-
+factory-resource or the jdbc-resource as defined in the server configuration.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?, property*,
+        create-tables-at-deploy?, drop-tables-at-undeploy?,
+        database-vendor-name?, schema-generator-properties?)>
+
+<!--
+This element contains the override properties for the schema generation 
+from CMP beans in this module.
+-->
+<!ELEMENT schema-generator-properties (property*) >
+
+<!--
+This element specifies whether automatic creation of tables for the CMP beans 
+is done at module deployment. Acceptable values are true or false
+-->
+<!ELEMENT create-tables-at-deploy ( #PCDATA )>
+
+<!--
+This element specifies whether automatic dropping of tables for the CMP beans 
+is done at module undeployment. Acceptabel values are true of false
+-->
+<!ELEMENT drop-tables-at-undeploy ( #PCDATA )>
+
+<!--
+This element specifies the database vendor name for ddl files generated at
+module deployment. Default is SQL92.
+-->
+<!ELEMENT database-vendor-name ( #PCDATA )>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+Support backward compatibility with AS7.1
+Now deprecated in 8.1 and later releases 
+Use checkpoint-at-end-of-method element instead
+
+The methods should be separated by semicolons. 
+The param list should separated by commas.  
+All method param types should be full qualified.
+Variable name is allowed for the param type.
+No return type or exception type.
+Example:
+foo(java.lang.String, a.b.c d); bar(java.lang.String s)
+
+Used in: ejb
+-->
+<!ELEMENT checkpointed-methods (#PCDATA)>
+
+<!--
+The equivalent element of checkpointed-methods for 8.1 and later releases
+
+Used in: ejb
+-->
+<!ELEMENT checkpoint-at-end-of-method (method+)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the timeout for transactions started by the container. This value must be greater than zero, else it will be ignored by the container.
+-->
+<!ELEMENT cmt-timeout-in-seconds (#PCDATA)>
+
+<!--
+Specifes the thread pool that will be used to process any invocation on this ejb
+-->
+<!ELEMENT use-thread-pool-id (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method.
+For CSIv2, the only supported value is USERNAME_PASSWORD.
+For EJB web service endpoint, supported values are BASIC and CLIENT-CERT.
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at glassfish-application.xml, it can apply to all the enclosed 
+ejb modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!--
+PM descriptors contain one or more pm descriptors, but only one of them must
+be in use at any given time. If not specified, the Sun CMP is used.
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the pluggable vendor implementation for the CMP 
+support of the CMP entity beans in this module.
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator?, pm-mapping-factory?)>
+
+<!--
+pm-identifier element identifies the vendor who provides the CMP implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific class generator to be used
+at the module deploymant time. This is the name of the class specific to this 
+vendor.
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor.
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-inuse specifies which CMP vendor is used.
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
+
+<!--
+This holds the runtime configuration properties of the message-driven bean 
+in its operation environment.  For example, this may include information 
+about the name of a physical JMS destination etc.
+Defined this way to match the activation-config on the standard
+deployment descriptor for message-driven bean.
+-->
+<!ELEMENT activation-config ( description?, activation-config-property+ ) >
+
+<!--
+provide an element description
+
+Used in activation-config, method
+-->
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This hold a particular activation config propery name-value pair
+-->
+<!ELEMENT activation-config-property ( 
+  activation-config-property-name, activation-config-property-value ) >
+
+<!--
+This holds the name of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-name ( #PCDATA ) >
+
+<!--
+This holds the value of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-value ( #PCDATA ) >
+
+<!--
+This node holds the module ID of the resource adapter that
+is responsible for delivering messages to the message-driven
+bean, as well as the runtime configuration information for
+the mdb.
+-->
+<!ELEMENT mdb-resource-adapter ( resource-adapter-mid, activation-config? )>
+
+<!--
+This node holds the module ID of the resource adapter that is responsible 
+for delivering messages to the message-driven bean.
+-->
+<!ELEMENT resource-adapter-mid ( #PCDATA ) >
+
+<!-- 
+Generic name-value pairs property
+-->
+<!ELEMENT property ( name, value ) >
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+This declares the list of methods that would be allowed to be flushed at the 
+completion of the method. Applicable to entity beans with container managed 
+persistence
+
+Used in: ejb
+-->
+<!ELEMENT flush-at-end-of-method (method+)>
+
+
+<!--
+Used in: flush-at-end-of-method, checkpoint-at-end-of-method, prefetch-disabled
+-->
+<!ELEMENT method (description?, ejb-name?, method-name, method-intf?, method-params?)>
+
+
+<!--
+The method-intf element allows a method element to differentiate
+between the methods with the same name and signature that are multiply
+defined across the component and home interfaces (e.g., in both an
+enterprise bean's remote and local interfaces; in both an enterprise bean's
+home and remote interfaces, etc.)
+
+The method-intf element must be one of the following:
+	<method-intf>Home</method-intf>
+	<method-intf>Remote</method-intf>
+	<method-intf>LocalHome</method-intf>
+	<method-intf>Local</method-intf>
+
+Used in: method
+-->
+<!ELEMENT method-intf (#PCDATA)>
+
+
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: method, query-method, java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+
+<!--
+  			W E B   S E R V I C E S 
+-->
+<!--
+Information about a web service endpoint.
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method, realm? )>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should 
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application 
+does not require any transport guarantees. A value of INTEGRAL means 
+that the application requires that the data sent between the client 
+and server be sent in such a way that it can't be changed in transit. 
+CONFIDENTIAL means that the application requires that the data be 
+transmitted in a fashion that prevents other entities from observing 
+the contents of the transmission. In most cases, the presence of the 
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is 
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-config elements.
+
+Used in: message-security-config
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+Specifies the Enterprise Server release with which to be backward compatible
+in terms of JAR visibility requirements for applications.
+The current allowed value is v2, which refers to GlassFish version 2 or
+Enterprise Server version 9.1 or 9.1.1. The Java EE 6 platform specification
+imposes stricter requirements than Java EE 5 did on which JAR files can be 
+visible to various modules. Setting this element to v2
+removes these Java EE 6 restrictions.
+-->
+<!ELEMENT compatibility (#PCDATA)>
+
+<!--
+The disable-nonportable-jndi-names element indicates whether the GlassFish-
+specific, nonportable jndi names for EJB are disabled.  Acceptable values
+are true and false.  The default value is false.
+-->
+<!ELEMENT disable-nonportable-jndi-names (#PCDATA)>
+
+<!--
+The keep-state element indicates whether the state information should be 
+preserved across redeployment.
+-->
+<!ELEMENT keep-state (#PCDATA)>
+
+<!--
+The version-identifier element contains the version information. The value is
+ retrieved at deployment.
+-->
+<!ELEMENT version-identifier (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.mdd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.mdd
index 283a4315c8..f70fa28d15 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.mdd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-ejb-jar_3_1-1.mdd
@@ -56,7 +56,7 @@
 		<dtd-name>enterprise-beans</dtd-name>
 		<bean-name>EnterpriseBeans</bean-name>
 		<implements>org.netbeans.modules.j2ee.sun.dd.api.ejb.EnterpriseBeans</implements>
-                <user-code>
+                <!--<user-code>
                     public void setPropertyElement(int index, org.netbeans.modules.j2ee.sun.dd.api.ejb.PropertyElement value) throws VersionNotSupportedException {
                         throw new org.netbeans.modules.j2ee.sun.dd.api.VersionNotSupportedException(GlassFishEjbJar.VERSION_3_1_1);
                     }
@@ -81,7 +81,7 @@
                     public org.netbeans.modules.j2ee.sun.dd.api.ejb.PropertyElement newPropertyElement() throws VersionNotSupportedException {
                         throw new org.netbeans.modules.j2ee.sun.dd.api.VersionNotSupportedException(GlassFishEjbJar.VERSION_3_1_1);
                     }
-                </user-code>
+                </user-code>-->
 	</meta-element>
 	<meta-element>
 		<dtd-name>name</dtd-name>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-resources_1_5.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-resources_1_5.dtd
new file mode 100644
index 0000000000..47608ef322
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-resources_1_5.dtd
@@ -0,0 +1,866 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+    Copyright (c) 2010 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+    or packager/legal/LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at packager/legal/LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
+
+-->
+
+<!--  
+  A resources instance document referring to this DTD should have a DOCTYPE as follows:
+ <!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">-->
+<!-- ENTITIES -->
+<!-- boolean
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,
+    work-security-map              
+-->
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- isolation
+
+  Used in:
+    jdbc-connection-pool                                              
+-->
+<!ENTITY % isolation
+    "(read-uncommitted | read-committed | repeatable-read | serializable)">    
+
+
+<!-- object-type
+    defines the type of the resource. It can be:                      
+    system-all                                                                 
+        These are system resources for all instances and DAS          
+    system-admin                                                               
+        These are system resources only in DAS                        
+    system-instance                                                            
+        These are system resources only in instances (and not DAS)    
+    user                                                                       
+        User resources (This is the default for all elements)         
+
+  Used in:
+    admin-object-resource, connector-resource, custom-resource,       
+    external-jndi-resource, jdbc-resource, mail-resource,             
+    resource-adapter-config, work-security-map     
+-->
+<!ENTITY % object-type "(system-all | system-admin | system-instance | user)">
+
+<!-- ELEMENTS -->
+
+<!-- resources
+    J2EE Applications look up resources registered with the           
+    Application server, using portable JNDI names.                    
+-->
+<!ELEMENT resources
+    ((custom-resource | external-jndi-resource | jdbc-resource | mail-resource 
+    | admin-object-resource | connector-resource
+    | resource-adapter-config | jdbc-connection-pool      
+    | connector-connection-pool | work-security-map)*)>                                              
+
+
+
+<!-- description
+    Textual description of a configured entity                        
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    work-security-map, property                    
+-->
+<!ELEMENT description (#PCDATA)>
+
+
+<!-- custom-resource
+    custom (or generic) resource managed by a user-written factory    
+    class.                                                            
+
+  attributes
+    jndi-name                                                                  
+        JNDI name for generic resource, the fully qualified type of   
+        the resource and whether it is enabled at runtime             
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT custom-resource (description?, property*)>
+
+<!ATTLIST custom-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- external-jndi-resource
+    resource residing in an external JNDI repository                  
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT external-jndi-resource (description?, property*)>
+
+<!ATTLIST external-jndi-resource
+    jndi-name CDATA #REQUIRED
+    jndi-lookup-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- jdbc-resource
+    JDBC javax.sql.(XA)DataSource resource definition                 
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT jdbc-resource (description?, property*)>
+
+<!ATTLIST jdbc-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- mail-resource
+    The mail-resource element describes a javax.mail.Session resource 
+
+  attributes
+    host                                                                       
+        ip V6 or V4 address or hostname.                              
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT mail-resource (description?, property*)>
+
+<!ATTLIST mail-resource
+    jndi-name CDATA #REQUIRED
+    store-protocol CDATA "imap"
+    store-protocol-class CDATA "com.sun.mail.imap.IMAPStore"
+    transport-protocol CDATA "smtp"
+    transport-protocol-class CDATA "com.sun.mail.smtp.SMTPTransport"
+    host CDATA #REQUIRED
+    user CDATA #REQUIRED
+    from CDATA #REQUIRED
+    debug %boolean; "false"
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+<!-- admin-object-resource
+    The admin-object-resource element describes a administered object 
+    for a inbound resource adapter.                                   
+
+  attributes
+    jndi-name                                                                  
+        JNDI name for this resource                                   
+    res-adapter                                                                
+        Name of the inbound resource adapter.                         
+    res-type                                                                   
+        Interface definition for the administered object              
+    class-name
+        admin-object class-name (when more than one implementation class
+        is specified for same res-type in the resource-adapter,
+        class-name must be specified)
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT admin-object-resource (description?, property*)>
+
+<!ATTLIST admin-object-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    class-name CDATA #IMPLIED
+    res-adapter CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- connector-resource
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT connector-resource (description?, property*)>
+
+<!ATTLIST connector-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- resource-adapter-config
+    This element is for configuring the resource adapter. These       
+    values (properties) over-rides the default values present in      
+    ra.xml. The name attribute has to be unique . It is optional for  
+    PE. It is used mainly for EE.                                     
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT resource-adapter-config (property*)>
+
+<!ATTLIST resource-adapter-config
+    name CDATA #IMPLIED
+    thread-pool-ids CDATA #IMPLIED
+    object-type %object-type; "user"
+    resource-adapter-name CDATA #REQUIRED>
+
+
+<!-- jdbc-connection-pool
+    jdbc-connection-pool defines configuration used to create and     
+    manage a pool physical database connections. Pool definition is   
+    named, and can be referred to by multiple jdbc-resource elements  
+    (See <jdbc-resource>).                                            
+
+    Each named pool definition results in a pool instantiated at server        
+    start-up. Pool is populated when accessed for the first time. If two or    
+    more jdbc-resource elements point to the same jdbc-connection-pool         
+    element, they are using the same pool of connections, at run time.         
+
+
+  children
+    property                                                                   
+        Most JDBC 2.0 drivers permit use of standard property lists,  
+        to specify User, Password and other resource configuration.   
+        While these are optional properties, according to the         
+        specification, several of these properties may be necessary   
+        for most databases. See Section 5.3 of JDBC 2.0 Standard      
+        Extension API.                                                
+
+        The following are the names and corresponding values for these         
+        properties                                                             
+
+        databaseName                                                           
+            Name of the Database                                      
+        serverName                                                             
+            Database Server name.                                     
+        port                                                                   
+            Port where a Database server is listening for requests.   
+        networkProtocol                                                        
+            Communication Protocol used.                              
+        user                                                                   
+            default name of the database user with which connections  
+            will be stablished. Programmatic database authentication  
+            or default-resource-principal specified in vendor         
+            specific web and ejb deployment descriptors will take     
+            precedence, over this default. The details and caveats    
+            are described in detail in the Administrator's guide.     
+        password                                                               
+            password for default database user                        
+        roleName                                                               
+            The initial SQL role name.                                
+        datasourceName                                                         
+            used to name an underlying XADataSource, or               
+            ConnectionPoolDataSource when pooling of connections is   
+            done                                                      
+        description                                                            
+            Textual Description                                       
+
+        When one or more of these properties are specified, they are passed as 
+        is using set<Name>(<Value>) methods to the vendors Datasource class    
+        (specified in datasource-classname). User and Password properties are  
+        used as default principal, if Container Managed authentication is      
+        specified and a default-resource-principal is not found in application 
+        deployment descriptors.                                                
+
+
+  attributes
+    allow-non-component-callers                                                
+        A pool with this property set to true, can be used by         
+        non-J2EE components (i.e components other than EJBs or        
+        Servlets). The returned connection is enlisted automatically  
+        with the transaction context obtained from the transaction    
+        manager. This property is to enable the pool to be used by    
+        non-component callers such as ServletFilters, Lifecycle       
+        modules, and 3rd party persistence managers. Standard J2EE    
+        components can continue to use such pools. Connections        
+        obtained by non-component callers are not automatically       
+        cleaned at the end of a transaction by the container. They    
+        need to be explicitly closed by the the caller.               
+    associate-with-thread                                                      
+        Associate a connection with the thread such that when the     
+        same thread is in need of a connection, it can reuse the      
+        connection already associated with that thread, thereby not   
+        incurring the overhead of getting a connection from the pool. 
+        Default value is false.                                       
+    connection-creation-retry-attempts                                         
+        The number of attempts to create a new connection. Default is 
+        0, which implies no retries.                                  
+    connection-creation-retry-interval-in-seconds                              
+        The time interval between retries while attempting to create  
+        a connection. Default is 10 seconds. Effective when           
+        connection-creation-retry-attempts is greater than 0.         
+    connection-leak-reclaim                                                    
+        If enabled, connection will be reusable (put back into pool)  
+        after connection-leak-timeout-in-seconds occurs. Default      
+        value is false.                                               
+    connection-leak-timeout-in-seconds                                         
+        To aid user in detecting potential connection leaks by the    
+        application. When a connection is not returned back to the    
+        pool by the application within the specified period, it is    
+        assumed to be a potential leak and stack trace of the caller  
+        will be logged. Default is 0, which implies there is no leak  
+        detection, by default. A positive non-zero value turns on     
+        leak detection. Note however that, this attribute only        
+        detects if there is a connection leak. The connection can be  
+        reclaimed only if connection-leak-reclaim is set to true.     
+    connection-validation-method                                               
+        specifies the type of validation to be performed when         
+        is-connection-validation-required is true. Default value of
+	this attribute is table. (see validation-table-name). The following      
+        types of validation are supported:                            
+        auto-commit                                                            
+            using connection.autoCommit()                             
+        meta-data                                                              
+            using connection.getMetaData()                            
+        table                                                                  
+            performing a query on a user specified table (see         
+            validation-table-name).                           
+        custom-validation
+            validation based on user specified validation mechanism (see
+            validation-classname).
+    datasource-classname                                                       
+        Name of the vendor supplied JDBC datasource resource manager. 
+        An XA or global transactions capable datasource class will    
+        implement javax.sql.XADatasource interface. Non XA or Local   
+        transactions only datasources will implement                  
+        javax.sql.Datasource interface.                               
+    driver-classname
+        Name of the vendor supplied JDBC driver class name. The 
+        specified driver should implement the java.sql.Driver interface.	
+    fail-all-connections                                                       
+        indicates if all connections in the pool must be closed       
+        should a single validation check fail. The default is false.  
+        One attempt will be made to re-establish failed connections.  
+    idle-timeout-in-seconds                                                    
+        maximum time in seconds, that a connection can remain idle in 
+        the pool. After this time, the pool implementation can close  
+        this connection. Note that this does not control connection   
+        timeouts enforced at the database server side. Adminsitrators 
+        are advised to keep this timeout shorter than the database    
+        server side timeout (if such timeouts are configured on the   
+        specific vendor's database), to prevent accumulation of       
+        unusable connection in Application Server.                    
+    init-sql
+        Used to specify a SQL string by the user, to be executed 
+        whenever a connection is created from the pool (not the 
+        connections that are reused). This is executed to initialize
+        the state of the connection.
+        This is an optional attribute and should carry a value when 
+        a initialization SQL is to be executed.
+    is-connection-validation-required                                          
+        if true, connections are validated (checked to find out if    
+        they are usable) before giving out to the application. The    
+        default is false.                                             
+    is-isolation-level-guaranteed                                              
+        Applicable only when a particular isolation level is          
+        specified for transaction-isolation-level. The default value  
+        is true. This assures that every time a connection is         
+        obtained from the pool, it is guaranteed to have the          
+        isolation set to the desired value. This could have some      
+        performance impact on some JDBC drivers. Can be set to false  
+        by that administrator when they are certain that the          
+        application does not change the isolation level before        
+        returning the connection.                                     
+    lazy-connection-association                                                
+        Connections are lazily associated when an operation is        
+        performed on them. Also, they are disassociated when the      
+        transaction is completed and a component method ends, which   
+        helps reuse of the physical connections. Default value is     
+        false.                                                        
+    lazy-connection-enlistment                                                 
+        Enlist a resource to the transaction only when it is actually 
+        used in a method, which avoids enlistment of connections that 
+        are not used in a transaction. This also prevents unnecessary 
+        enlistment of connections cached in the calling components.   
+        Default value is false.                                       
+    match-connections                                                          
+        To switch on/off connection matching for the pool. It can be  
+        set to false if the administrator knows that the connections  
+        in the pool will always be homogeneous and hence a connection 
+        picked from the pool need not be matched by the resource      
+        adapter. Default value is false.                              
+    max-connection-usage-count                                                 
+        When specified, connections will be re-used by the pool for   
+        the specified number of times after which it will be closed.  
+        This is useful for instance, to avoid statement-leaks.        
+        Default value is 0, which implies the feature is not enabled. 
+    max-pool-size                                                              
+        maximum number of conections that can be created              
+    max-wait-time-in-millis                                                    
+        amount of time the caller will wait before getting a          
+        connection timeout. The default is 60 seconds. A value of 0   
+        will force caller to wait indefinitely.                       
+    name                                                                       
+        unique name of the pool definition.                           
+    non-transactional-connections                                              
+        A pool with this property set to true returns                 
+        non-transactional connections. This connection does not get   
+        automatically enlisted with the transaction manager.          
+    ping
+        A pool with this attribute set to true is pinged during the pool
+        creation or reconfiguration to identify and warn of any erroneous
+        values for the its attributes. Default value of this attribute 
+        is false.
+    pool-resize-quantity                                                       
+        number of connections to be removed when                      
+        idle-timeout-in-seconds timer expires. Connections that have  
+        idled for longer than the timeout are candidates for removal. 
+        When the pool size reaches steady-pool-size, the connection   
+        removal stops.                                                
+    pooling
+        When set to false, this attribute disables connection pooling. 
+        Default value of this attribute is true.
+    res-type                                                                   
+        DataSource implementation class could implement one of of     
+        javax.sql.DataSource, javax.sql.XADataSource or               
+        javax.sql.ConnectionPoolDataSource interfaces. To support 
+        configuration of JDBC drivers and applications that use
+        java.sql.Driver implementations, set this attribute to
+        java.sql.Driver. This optional attribute must be specified to 
+	disambiguate when a Datasource class implements two or more of 
+	these interfaces or when a driver classname is to be provided. 
+	An error is produced when this attribute has a legal value and the        
+        indicated interface is not implemented by the datasource      
+        class. This attribute has no default value. (see also driver-classname).
+    sql-trace-listeners
+        Used to set if the SQL statements executed by applications need to be traced, 
+	enabling easy filtering of SQL statements executed as log messages. 
+        Aids administrators in analysing the statements. Multiple listeners can be
+        specified as comma separated list of listener implementation class names,
+	to enable different means of recording the SQL trace records.
+    statement-cache-size
+        Specifies the number of statements to be cached. The only cache
+	eviction strategy supported in this release is "Least Recently Used".
+	The default value is 0 and statement caching is not enabled. Specify a
+	non-zero integer value to enable statement caching.
+    statement-timeout-in-seconds                                               
+        Sets the timeout property of a connection to enable           
+        termination of abnormally long running queries. Default value 
+        of -1 implies that it is not enabled.                         
+    statement-leak-reclaim
+        If enabled, statement is reclaimed after the statement-leak-timeout-
+        in-seconds occurs. Default value is false.
+    statement-leak-timeout-in-seconds                                               
+        To aid user in detecting the statement leaks by applications.
+        When a statement is not closed by the application within the specified
+        period, it is assumed to be a statement leak. Default is 0, which 
+        implies there is no statement leak detection, by default. A 
+        positive non-zero value turns on statement leak detection.
+        Note however that, this attribute only detects if there is
+        a statement leak. The statement can be reclaimed only is
+        statement-leak-reclaim is set to true.     
+    steady-pool-size                                                           
+        minimum and initial number of connections maintained in the   
+        pool.                                                         
+    transaction-isolation-level                                                
+        Specifies the Transaction Isolation Level on the pooled       
+        database connections. Optional. Has no default. If left       
+        unspecified the pool operates with default isolation level    
+        provided by the JDBC Driver. A desired isolation level can be 
+        set using one of the standard transaction isolation levels,   
+        which see.                                                    
+
+        Applications that change the Isolation level on a pooled connection    
+        programmatically, risk polluting the pool and this could lead to       
+        program errors. Also see: is-isolation-level-guaranteed                
+
+    validate-atmost-once-period-in-seconds                                     
+        Used to set the time-interval within which a connection is    
+        validated atmost once. Default is 0 which implies that it is  
+        not enabled. TBD: Documentation is to be corrected.           
+    validation-classname
+        Specifies the custom validation implementation class name to be used
+	for validation. This parameter is mandatory if the 
+	connection-validation-type is set to custom-validation. The specified
+	class must implement the org.glassfish.api.jdbc.ConnectionValidation
+	interface and must be accessible by the application server.
+    validation-table-name                                                      
+        specifies the table name to be used to perform a query to     
+        validate a connection. This parameter is mandatory, if        
+	is-connection-validation-required is set to true and 
+	connection-validation-type set to table. Verification by      
+        accessing a user specified table may become necessary for     
+        connection validation, particularly if database driver caches 
+        calls to setAutoCommit() and getMetaData().                   
+    wrap-jdbc-objects                                                          
+        When set to true, application will get wrapped jdbc objects   
+        for Statement, PreparedStatement, CallableStatement,          
+        ResultSet, DatabaseMetaData. Defaults to true.               
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT jdbc-connection-pool (description?, property*)>
+
+<!ATTLIST jdbc-connection-pool
+    name CDATA #REQUIRED
+    datasource-classname CDATA #IMPLIED
+    res-type (javax.sql.DataSource | javax.sql.XADataSource | javax.sql.ConnectionPoolDataSource | java.sql.Driver) #IMPLIED
+    driver-classname CDATA #IMPLIED
+    ping %boolean; "false"   
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    transaction-isolation-level %isolation; #IMPLIED
+    is-isolation-level-guaranteed %boolean; "true"
+    is-connection-validation-required %boolean; "false"
+    connection-validation-method (auto-commit | meta-data | table | custom-validation) "table"
+    validation-table-name CDATA #IMPLIED
+    validation-classname CDATA #IMPLIED
+    init-sql CDATA #IMPLIED	      
+    fail-all-connections %boolean; "false"
+    non-transactional-connections %boolean; "false"
+    allow-non-component-callers %boolean; "false"
+    validate-atmost-once-period-in-seconds CDATA "0"
+    connection-leak-timeout-in-seconds CDATA "0"
+    connection-leak-reclaim %boolean; "false"
+    connection-creation-retry-attempts CDATA "0"
+    connection-creation-retry-interval-in-seconds CDATA "10"
+    statement-leak-timeout-in-seconds CDATA "0"
+    statement-leak-reclaim %boolean; "false"
+    statement-timeout-in-seconds CDATA "-1"
+    lazy-connection-enlistment %boolean; "false"
+    lazy-connection-association %boolean; "false"
+    associate-with-thread %boolean; "false"
+    match-connections %boolean; "false"
+    max-connection-usage-count CDATA "0"
+    sql-trace-listeners CDATA #IMPLIED 
+    statement-cache-size CDATA "0"
+    pooling %boolean; "true"
+    wrap-jdbc-objects %boolean; "true">
+
+
+<!-- connector-connection-pool
+    connector-connection-pool defines configuration used to create    
+    and manage a pool of connections to a EIS. Pool definition is     
+    named, and can be referred to by multiple connector-resource      
+    elements (See connector-resource).                                
+
+    Each named pool definition results in a pool instantiated at server        
+    start-up. Pool is populated when accessed for the first time. If two or    
+    more connector-resource elements point to the same                         
+    connector-connection-pool element, they are using the same pool of         
+    connections, at run time.                                                  
+
+    There can be more than one pool for one connection-definition in one       
+    resource-adapter.                                                          
+
+
+  children
+    property                                                                   
+        Properties are used to override the ManagedConnectionFactory  
+        javabean configuration settings.                              
+
+        When one or more of these properties are specified, they are passed as 
+        is using set<Name>(<Value>) methods to the Resource Adapter's          
+        ManagedConnectionfactory class (specified in ra.xml).                  
+
+
+  attributes
+    associate-with-thread                                                      
+        Associate a connection with the thread such that when the     
+        same thread is in need of a connection, it can reuse the      
+        connection already associated with that thread, thereby not   
+        incurring the overhead of getting a connection from the pool. 
+        Default value is false.                                       
+    connection-creation-retry-attempts                                         
+        The number of attempts to create a new connection. Default is 
+        0, which implies no retries.                                  
+    connection-creation-retry-interval-in-seconds                              
+        The time interval between retries while attempting to create  
+        a connection. Default is 10 seconds. Effective when           
+        connection-creation-retry-attempts is greater than 0.         
+    connection-definition-name                                                 
+        unique name, identifying one connection-definition in a       
+        Resource Adapter. Currently this is ConnectionFactory type.   
+    connection-leak-reclaim                                                    
+        If enabled, connection will be reusable (put back into pool)  
+        after connection-leak-timeout-in-seconds occurs. Default      
+        value is false.                                               
+    connection-leak-timeout-in-seconds                                         
+        To aid user in detecting potential connection leaks by the    
+        application. When a connection is not returned back to the    
+        pool by the application within the specified period, it is    
+        assumed to be a potential leak and stack trace of the caller  
+        will be logged. Default is 0, which implies there is no leak  
+        detection, by default. A positive non-zero value turns on     
+        leak detection. Note however that, this attribute only        
+        detects if there is a connection leak. The connection can be  
+        reclaimed only if connection-leak-reclaim is set to true.     
+    fail-all-connections                                                       
+        indicates if all connections in the pool must be closed       
+        should a single connection fail validation. The default is    
+        false. One attempt will be made to re-establish failed        
+        connections.                                                  
+    idle-timeout-in-seconds                                                    
+        maximum time in seconds, that a connection can remain idle in 
+        the pool. After this time, the pool implementation can close  
+        this connection. Note that this does not control connection   
+        timeouts enforced at the database server side. Adminsitrators 
+        are advised to keep this timeout shorter than the EIS         
+        connection timeout (if such timeouts are configured on the    
+        specific EIS), to prevent accumulation of unusable connection 
+        in Application Server.                                        
+    is-connection-validation-required                                          
+        This attribute specifies if the connection that is about to   
+        be returned is to be validated by the container,              
+    lazy-connection-association                                                
+        Connections are lazily associated when an operation is        
+        performed on them. Also, they are disassociated when the      
+        transaction is completed and a component method ends, which   
+        helps reuse of the physical connections. Default value is     
+        false.                                                        
+    lazy-connection-enlistment                                                 
+        Enlist a resource to the transaction only when it is actually 
+        used in a method, which avoids enlistment of connections that 
+        are not used in a transaction. This also prevents unnecessary 
+        enlistment of connections cached in the calling components.   
+        Default value is false.                                       
+    match-connections                                                          
+        To switch on/off connection matching for the pool. It can be  
+        set to false if the administrator knows that the connections  
+        in the pool will always be homogeneous and hence a connection 
+        picked from the pool need not be matched by the resource      
+        adapter. Default value is true.                               
+    max-connection-usage-count                                                 
+        When specified, connections will be re-used by the pool for   
+        the specified number of times after which it will be closed.  
+        This is useful for instance, to avoid statement-leaks.        
+        Default value is 0, which implies the feature is not enabled. 
+    max-pool-size                                                              
+        maximum number of conections that can be created              
+    max-wait-time-in-millis                                                    
+        amount of time the caller will wait before getting a          
+        connection timeout. The default is 60 seconds. A value of 0   
+        will force caller to wait indefinitely.                       
+    name                                                                       
+        unique name of the pool definition.                           
+    ping
+        A pool with this attribute set to true is pinged during the pool
+        creation or reconfiguration to identify and warn of any erroneous
+        values for the its attributes. Default value of this attribute 
+        is false.
+    pool-resize-quantity                                                       
+        number of connections to be removed when                      
+        idle-timeout-in-seconds timer expires. Connections that have  
+        idled for longer than the timeout are candidates for removal. 
+        When the pool size reaches steady-pool-size, the connection   
+        removal stops.                                                
+    pooling
+       When set to false, this attribute disables connection pooling.
+       Default value of this attribute is true.	
+    resource-adapter-name                                                      
+        This is the name of resource adapter. Name of .rar file is    
+        taken as the unique name for the resource adapter.            
+    steady-pool-size                                                           
+        minimum and initial number of connections maintained in the   
+        pool.                                                         
+    transaction-support                                                        
+        Indicates the level of transaction support that this pool     
+        will have. Possible values are "XATransaction",               
+        "LocalTransaction" and "NoTransaction". This attribute will   
+        override that transaction support attribute in the Resource   
+        Adapter in a downward compatible way, i.e it can support a    
+        lower/equal transaction level than specified in the RA, but   
+        not a higher level.                                           
+    validate-atmost-once-period-in-seconds                                     
+        Used to set the time-interval within which a connection is    
+        validated atmost once. Default is 0 which implies that it is  
+        not enabled. TBD: Documentation is to be corrected.           
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT connector-connection-pool (description?, security-map*, property*)>
+
+<!ATTLIST connector-connection-pool
+    name CDATA #REQUIRED
+    resource-adapter-name CDATA #REQUIRED
+    connection-definition-name CDATA #REQUIRED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    fail-all-connections %boolean; "false"
+    transaction-support (XATransaction | LocalTransaction | NoTransaction) #IMPLIED
+    is-connection-validation-required %boolean; "false"
+    validate-atmost-once-period-in-seconds CDATA "0"
+    connection-leak-timeout-in-seconds CDATA "0"
+    connection-leak-reclaim %boolean; "false"
+    connection-creation-retry-attempts CDATA "0"
+    connection-creation-retry-interval-in-seconds CDATA "10"
+    lazy-connection-enlistment %boolean; "false"
+    lazy-connection-association %boolean; "false"
+    associate-with-thread %boolean; "false"
+    match-connections %boolean; "true"
+    max-connection-usage-count CDATA "0"
+    ping %boolean; "false"
+    pooling %boolean; "true">
+
+
+
+<!-- property
+    Syntax for supplying properties as name value pairs               
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    work-security-map, resource-adapter-config     
+-->
+<!ELEMENT property (description?)>
+
+<!ATTLIST property
+    name CDATA #REQUIRED
+    value CDATA #REQUIRED>
+
+
+<!-- security-map
+    Perform mapping from principal received during Servlet/EJB        
+    authentication, to credentials accepted by the EIS. This mapping  
+    is optional.It is possible to map multiple (server) principal to  
+    the same backend principal.                                       
+
+  Used in:
+    connector-connection-pool                                         
+-->
+<!ELEMENT security-map ((principal | user-group)+, backend-principal)>
+
+<!ATTLIST security-map
+    name CDATA #REQUIRED>
+
+
+<!-- principal
+    Principal of the Servlet and EJB client                           
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT principal (#PCDATA)>
+
+
+<!-- user-group
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT user-group (#PCDATA)>
+
+
+<!-- backend-principal
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT backend-principal EMPTY>
+
+<!ATTLIST backend-principal
+    user-name CDATA #REQUIRED
+    password CDATA #IMPLIED>
+
+<!-- work-security-map
+  Perform mapping from Principal associated with an incoming Work
+  instance to a Principal in the application server's security domain. The 
+  security-map element, on the other hand, performs mapping from
+  Principals in the application server security domain to a Principal
+  accepted by the EIS. It is possible to map multiple EIS Group and/or
+  User Principals to the same application server (server) Principal.
+
+ Used in:
+   resources
+-->
+
+<!ELEMENT work-security-map (description?, (principal-map*, group-map*)+) >
+
+<!ATTLIST work-security-map 
+name CDATA #REQUIRED
+resource-adapter-name CDATA #REQUIRED
+object-type %object-type; "user"
+enabled %boolean; "true">
+
+<!-- principal-map
+  Performs mapping from a Principal in the EIS security domain to
+  a Principal accepted by the application server security domain
+
+  attributes 
+    eis-principal 
+        A Principal in the EIS security domain that is being mapped to 
+        a Principal in the application server's security domain.
+    mapped-principal
+        A Principal that is valid in the application server's security domain
+
+  Used in:
+    work-security-map
+-->
+<!ELEMENT principal-map EMPTY >
+
+<!ATTLIST principal-map
+eis-principal CDATA #REQUIRED
+mapped-principal CDATA #REQUIRED>
+
+<!-- group-map
+  Group map to map eis-group name to application server domain's group name
+
+  attributes 
+    eis-group 
+        A Group in the EIS security domain that is being mapped to 
+        a Group in the application server's security domain
+    mapped-group
+        A Group that is valid in the application server's security domain
+
+  Used in:
+    work-security-map
+-->
+<!ELEMENT group-map EMPTY >
+
+<!ATTLIST group-map
+eis-group CDATA #REQUIRED
+mapped-group CDATA #REQUIRED>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-web-app_3_0-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-web-app_3_0-1.dtd
new file mode 100644
index 0000000000..c7e4ffe6fa
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/glassfish-web-app_3_0-1.dtd
@@ -0,0 +1,846 @@
+<!--
+
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+    Copyright (c) 2010 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+    or packager/legal/LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at packager/legal/LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
+
+-->
+
+<!--
+  XML DTD for Glassfish Application Server specific Java EE web
+  deployment descriptor. This is a companion DTD to web-app_3_0.xsd
+  and web-common_3_0.xsd.
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+
+-->
+
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- root element for vendor specific web application (module) configuration -->
+<!ELEMENT glassfish-web-app (context-root?, security-role-mapping*, servlet*, idempotent-url-pattern*, session-config?,
+                       ejb-ref*, resource-ref*, resource-env-ref*,  service-ref*,
+                       message-destination-ref*, cache?, class-loader?,
+                       jsp-config?, locale-charset-info?, parameter-encoding?,
+                       property*, valve*, message-destination*, webservice-description*, keep-state?, version-identifier?)>
+<!ATTLIST glassfish-web-app error-url CDATA ""
+                      httpservlet-security-provider CDATA #IMPLIED>
+
+<!--
+  Idempotent URL Patterns
+    url-pattern      URL Pattern of the idempotent requests
+    num-of-retries  Specifies the number of times the Load Balancer will retry a request that is idempotent.
+-->
+<!ELEMENT idempotent-url-pattern EMPTY>
+<!ATTLIST idempotent-url-pattern url-pattern CDATA #REQUIRED
+                                 num-of-retries CDATA "-1">
+
+<!-- 
+ Context Root for the web application when the war file is a standalone module.
+ When the war module is part of the Java EE Application, use the application.xml
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+<!ELEMENT group-name (#PCDATA)>
+
+<!ELEMENT servlet (servlet-name, principal-name?, webservice-endpoint*)>
+
+<!ELEMENT session-config (session-manager?, session-properties?, cookie-properties?)>
+
+<!ENTITY % persistence-type "(memory | file | custom | ha | s1ws60 | mmap | replicated)">
+
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!ATTLIST session-manager persistence-type CDATA "memory">
+
+<!ELEMENT manager-properties (property*)>
+<!ELEMENT store-properties (property*)>
+<!ELEMENT session-properties (property*)>
+<!ELEMENT cookie-properties (property*)>
+
+<!ELEMENT jndi-name (#PCDATA)>
+
+<!ELEMENT resource-env-ref (resource-env-ref-name, jndi-name)>
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!ELEMENT resource-ref (res-ref-name, jndi-name, default-resource-principal?)>
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!ENTITY % scope "(context.attribute | request.header  | request.parameter | 
+                   request.cookie  | request.attribute | session.attribute)">
+<!ENTITY % key-scope "(context.attribute | request.header | request.parameter | 
+                       request.cookie | session.id | session.attribute)">
+<!ENTITY % expr "(equals | greater | lesser | not-equals | in-range)">
+
+<!-- cache element configures the cache for web application. iAS 7.0 web container    
+     supports one such cache object per application: i.e. <cache> is a sub element    
+     of <ias-web-app>. A cache can have zero or more cache-mapping elements and
+     zero or more customizable cache-helper classes.
+                                                                                   
+        max-entries        Maximum number of entries this cache may hold. [4096]
+        timeout-in-seconds Default timeout for the cache entries in seconds. [30]
+        enabled            Is this cache enabled? [true]                                                   The default value is changed to true from 8.1
+-->
+<!ELEMENT cache (cache-helper*, default-helper?, property*, cache-mapping*)>
+<!ATTLIST cache  max-entries         CDATA     "4096"
+                 timeout-in-seconds  CDATA     "30"
+                 enabled             %boolean; "true">
+
+<!-- cache-helper specifies customizable class which implements CacheHelper interface. 
+
+     name                     Unique name for the helper class; this is referenced in
+                              the cache-mapping elements (see below).
+                              "default" is reserved for the built-in default helper.
+     class-name               Fully qualified class name of the cache-helper; this class
+                              must extend the com.sun.appserv.web.CacheHelper class.
+-->
+<!ELEMENT cache-helper (property*)>
+<!ATTLIST cache-helper name CDATA #REQUIRED
+                       class-name CDATA #REQUIRED>
+
+<!-- 
+Default, built-in cache-helper properties
+-->
+<!ELEMENT default-helper (property*)>
+
+<!-- 
+cache-mapping element defines what to be cached, the key to be used, any other   
+constraints to be applied and a customizable cache-helper to programmatically
+hook this information.
+-->
+<!ELEMENT cache-mapping ((servlet-name | url-pattern), 
+                        (cache-helper-ref |
+                        (dispatcher*, timeout?, refresh-field?, http-method*, key-field*, constraint-field*)))>
+
+<!-- 
+servlet-name element defines a named servlet to which this caching is enabled.
+the specified name must be present in the web application deployment descriptor
+(web.xml)
+-->
+<!ELEMENT servlet-name (#PCDATA)>
+
+<!-- 
+url-pattern element specifies the url pattern to which caching is to be enabled.
+See Servlet 2.3 specification section SRV. 11.2 for the applicable patterns.
+-->
+<!ELEMENT url-pattern  (#PCDATA)>
+
+<!-- 
+cache-helper-ref s a reference to the cache-helper used by this cache-mapping 
+-->
+<!ELEMENT cache-helper-ref (#PCDATA)>
+
+<!-- 
+Specifies the RequestDispatcher methods for which caching is to be
+enabled on the target resource. Valid values are REQUEST, FORWARD, INCLUDE,
+and ERROR (default: REQUEST).
+See SRV.6.2.5 of the Servlet 2.4 Specification for more information.
+-->
+<!ELEMENT dispatcher (#PCDATA)>
+
+<!-- 
+timeout element defines the cache timeout in seconds applicable for this mapping.
+default is to use cache object's timeout. The timeout value is specified statically
+ere (e.g. <timeout> 60 </timeout> or dynamically via fields in the relevant scope.
+
+   name             Name of the field where this timeout could be found
+   scope            Scope of the field. default scope is request attribute.
+-->
+<!ELEMENT timeout (#PCDATA)>
+<!ATTLIST timeout  name  CDATA  #IMPLIED
+                   scope %scope; 'request.attribute'>
+
+<!-- 
+http-method specifies HTTP method eligible for caching default is GET. 
+-->
+<!ELEMENT http-method (#PCDATA)>
+
+<!-- 
+specifies the request parameter name that triggers refresh. the cached entry 
+is refreshed when there such a request parameter is set to "true"
+example:
+<cache-mapping> 
+    <url-pattern> /quote </url-pattern> 
+    <refresh-field name="refresh" scope="request.parameter"/> 
+</cache-mapping> 
+-->
+<!ELEMENT refresh-field EMPTY>
+<!ATTLIST refresh-field name  CDATA       #REQUIRED
+                        scope %key-scope; 'request.parameter'>
+<!-- 
+key-field specifies a component of the key; container looks for the named 
+field in the given scope to access the cached entry. Default is to use
+the Servlet Path (the path section that corresponds to the servlet mapping 
+which activated this request). See Servlet 2.3 specification section SRV 4.4 
+on Servlet Path.
+
+  name             Name of the field to look for in the given scope
+  scope            Scope of the field. default scope is request parameter.
+-->
+<!ELEMENT key-field EMPTY>
+<!ATTLIST key-field name  CDATA       #REQUIRED
+                    scope %key-scope; 'request.parameter'>
+
+<!-- 
+constraint-field specifies a field whose value is used as a cacheability constraint.
+  
+  name                     Name of the field to look for in the given scope
+  scope                    Scope of the field. Default scope is request parameter.
+  cache-on-match           Should this constraint check pass, is the response cacheable?
+                           Default is true (i.e. cache the response on success match). 
+                           Useful to turn off caching when there is an attribute in the 
+                           scope (e.g. don't cache when there is an attribute called UID 
+                           in the session.attribute scope).
+  cache-on-match-failure   Should the constraint check fail, is response not cacheable?
+                           Default is false (i.e. a failure in enforcing the constraint
+                           would negate caching). Useful to turn on caching when the 
+                           an an attribute is not present (e.g. turn on caching 
+                           when there is no session or session attribute called UID).
+
+  Example 1: don't cache when there is a session attribute
+  <constraint-field name="UID" scope="session.attribute" cache-on-match="false">
+
+  Example 2: do cache only when there is no session attribute
+  <constraint-field name="UID" scope="session.attribute" 
+                    cache-on-match-failure="false">
+-->
+<!ELEMENT constraint-field (constraint-field-value*)>
+<!ATTLIST constraint-field  name                    CDATA      #REQUIRED
+                            scope                   %scope;    'request.parameter'
+                            cache-on-match          %boolean;  'true'
+                            cache-on-match-failure  %boolean;  'false'>
+
+<!-- 
+value element specifies the applicable value and a matching expression for a constraint-field
+  match-expr            Expression used to match the value. Default is 'equals'.
+
+  Example 1: cache when the category matches with any value other than a specific value
+  <constraint-field name="category" scope="request.parameter>
+    <value match-expr="equals" cache-on-match-failure="true">
+         bogus
+    </value>
+  </constraint-field>
+-->
+<!ELEMENT constraint-field-value (#PCDATA)>
+<!ATTLIST constraint-field-value 	match-expr              %expr;    'equals'
+                			cache-on-match          %boolean;  'true'
+                			cache-on-match-failure  %boolean;  'false'>
+
+<!--
+  The class-loader element allows developers to customize the behaviour
+  of their web application's classloader.
+
+  attributes
+    extra-class-path          List of comma-separated JAR files to be
+                              added to the web application's class path
+    delegate                  If set to false, the delegation behavior
+                              of the web application's classloader complies
+                              with the Servlet 2.3 specification,
+                              section 9.7.2, and gives preference to classes
+                              and resources within the WAR file or the
+                              extra-class-path over those higher up in the
+                              classloader hierarchy, unless those classes or
+                              resources are part of the Java EE platform.
+                              If set to its default value of true, classes
+                              and resources residing in container-wide library
+                              JAR files are loaded in preference to classes
+                              and resources packaged within the WAR file or
+                              specified on the extra-class-path.
+    dynamic-reload-interval   Not supported. Included for backward
+                              compatibility with previous Sun Java System
+                              Web Server versions
+-->
+<!ELEMENT class-loader (property*)>
+<!ATTLIST class-loader extra-class-path CDATA  #IMPLIED
+                       delegate %boolean; 'true'
+                       dynamic-reload-interval CDATA #IMPLIED >
+
+<!ELEMENT jsp-config (property*)>
+
+<!ELEMENT locale-charset-info (locale-charset-map+, parameter-encoding?)>
+<!ATTLIST locale-charset-info default-locale CDATA #IMPLIED>
+
+<!ELEMENT locale-charset-map (description?)>
+<!ATTLIST locale-charset-map locale  CDATA  #REQUIRED
+                             agent   CDATA  #IMPLIED
+                             charset CDATA  #REQUIRED>
+
+<!ELEMENT parameter-encoding EMPTY>
+<!ATTLIST parameter-encoding form-hint-field CDATA #IMPLIED
+			     default-charset CDATA #IMPLIED>
+
+<!-- 
+Syntax for supplying properties as name value pairs 
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property name  CDATA  #REQUIRED
+                   value CDATA  #REQUIRED>
+
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!ELEMENT valve (description?, property*)>
+<!ATTLIST valve name        CDATA  #REQUIRED
+                class-name  CDATA  #REQUIRED>
+
+<!--
+  					W E B   S E R V I C E S 
+-->
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+Information about a web service endpoint.  
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+The auth-method element is used to configure the authentication
+mechanism for the web application. As a prerequisite to gaining access
+to any web resources which are protected by an authorization
+constraint, a user must have authenticated using the configured
+mechanism.
+-->
+
+<!ELEMENT auth-method (#PCDATA)>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+The transport-guarantee element specifies that the communication
+between client and server should be NONE, INTEGRAL, or
+CONFIDENTIAL. NONE means that the application does not require any
+transport guarantees. A value of INTEGRAL means that the application
+requires that the data sent between the client and server be sent in
+such a way that it can't be changed in transit. CONFIDENTIAL means
+that the application requires that the data be transmitted in a
+fashion that prevents other entities from observing the contents of
+the transmission. In most cases, the presence of the INTEGRAL or
+CONFIDENTIAL flag will indicate that the use of SSL is required.
+-->
+
+<!ELEMENT transport-guarantee (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+<!--
+The keep-state element indicates whether the state information should be
+preserved across redeployment.
+-->
+<!ELEMENT keep-state (#PCDATA)>
+
+<!--
+The version-identifier element contains the version information. The value is
+ retrieved at deployment.
+-->
+<!ELEMENT version-identifier (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/static-verification_1_4.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/static-verification_1_4.dtd
new file mode 100644
index 0000000000..73f03cb29d
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/static-verification_1_4.dtd
@@ -0,0 +1,146 @@
+<!--
+
+    DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+    Copyright (c) 2000-2018 Oracle and/or its affiliates. All rights reserved.
+
+    The contents of this file are subject to the terms of either the GNU
+    General Public License Version 2 only ("GPL") or the Common Development
+    and Distribution License("CDDL") (collectively, the "License").  You
+    may not use this file except in compliance with the License.  You can
+    obtain a copy of the License at
+    https://oss.oracle.com/licenses/CDDL+GPL-1.1
+    or LICENSE.txt.  See the License for the specific
+    language governing permissions and limitations under the License.
+
+    When distributing the software, include this License Header Notice in each
+    file and include the License file at LICENSE.txt.
+
+    GPL Classpath Exception:
+    Oracle designates this particular file as subject to the "Classpath"
+    exception as provided by Oracle in the GPL Version 2 section of the License
+    file that accompanied this code.
+
+    Modifications:
+    If applicable, add the following below the License Header, with the fields
+    enclosed by brackets [] replaced by your own identifying information:
+    "Portions Copyright [year] [name of copyright owner]"
+
+    Contributor(s):
+    If you wish your version of this file to be governed by only the CDDL or
+    only the GPL Version 2, indicate your decision by adding "[Contributor]
+    elects to include this software in this distribution under the [CDDL or GPL
+    Version 2] license."  If you don't indicate a single choice of license, a
+    recipient has the option to distribute your version of this file under
+    either the CDDL, the GPL Version 2 or to extend the choice of license to
+    its licensees as provided above.  However, if you add GPL Version 2 code
+    and therefore, elected the GPL Version 2 license, then the option applies
+    only if the new code is made subject to such option by the copyright
+    holder.
+
+-->
+
+<!--
+This is the XML DTD for the J2EE 1.4 static application verification
+descriptor.  All J2EE 1.4 application verification descriptors
+must include a DOCTYPE of the following form:
+
+  <!DOCTYPE static-verification PUBLIC
+        "-//Sun Microsystems, Inc.//DTD J2EE Static Verification 1.4//EN"
+        "http://java.sun.com/dtd/static-verification_1_4.dtd">
+
+-->
+
+<!--  
+static-verification is used to display the passed/failed/not applicable/warning tests 
+for all the J2EE components. It also records the errors and exceptions that occur in the Verifier tool
+while trying to verify applications.
+-->
+<!ELEMENT static-verification (application?, ejb?, web?, appclient?, connector?, other?, error?, failure-count)>
+
+<!-- application element holds results of static checking for
+the application dtd.  
+-->
+<!ELEMENT application (failed?, passed?, warning?, not-applicable?)>
+
+<!-- the failed tests generated by the verifier
+-->
+<!ELEMENT failed (test*)>
+
+<!-- test element holds the information about the test such as the name, test assertion ans test description
+-->
+<!ELEMENT test (test-name, test-assertion, test-description)>
+
+<!-- test-name is the name of the verifier test which was executed
+-->
+<!ELEMENT test-name (#PCDATA)>
+
+<!-- test-assertion is the description of the test
+-->
+<!ELEMENT test-assertion (#PCDATA)>
+
+<!-- test-description is a description of the result of the test
+-->
+<!ELEMENT test-description (#PCDATA)>
+
+<!-- list of tests which passed the verifier checking
+-->
+<!ELEMENT passed (test*)>
+
+<!-- list of warnings produced during the verifier checking
+-->
+<!ELEMENT warning (test*)>
+
+<!-- list of not applicable tests produced during the verifier checking
+-->
+<!ELEMENT not-applicable (test*)>
+
+<!-- tests specific to the appclients static information 
+-->
+<!ELEMENT appclient (failed?, passed?, warning?, not-applicable?)>
+
+<!-- tests specific to ejbs static information
+-->
+<!ELEMENT ejb (failed?, passed?, warning?, not-applicable?)>
+
+<!-- tests specific to connectors static information
+--><!ELEMENT connector (failed?, passed?, warning?, not-applicable?)>
+
+<!-- tests specific to web static information
+-->
+<!ELEMENT web (failed?, passed?, warning?, not-applicable?)>
+
+<!-- tests specific to other tests written specifically to check the XML file
+-->
+<!ELEMENT other (failed?, passed?, warning?, not-applicable?)>
+
+<!-- this tag captures the errors that might occur in the Verifier tool
+while trying to verify an application. An error can be an exception 
+or a case that is not allowed.
+-->
+<!ELEMENT error (error-name, error-description)>
+
+<!-- name of the java error 
+-->
+<!ELEMENT error-name (#PCDATA)>
+
+<!-- description of what was happening when the error occured
+-->
+<!ELEMENT error-description (#PCDATA)>
+
+<!-- this tag holds the counts for failures, warnings and errors
+-->
+
+<!ELEMENT failure-count (failure-number, warning-number, error-number)>
+
+<!-- number of failed tests
+-->
+<!ELEMENT failure-number (#PCDATA)>
+
+<!-- number of warnings
+-->
+<!ELEMENT warning-number (#PCDATA)>
+
+<!-- number of errors
+-->
+<!ELEMENT error-number (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_3-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_3-0.dtd
new file mode 100644
index 0000000000..de9f6d1ab4
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_3-0.dtd
@@ -0,0 +1,93 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!--
+application-client is the root element describing all the runtime bindings 
+of a single application client
+-->
+<!ELEMENT sun-application-client (resource-ref*, ejb-ref*, resource-env-ref*)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container 
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-0.dtd
new file mode 100644
index 0000000000..58440bbcbe
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-0.dtd
@@ -0,0 +1,218 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!--
+application-client is the root element describing all the runtime bindings 
+of a single application client
+-->
+<!ELEMENT sun-application-client (ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, 
+	message-destination*)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container 
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+
+<!--
+  			W E B   S E R V I C E S 
+--> 	
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, 
+		wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property* )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-1.dtd
new file mode 100644
index 0000000000..3008b852b4
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_1_4-1.dtd
@@ -0,0 +1,467 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!--
+  XML DTD for Sun Application Server specific J2EE Client Application
+  deployment descriptor. This is a companion DTD to application-client_1_4.xsd
+
+-->
+
+<!-- The PUBLIC ID (defined in DOCTYPE) associated with this dtd is:
+     "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Application Client 1.4//EN"; 
+-->
+
+<!--
+application-client is the root element describing all the runtime bindings 
+of a single application client
+-->
+<!ELEMENT sun-application-client (ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, 
+	message-destination*)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container 
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+
+<!--
+  			W E B   S E R V I C E S 
+--> 	
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, 
+		wsdl-override?, service-impl-class?, service-qname? )>
+		
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_5_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_5_0-0.dtd
new file mode 100644
index 0000000000..c9bca8fa2c
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_5_0-0.dtd
@@ -0,0 +1,531 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!--
+  XML DTD for Sun Application Server specific Java EE Client Application
+  deployment descriptor. This is a companion DTD to application-client_5.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Application Client 5.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client_5_0-0.dtd">
+
+-->
+
+<!--
+application-client is the root element describing all the runtime bindings 
+of a single application client
+-->
+<!ELEMENT sun-application-client (ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, 
+	message-destination-ref*, message-destination*, java-web-start-access?)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container 
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+
+<!--
+  			W E B   S E R V I C E S 
+--> 	
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, 
+		wsdl-override?, service-impl-class?, service-qname? )>
+		
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+<!--
+                            J A V A   W E B   S T A R T    A C C E S S
+-->
+
+<!--
+The java-web-start-access element contains all information relevant to Java
+Web Start access to the app client.
+
+Note that all elements that support Java Web Start access appear below 
+the java-web-start-access definition alphabetically by tag name.
+
+The context-root subelement allows the developer to specify what context root
+will be used for addressing the app client via Java Web Start.  If absent, the
+app server uses a default context root value.
+
+The eligible subelement allows the developer to control whether this app client
+should allow Java Web Start access.  If this value is false, then Java Web Start
+will never be allowed access.  Default: true.
+
+The vendor subelement allows the developer to specify the vendor name that Java
+Web Start should display to the end-user as the app client is downloaded and launched.
+
+Used in: sun-application-client
+-->
+<!ELEMENT java-web-start-access (context-root?, eligible?, vendor?)>
+
+<!--
+The context-root element allows the developer to specify the context root
+with which Java Web Start should access the app client.  The app server
+provides a default value if the developer omits this.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!--
+The eligible element allows the developer to indicate whether Java Web Start
+access should ever be permitted to launch this app client. 
+
+Used in: java-web-start-access 
+-->
+<!ELEMENT eligible (#PCDATA)>
+
+<!--
+The vendor element allows the developer to indicate what vendor name Java Web Start
+should display in the splash screen as the app client is downloaded and/or launched.
+
+Used in: java-web-start-access 
+-->
+<!ELEMENT vendor (#PCDATA)>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_6_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_6_0-0.dtd
new file mode 100644
index 0000000000..0bc48dbcdc
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application-client_6_0-0.dtd
@@ -0,0 +1,546 @@
+<!--
+  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+  Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.
+
+  The contents of this file are subject to the terms of either the GNU
+  General Public License Version 2 only ("GPL") or the Common Development
+  and Distribution License("CDDL") (collectively, the "License").  You
+  may not use this file except in compliance with the License.  You can
+  obtain a copy of the License at
+  https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+  or packager/legal/LICENSE.txt.  See the License for the specific
+  language governing permissions and limitations under the License.
+
+  When distributing the software, include this License Header Notice in each
+  file and include the License file at packager/legal/LICENSE.txt.
+
+  GPL Classpath Exception:
+  Oracle designates this particular file as subject to the "Classpath"
+  exception as provided by Oracle in the GPL Version 2 section of the License
+  file that accompanied this code.
+
+  Modifications:
+  If applicable, add the following below the License Header, with the fields
+  enclosed by brackets [] replaced by your own identifying information:
+  "Portions Copyright [year] [name of copyright owner]"
+
+  Contributor(s):
+  If you wish your version of this file to be governed by only the CDDL or
+  only the GPL Version 2, indicate your decision by adding "[Contributor]
+  elects to include this software in this distribution under the [CDDL or GPL
+  Version 2] license."  If you don't indicate a single choice of license, a
+  recipient has the option to distribute your version of this file under
+  either the CDDL, the GPL Version 2 or to extend the choice of license to
+  its licensees as provided above.  However, if you add GPL Version 2 code
+  and therefore, elected the GPL Version 2 license, then the option applies
+  only if the new code is made subject to such option by the copyright
+  holder.
+--> 
+
+<!--
+  XML DTD for Sun Application Server specific Java EE Client Application
+  deployment descriptor. This is a companion DTD to application-client_6.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Application Client 6.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client_6_0-0.dtd">
+-->
+
+<!--
+sun-application-client is the root element describing all the runtime bindings
+of a single application client
+-->
+<!ELEMENT sun-application-client (ejb-ref*, resource-ref*, resource-env-ref*, service-ref*,
+	message-destination-ref*, message-destination*, java-web-start-access?)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's
+destination.  Required for a Topic destination, if subscription-durability is set to
+Durable (in ejb-jar.xml)
+-->
+
+<!--
+  			W E B   S E R V I C E S
+-->
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*,
+		wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!--
+Port used in port-info.
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!--
+JAXRPC property values that should be set on a stub before it's returned to
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!--
+JAXRPC property values that should be set on a Call object before it's
+returned to the web service client.  The property names can be any
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!--
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used
+to accomplish the latter; in which case the specified
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config
+and thus the authentication provider that is to be used to satisfy
+the application specific message security requirements. If a value for
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used.
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced.
+
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes
+the message security requirements that pertain to the request and
+response messages of the containing endpoint. When contained within a
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element.
+
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security
+element apply to all the operations of the endpoint
+with the specified (and potentially overloaded) operation name.
+
+Default:
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class
+indicated by the context in which the java-method is contained.
+
+Default:
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default:
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default:
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ *
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ *
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default:
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+<!--
+                            J A V A   W E B   S T A R T    A C C E S S
+-->
+
+<!--
+The java-web-start-access element contains all information relevant to Java
+Web Start access to the app client.
+
+Note that all elements that support Java Web Start access appear below
+the java-web-start-access definition alphabetically by tag name.
+
+The context-root subelement allows the developer to specify what context root
+will be used for addressing the app client via Java Web Start.  If absent, the
+app server uses a default context root value.
+
+The eligible subelement allows the developer to control whether this app client
+should allow Java Web Start access.  If this value is false, then Java Web Start
+will never be allowed access.  Default: true.
+
+The vendor subelement allows the developer to specify the vendor name that Java
+Web Start should display to the end-user as the app client is downloaded and launched.
+
+The jnlp-doc subelement gives the developer a way to direct the generation of
+the JNLP document describing the app client launch.
+
+Used in: sun-application-client
+-->
+<!ELEMENT java-web-start-access (context-root?, eligible?, vendor?, jnlp-doc?)>
+
+<!--
+The context-root element allows the developer to specify the context root
+with which Java Web Start should access the app client.  The app server
+provides a default value if the developer omits this.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!--
+The eligible element allows the developer to indicate whether Java Web Start
+access should ever be permitted to launch this app client.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT eligible (#PCDATA)>
+
+<!--
+The vendor element allows the developer to indicate what vendor name Java Web Start
+should display in the splash screen as the app client is downloaded and/or launched.
+
+Used in: java-web-start-access
+-->
+<!ELEMENT vendor (#PCDATA)>
+
+<!--
+The jnlp-doc element's href attribute refers to a JNLP file in the app
+client or in the EARwhich is merged with the generated JNLP to create the final
+JNLP which is used to launch the app client.  This href must be a relative
+URI
+
+Used in: java-web-start-access
+-->
+<!ELEMENT jnlp-doc EMPTY>
+<!ATTLIST jnlp-doc href CDATA #REQUIRED>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_3-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_3-0.dtd
new file mode 100644
index 0000000000..cd83e48985
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_3-0.dtd
@@ -0,0 +1,66 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!--
+This is the root element of the runtime descriptor document.
+-->
+<!ELEMENT sun-application (web*, pass-by-reference?, unique-id?, security-role-mapping*) >
+
+<!ELEMENT web (web-uri, context-root)>
+<!ELEMENT web-uri (#PCDATA)>
+<!ELEMENT context-root (#PCDATA)>
+
+<!-- Pass by Reference semantics:  EJB spec requires pass by value,
+     which will be the default mode of operation. This can be set 
+     to true for non-compliant and possibly higher performance. 
+     For a stand-alone, this can be set at this level. By setting 
+     a similarly named element at sun-application, it can apply to 
+     all the enclosed ejb modules. Allowed values are true and 
+     false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!-- Automatically generated and updated at deployment/redeployment 
+     Needs to be unqiue in the system.
+  -->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+
+<!ELEMENT role-name (#PCDATA)>
+<!ELEMENT principal-name (#PCDATA)>
+<!ELEMENT group-name (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_4-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_4-0.dtd
new file mode 100644
index 0000000000..2eb714d799
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_1_4-0.dtd
@@ -0,0 +1,80 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!-- The PUBLIC ID (defined in DOCTYPE) associated with this dtd is:
+     "-//Sun Microsystems, Inc.//DTD Application Server 8.0 J2EE Application 1.4//EN"; 
+-->
+
+<!--
+This is the root element of the runtime descriptor document.
+-->
+<!ELEMENT sun-application (web*, pass-by-reference?, unique-id?, security-role-mapping*, realm?) >
+
+<!ELEMENT web (web-uri, context-root)>
+<!ELEMENT web-uri (#PCDATA)>
+<!ELEMENT context-root (#PCDATA)>
+
+<!-- Pass by Reference semantics:  EJB spec requires pass by value,
+     which will be the default mode of operation. This can be set 
+     to true for non-compliant and possibly higher performance. 
+     For a stand-alone, this can be set at this level. By setting 
+     a similarly named element at sun-application, it can apply to 
+     all the enclosed ejb modules. Allowed values are true and 
+     false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!-- Automatically generated and updated at deployment/redeployment 
+     Needs to be unqiue in the system.
+  -->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+
+<!ELEMENT role-name (#PCDATA)>
+<!ELEMENT principal-name (#PCDATA)>
+<!ELEMENT group-name (#PCDATA)>
+
+<!-- 
+  realm: Allows specifying an optional authentication realm name which will
+    be used to process all authentication requests associated with this
+    application. If this element is not specified (or if it is given but
+    does not match the name of a configured realm) then the default realm
+    set in the server instances security-service element will be used
+    instead.
+-->
+<!ELEMENT realm (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_5_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_5_0-0.dtd
new file mode 100644
index 0000000000..5aa318477c
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_5_0-0.dtd
@@ -0,0 +1,87 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!--
+  XML DTD for Sun Application Server specific Java EE Application
+  deployment descriptor. This is a companion DTD to application_5.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Java EE Application 5.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd">
+
+-->
+
+<!--
+This is the root element of the runtime descriptor document.
+-->
+<!ELEMENT sun-application (web*, pass-by-reference?, unique-id?, security-role-mapping*, realm?) >
+
+<!ELEMENT web (web-uri, context-root)>
+<!ELEMENT web-uri (#PCDATA)>
+<!ELEMENT context-root (#PCDATA)>
+
+<!-- Pass by Reference semantics:  EJB spec requires pass by value,
+     which will be the default mode of operation. This can be set 
+     to true for non-compliant and possibly higher performance. 
+     For a stand-alone, this can be set at this level. By setting 
+     a similarly named element at sun-application, it can apply to 
+     all the enclosed ejb modules. Allowed values are true and 
+     false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!-- Automatically generated and updated at deployment/redeployment 
+     Needs to be unqiue in the system.
+  -->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+
+<!ELEMENT role-name (#PCDATA)>
+<!ELEMENT principal-name (#PCDATA)>
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+<!ELEMENT group-name (#PCDATA)>
+
+<!-- 
+  realm: Allows specifying an optional authentication realm name which will
+    be used to process all authentication requests associated with this
+    application. If this element is not specified (or if it is given but
+    does not match the name of a configured realm) then the default realm
+    set in the server instances security-service element will be used
+    instead.
+-->
+<!ELEMENT realm (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_6_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_6_0-0.dtd
new file mode 100644
index 0000000000..e33f42d508
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-application_6_0-0.dtd
@@ -0,0 +1,530 @@
+<!--
+  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+  Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.
+ 
+  The contents of this file are subject to the terms of either the GNU
+  General Public License Version 2 only ("GPL") or the Common Development
+  and Distribution License("CDDL") (collectively, the "License").  You
+  may not use this file except in compliance with the License.  You can
+  obtain a copy of the License at
+  https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+  or packager/legal/LICENSE.txt.  See the License for the specific
+  language governing permissions and limitations under the License.
+ 
+  When distributing the software, include this License Header Notice in each
+  file and include the License file at packager/legal/LICENSE.txt.
+ 
+  GPL Classpath Exception:
+  Oracle designates this particular file as subject to the "Classpath"
+  exception as provided by Oracle in the GPL Version 2 section of the License
+  file that accompanied this code.
+ 
+  Modifications:
+  If applicable, add the following below the License Header, with the fields
+  enclosed by brackets [] replaced by your own identifying information:
+  "Portions Copyright [year] [name of copyright owner]"
+ 
+  Contributor(s):
+  If you wish your version of this file to be governed by only the CDDL or
+  only the GPL Version 2, indicate your decision by adding "[Contributor]
+  elects to include this software in this distribution under the [CDDL or GPL
+  Version 2] license."  If you don't indicate a single choice of license, a
+  recipient has the option to distribute your version of this file under
+  either the CDDL, the GPL Version 2 or to extend the choice of license to
+  its licensees as provided above.  However, if you add GPL Version 2 code
+  and therefore, elected the GPL Version 2 license, then the option applies
+  only if the new code is made subject to such option by the copyright
+  holder.
+--> 
+
+<!--
+  XML DTD for Sun Application Server specific Java EE Application
+  deployment descriptor. This is a companion DTD to application_6.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Java EE Application 6.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application_6_0-0.dtd">
+
+-->
+
+<!--
+This is the root element of the runtime descriptor document.
+-->
+<!ELEMENT sun-application (web*, pass-by-reference?, unique-id?, security-role-mapping*, realm?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, message-destination*, archive-name?, compatibility?) >
+
+<!ELEMENT web (web-uri, context-root)>
+<!ELEMENT web-uri (#PCDATA)>
+<!ELEMENT context-root (#PCDATA)>
+
+<!-- Pass by Reference semantics:  EJB spec requires pass by value,
+     which will be the default mode of operation. This can be set 
+     to true for non-compliant and possibly higher performance. 
+     For a stand-alone, this can be set at this level. By setting 
+     a similarly named element at sun-application, it can apply to 
+     all the enclosed ejb modules. Allowed values are true and 
+     false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!-- Automatically generated and updated at deployment/redeployment 
+     Needs to be unqiue in the system.
+  -->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+
+<!ELEMENT role-name (#PCDATA)>
+<!ELEMENT principal-name (#PCDATA)>
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+<!ELEMENT group-name (#PCDATA)>
+
+<!-- 
+  realm: Allows specifying an optional authentication realm name which will
+    be used to process all authentication requests associated with this
+    application. If this element is not specified (or if it is given but
+    does not match the name of a configured realm) then the default realm
+    set in the server instances security-service element will be used
+    instead.
+-->
+<!ELEMENT realm (#PCDATA)>
+
+<!--
+name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref holds the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  ( res-ref-name, jndi-name,  default-resource-principal?)>
+
+<!--
+default-resource-principal specifies the default principal that the container
+will use to access a resource.
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+name element holds the user name
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+password element holds a password string.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+ejb-ref element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+ejb-ref-name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+jndi name of the associated entity
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+                        W E B   S E R V I C E S
+-->
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*,
+                wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!--
+Port used in port-info.
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!--
+JAXRPC property values that should be set on a stub before it's returned to
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!--
+JAXRPC property values that should be set on a Call object before it's
+returned to the web service client.  The property names can be any
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!--
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used
+to accomplish the latter; in which case the specified
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config
+and thus the authentication provider that is to be used to satisfy
+the application specific message security requirements. If a value for
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used.
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced.
+
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes
+the message security requirements that pertain to the request and
+response messages of the containing endpoint. When contained within a
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element.
+
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security
+element apply to all the operations of the endpoint
+with the specified (and potentially overloaded) operation name.
+
+Default:
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class
+indicated by the context in which the java-method is contained.
+
+Default:
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default:
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default:
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+*
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy
+ *         auth-source (sender | content) #IMPLIED
+ *         auth-recipient (before-content | after-content) #IMPLIED
+ *
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+          auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default:
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+          auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+
+<!--
+  The value of the archive-name element will be used to derive the default 
+name of the app-name when app-name is not present in application.xml.
+  The default app name will be archive-name value minus the file extension. 
+For example, if archive-name is foo.ear, the default app-name will be foo.
+-->
+<!ELEMENT archive-name (#PCDATA)> 
+
+<!--
+Specifies the Enterprise Server release with which to be backward compatible 
+in terms of JAR visibility requirements for applications. 
+The current allowed value is v2, which refers to GlassFish version 2 or 
+Enterprise Server version 9.1 or 9.1.1. The Java EE 6 platform specification 
+imposes stricter requirements than Java EE 5 did on which JAR files can be 
+visible to various modules within an EAR file. Setting this element to v2 
+removes these Java EE 6 restrictions.
+-->
+<!ELEMENT compatibility (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_0.dtd
index a56e031400..df925fdf90 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_0.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_0.dtd
@@ -1,3 +1,39 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
 
 <!-- This file maps at least one set of beans to tables and columns in a 
      specific db schema
@@ -17,18 +53,9 @@
 <!ELEMENT entity-mapping (ejb-name, table-name, cmp-field-mapping+, 
         cmr-field-mapping*, secondary-table*, consistency?)>
 
-<!-- !PW I adjusted the definition of <consistency> slightly so that 
-     schema2beans does not view the second references to check-all-at-commit
-     and lock-when-modified as distinct properties (they aren't). 
-
-     Original definition:
-          
-     ELEMENT consistency (none | check-modified-at-commit | lock-when-loaded |
-        check-all-at-commit | lock-when-modified | 
-        (lock-when-modified, check-all-at-commit) ) 
-  -->
 <!ELEMENT consistency (none | check-modified-at-commit | lock-when-loaded |
-        (lock-when-modified?, check-all-at-commit?) ) >
+        check-all-at-commit | lock-when-modified | 
+        (lock-when-modified, check-all-at-commit) ) >
 
 <!ELEMENT read-only EMPTY>
 
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_1.dtd
index 50bbcd58b0..0264f24c7e 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_1.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_1.dtd
@@ -1,3 +1,39 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
 
 <!-- This file maps at least one set of beans to tables and columns in a 
      specific db schema
@@ -17,18 +53,8 @@
 <!ELEMENT entity-mapping (ejb-name, table-name, cmp-field-mapping+, 
         cmr-field-mapping*, secondary-table*, consistency?)>
 
-
-<!-- !PW I adjusted the definition of <consistency> slightly so that 
-     schema2beans does not view the second reference to check-all-at-commit 
-     as a distinct property (it isn't).
-
-     Original definition:
-          
-     ELEMENT consistency (none | check-modified-at-commit | lock-when-loaded |
-        check-all-at-commit | (lock-when-modified, check-all-at-commit?) ) >
-  -->
 <!ELEMENT consistency (none | check-modified-at-commit | lock-when-loaded |
-        (lock-when-modified?, check-all-at-commit?) ) >
+        check-all-at-commit | (lock-when-modified, check-all-at-commit?) ) >
 
 <!ELEMENT read-only EMPTY>
 
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_2.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_2.dtd
index e59e570741..07a2007c1e 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_2.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-cmp-mapping_1_2.dtd
@@ -1,3 +1,39 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
 
 <!-- This file maps at least one set of beans to tables and columns in a 
      specific db schema
@@ -17,18 +53,8 @@
 <!ELEMENT entity-mapping (ejb-name, table-name, cmp-field-mapping+, 
         cmr-field-mapping*, secondary-table*, consistency?)>
 
-<!-- !PW I adjusted the definition of <consistency> slightly so that 
-     schema2beans does not view the second reference to check-all-at-commit 
-     as a distinct property (it isn't).
-
-     Original definition:
-          
-     ELEMENT consistency (none | check-modified-at-commit | lock-when-loaded |
-        check-all-at-commit | (lock-when-modified, check-all-at-commit?) |
-        check-version-of-accessed-instances) >
-  -->
 <!ELEMENT consistency (none | check-modified-at-commit | lock-when-loaded |
-        (lock-when-modified?, check-all-at-commit?) |
+        check-all-at-commit | (lock-when-modified, check-all-at-commit?) |
         check-version-of-accessed-instances) >
 
 <!ELEMENT read-only EMPTY>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_0-0.dtd
new file mode 100644
index 0000000000..60f7cd8591
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_0-0.dtd
@@ -0,0 +1,483 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_2_0.dtd
+
+-->
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT sun-ejb-jar (security-role-mapping*, enterprise-beans) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?
+
+Additional properties applicable to a stateless session bean:
+    bean-pool
+
+Additional properties applicable to a stateful session bean:
+    bean-cache
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?
+
+Additional properties applicable to a message-driven bean:
+   mdb-connection-factory?, jms-durable-subscription-name?, jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, gen-classes?, 
+               bean-pool?, bean-cache?)>
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This contains the boolean true if it is CMP 1.1.
+This field is used to identify CMP 1.1 with old descriptors
+Defaults to false.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?)>
+
+<!--
+This contains the method name for the query field 
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This element contains the database to be used for storing CMP beans in an ejb-jar.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?)>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method. The only supported value
+is USERNAME_PASSWORD
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at sun-application.xml, it can apply to all the enclosed ejb 
+modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!-- 
+PM descriptors contain one or more pm descriptors, but only of them must 
+be in use at any given time 
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the properties for the persistence manager associated with entity bean
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator?, pm-mapping-factory?)>
+
+<!--
+pm-identifier element describes the vendor who provided the PM implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific concrete class generator
+This is the name of the class specific to a vendor 
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor 
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-insue specifies whether this particular PM must be used or not
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-0.dtd
new file mode 100644
index 0000000000..fc9d21d609
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-0.dtd
@@ -0,0 +1,789 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_2_1.xsd
+
+-->
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT sun-ejb-jar (security-role-mapping*, enterprise-beans) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?,
+	message-destination*, webservice-description*)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?, service-ref*
+
+Additional properties applicable to a stateless session bean:
+    bean-pool, webservice-endpoint
+
+Additional properties applicable to a stateful session bean:
+    bean-cache, webservice-endpoint
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?
+
+Additional properties applicable to a message-driven bean:
+   mdb-resource-adapter?, mdb-connection-factory?, jms-durable-subscription-name?, 
+   jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, cmt-timeout-in-seconds?, use-thread-pool-id?, gen-classes?, 
+               bean-pool?, bean-cache?, mdb-resource-adapter?, webservice-endpoint*)>
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This element in deprecated. It has been left in the DTD for validation purposes.
+Any value will be ignored by the runtime.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?,  query-ordering?)>
+
+<!--
+This contains the method name for the query field 
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This optional element contains the ordering specification for CMP 1.1 finder.
+-->
+
+<!ELEMENT query-ordering (#PCDATA)>
+
+<!--
+This element identifies the database and the policy for processing CMP beans
+storage. The jndi-name element identifies either the persistence-manager-
+factory-resource or the jdbc-resource as defined in the server configuration.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?, property*,
+        create-tables-at-deploy?, drop-tables-at-undeploy?,
+        database-vendor-name?, schema-generator-properties?)>
+
+<!--
+This element contains the override properties for the schema generation 
+from CMP beans in this module.
+-->
+<!ELEMENT schema-generator-properties (property*) >
+
+<!--
+This element specifies whether automatic creation of tables for the CMP beans 
+is done at module deployment. Acceptable values are true or false
+-->
+<!ELEMENT create-tables-at-deploy ( #PCDATA )>
+
+<!--
+This element specifies whether automatic dropping of tables for the CMP beans 
+is done at module undeployment. Acceptabel values are true of false
+-->
+<!ELEMENT drop-tables-at-undeploy ( #PCDATA )>
+
+<!--
+This element specifies the database vendor name for ddl files generated at
+module deployment. Default is SQL92.
+-->
+<!ELEMENT database-vendor-name ( #PCDATA )>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the timeout for transactions started by the container. This value must be greater than zero, else it will be ignored by the container.
+-->
+<!ELEMENT cmt-timeout-in-seconds (#PCDATA)>
+
+<!--
+Specifes the thread pool that will be used to process any invocation on this ejb
+-->
+<!ELEMENT use-thread-pool-id (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method. The only supported value
+is USERNAME_PASSWORD
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at sun-application.xml, it can apply to all the enclosed ejb 
+modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!--
+PM descriptors contain one or more pm descriptors, but only one of them must
+be in use at any given time. If not specified, the Sun CMP is used.
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the pluggable vendor implementation for the CMP 
+support of the CMP entity beans in this module.
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator, pm-mapping-factory?)>
+
+<!--
+pm-identifier element identifies the vendor who provides the CMP implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific class generator to be used
+at the module deploymant time. This is the name of the class specific to this 
+vendor.
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor.
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-inuse specifies which CMP vendor is used.
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
+
+<!--
+This holds the runtime configuration properties of the message-driven bean 
+in its operation environment.  For example, this may include information 
+about the name of a physical JMS destination etc.
+Defined this way to match the activation-config on the standard
+deployment descriptor for message-driven bean.
+-->
+<!ELEMENT activation-config ( description?, activation-config-property+ ) >
+
+<!--
+provide an element description
+-->
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This hold a particular activation config propery name-value pair
+-->
+<!ELEMENT activation-config-property ( 
+  activation-config-property-name, activation-config-property-value ) >
+
+<!--
+This holds the name of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-name ( #PCDATA ) >
+
+<!--
+This holds the value of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-value ( #PCDATA ) >
+
+<!--
+This node holds the module ID of the resource adapter that
+is responsible for delivering messages to the message-driven
+bean, as well as the runtime configuration information for
+the mdb.
+-->
+<!ELEMENT mdb-resource-adapter ( resource-adapter-mid, activation-config? )>
+
+<!--
+This node holds the module ID of the resource adapter that is responsible 
+for delivering messages to the message-driven bean.
+-->
+<!ELEMENT resource-adapter-mid ( #PCDATA ) >
+
+<!-- 
+Generic name-value pairs property
+-->
+<!ELEMENT property ( name, value ) >
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+
+
+<!--
+  			W E B   S E R V I C E S 
+--> 					
+<!--
+Information about a web service endpoint.  
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, login-config?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property* )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should 
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application 
+does not require any transport guarantees. A value of INTEGRAL means 
+that the application requires that the data sent between the client 
+and server be sent in such a way that it can't be changed in transit. 
+CONFIDENTIAL means that the application requires that the data be 
+transmitted in a fashion that prevents other entities from observing 
+the contents of the transmission. In most cases, the presence of the 
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is 
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-1.dtd
new file mode 100644
index 0000000000..643e6bb91e
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_2_1-1.dtd
@@ -0,0 +1,1120 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_2_1.xsd
+
+-->
+
+<!-- The PUBLIC ID (defined in DOCTYPE) associated with this dtd is:
+     "-//Sun Microsystems, Inc.//DTD Application Server 8.1 EJB 2.1//EN";
+-->
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT sun-ejb-jar (security-role-mapping*, enterprise-beans) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?,
+	message-destination*, webservice-description*)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?, service-ref*
+
+Additional properties applicable to a stateless session bean:
+    bean-pool, webservice-endpoint
+
+Additional properties applicable to a stateful session bean:
+    bean-cache, webservice-endpoint, checkpointed-methods?, checkpoint-at-end-of-method?
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?, flush-at-end-of-method?
+
+Additional properties applicable to a message-driven bean:
+   mdb-resource-adapter?, mdb-connection-factory?, jms-durable-subscription-name?, 
+   jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, cmt-timeout-in-seconds?, use-thread-pool-id?, gen-classes?, 
+               bean-pool?, bean-cache?, mdb-resource-adapter?, webservice-endpoint*, flush-at-end-of-method?, checkpointed-methods?, checkpoint-at-end-of-method?)>
+
+<!-- 
+This attribute is only applicable for stateful session bean 
+-->
+<!ATTLIST ejb availability-enabled CDATA #IMPLIED>
+
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+
+Used in ejb, method
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+It is used for both ejb remote reference and ejb local reference.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?, prefetch-disabled?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This element in deprecated. It has been left in the DTD for validation purposes.
+Any value will be ignored by the runtime.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This element allows to selectively disable relationship prefetching for finders of a bean.
+Used in: cmp
+-->
+<!ELEMENT prefetch-disabled (query-method+)>
+
+<!--
+Used in: prefetch-disabled
+-->
+<!ELEMENT query-method (method-name, method-params)>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?,  query-ordering?)>
+
+<!--
+The method-name element contains a name of an enterprise bean method
+or the asterisk (*) character. The asterisk is used when the element
+denotes all the methods of an enterprise bean's component and home
+interfaces.
+
+Used in: method, finder, query-method, java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This optional element contains the ordering specification for CMP 1.1 finder.
+-->
+
+<!ELEMENT query-ordering (#PCDATA)>
+
+<!--
+This element identifies the database and the policy for processing CMP beans
+storage. The jndi-name element identifies either the persistence-manager-
+factory-resource or the jdbc-resource as defined in the server configuration.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?, property*,
+        create-tables-at-deploy?, drop-tables-at-undeploy?,
+        database-vendor-name?, schema-generator-properties?)>
+
+<!--
+This element contains the override properties for the schema generation 
+from CMP beans in this module.
+-->
+<!ELEMENT schema-generator-properties (property*) >
+
+<!--
+This element specifies whether automatic creation of tables for the CMP beans 
+is done at module deployment. Acceptable values are true or false
+-->
+<!ELEMENT create-tables-at-deploy ( #PCDATA )>
+
+<!--
+This element specifies whether automatic dropping of tables for the CMP beans 
+is done at module undeployment. Acceptabel values are true of false
+-->
+<!ELEMENT drop-tables-at-undeploy ( #PCDATA )>
+
+<!--
+This element specifies the database vendor name for ddl files generated at
+module deployment. Default is SQL92.
+-->
+<!ELEMENT database-vendor-name ( #PCDATA )>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+Support backward compatibility with AS7.1
+Now deprecated in 8.1 and later releases 
+Use checkpoint-at-end-of-method element instead
+
+The methods should be separated by semicolons. 
+The param list should separated by commas.  
+All method param types should be full qualified.
+Variable name is allowed for the param type.
+No return type or exception type.
+Example:
+foo(java.lang.String, a.b.c d); bar(java.lang.String s)
+
+Used in: ejb
+-->
+<!ELEMENT checkpointed-methods (#PCDATA)>
+
+<!--
+The equivalent element of checkpointed-methods for 8.1 and later releases
+
+Used in: ejb
+-->
+<!ELEMENT checkpoint-at-end-of-method (method+)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the timeout for transactions started by the container. This value must be greater than zero, else it will be ignored by the container.
+-->
+<!ELEMENT cmt-timeout-in-seconds (#PCDATA)>
+
+<!--
+Specifes the thread pool that will be used to process any invocation on this ejb
+-->
+<!ELEMENT use-thread-pool-id (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method.
+For CSIv2, the only supported value is USERNAME_PASSWORD.
+For EJB web service endpoint, supported values are BASIC and CLIENT_CERT.
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at sun-application.xml, it can apply to all the enclosed ejb 
+modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!--
+PM descriptors contain one or more pm descriptors, but only one of them must
+be in use at any given time. If not specified, the Sun CMP is used.
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the pluggable vendor implementation for the CMP 
+support of the CMP entity beans in this module.
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator?, pm-mapping-factory?)>
+
+<!--
+pm-identifier element identifies the vendor who provides the CMP implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific class generator to be used
+at the module deploymant time. This is the name of the class specific to this 
+vendor.
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor.
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-inuse specifies which CMP vendor is used.
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
+
+<!--
+This holds the runtime configuration properties of the message-driven bean 
+in its operation environment.  For example, this may include information 
+about the name of a physical JMS destination etc.
+Defined this way to match the activation-config on the standard
+deployment descriptor for message-driven bean.
+-->
+<!ELEMENT activation-config ( description?, activation-config-property+ ) >
+
+<!--
+provide an element description
+
+Used in activation-config, method
+-->
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This hold a particular activation config propery name-value pair
+-->
+<!ELEMENT activation-config-property ( 
+  activation-config-property-name, activation-config-property-value ) >
+
+<!--
+This holds the name of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-name ( #PCDATA ) >
+
+<!--
+This holds the value of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-value ( #PCDATA ) >
+
+<!--
+This node holds the module ID of the resource adapter that
+is responsible for delivering messages to the message-driven
+bean, as well as the runtime configuration information for
+the mdb.
+-->
+<!ELEMENT mdb-resource-adapter ( resource-adapter-mid, activation-config? )>
+
+<!--
+This node holds the module ID of the resource adapter that is responsible 
+for delivering messages to the message-driven bean.
+-->
+<!ELEMENT resource-adapter-mid ( #PCDATA ) >
+
+<!-- 
+Generic name-value pairs property
+-->
+<!ELEMENT property ( name, value ) >
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+This declares the list of methods that would be allowed to be flushed at the 
+completion of the method. Applicable to entity beans with container managed 
+persistence
+
+Used in: ejb
+-->
+<!ELEMENT flush-at-end-of-method (method+)>
+
+
+<!--
+Used in: flush-at-end-of-method, checkpoint-at-end-of-method, prefetch-disabled
+-->
+<!ELEMENT method (description?, ejb-name?, method-name, method-intf?, method-params?)>
+
+
+<!--
+The method-intf element allows a method element to differentiate
+between the methods with the same name and signature that are multiply
+defined across the component and home interfaces (e.g., in both an
+enterprise bean's remote and local interfaces; in both an enterprise bean's
+home and remote interfaces, etc.)
+
+The method-intf element must be one of the following:
+	<method-intf>Home</method-intf>
+	<method-intf>Remote</method-intf>
+	<method-intf>LocalHome</method-intf>
+	<method-intf>Local</method-intf>
+
+Used in: method
+-->
+<!ELEMENT method-intf (#PCDATA)>
+
+
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: method, query-method, java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+
+<!--
+  			W E B   S E R V I C E S 
+--> 					
+<!--
+Information about a web service endpoint.
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should 
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application 
+does not require any transport guarantees. A value of INTEGRAL means 
+that the application requires that the data sent between the client 
+and server be sent in such a way that it can't be changed in transit. 
+CONFIDENTIAL means that the application requires that the data be 
+transmitted in a fashion that prevents other entities from observing 
+the contents of the transmission. In most cases, the presence of the 
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is 
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-config elements.
+
+Used in: message-security-config
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-0.dtd
new file mode 100644
index 0000000000..7a66d9452f
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-0.dtd
@@ -0,0 +1,1148 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_3_0.xsd
+
+-->
+
+<!--
+  XML DTD for Sun Application Server specific Java EE ejb 
+  deployment descriptor. This is a companion DTD to ejb-jar_3_0.xsd.
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
+
+-->
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT sun-ejb-jar (security-role-mapping*, enterprise-beans) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?,
+	message-destination*, webservice-description*)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, message-destination-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?, service-ref*
+
+Additional properties applicable to a stateless session bean:
+    bean-pool, webservice-endpoint
+
+Additional properties applicable to a stateful session bean:
+    bean-cache, webservice-endpoint, checkpointed-methods?, checkpoint-at-end-of-method?
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?, flush-at-end-of-method?
+
+Additional properties applicable to a message-driven bean:
+   mdb-resource-adapter?, mdb-connection-factory?, jms-durable-subscription-name?, 
+   jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, cmt-timeout-in-seconds?, use-thread-pool-id?, gen-classes?, 
+               bean-pool?, bean-cache?, mdb-resource-adapter?, webservice-endpoint*, flush-at-end-of-method?, checkpointed-methods?, checkpoint-at-end-of-method?)>
+
+<!-- 
+This attribute is only applicable for stateful session bean 
+-->
+<!ATTLIST ejb availability-enabled CDATA #IMPLIED>
+
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+
+Used in ejb, method
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+It is used for both ejb remote reference and ejb local reference.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?, prefetch-disabled?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This element in deprecated. It has been left in the DTD for validation purposes.
+Any value will be ignored by the runtime.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This element allows to selectively disable relationship prefetching for finders of a bean.
+Used in: cmp
+-->
+<!ELEMENT prefetch-disabled (query-method+)>
+
+<!--
+Used in: prefetch-disabled
+-->
+<!ELEMENT query-method (method-name, method-params)>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?,  query-ordering?)>
+
+<!--
+The method-name element contains a name of an enterprise bean method
+or the asterisk (*) character. The asterisk is used when the element
+denotes all the methods of an enterprise bean's component and home
+interfaces.
+
+Used in: method, finder, query-method, java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This optional element contains the ordering specification for CMP 1.1 finder.
+-->
+
+<!ELEMENT query-ordering (#PCDATA)>
+
+<!--
+This element identifies the database and the policy for processing CMP beans
+storage. The jndi-name element identifies either the persistence-manager-
+factory-resource or the jdbc-resource as defined in the server configuration.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?, property*,
+        create-tables-at-deploy?, drop-tables-at-undeploy?,
+        database-vendor-name?, schema-generator-properties?)>
+
+<!--
+This element contains the override properties for the schema generation 
+from CMP beans in this module.
+-->
+<!ELEMENT schema-generator-properties (property*) >
+
+<!--
+This element specifies whether automatic creation of tables for the CMP beans 
+is done at module deployment. Acceptable values are true or false
+-->
+<!ELEMENT create-tables-at-deploy ( #PCDATA )>
+
+<!--
+This element specifies whether automatic dropping of tables for the CMP beans 
+is done at module undeployment. Acceptabel values are true of false
+-->
+<!ELEMENT drop-tables-at-undeploy ( #PCDATA )>
+
+<!--
+This element specifies the database vendor name for ddl files generated at
+module deployment. Default is SQL92.
+-->
+<!ELEMENT database-vendor-name ( #PCDATA )>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+Support backward compatibility with AS7.1
+Now deprecated in 8.1 and later releases 
+Use checkpoint-at-end-of-method element instead
+
+The methods should be separated by semicolons. 
+The param list should separated by commas.  
+All method param types should be full qualified.
+Variable name is allowed for the param type.
+No return type or exception type.
+Example:
+foo(java.lang.String, a.b.c d); bar(java.lang.String s)
+
+Used in: ejb
+-->
+<!ELEMENT checkpointed-methods (#PCDATA)>
+
+<!--
+The equivalent element of checkpointed-methods for 8.1 and later releases
+
+Used in: ejb
+-->
+<!ELEMENT checkpoint-at-end-of-method (method+)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the timeout for transactions started by the container. This value must be greater than zero, else it will be ignored by the container.
+-->
+<!ELEMENT cmt-timeout-in-seconds (#PCDATA)>
+
+<!--
+Specifes the thread pool that will be used to process any invocation on this ejb
+-->
+<!ELEMENT use-thread-pool-id (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method.
+For CSIv2, the only supported value is USERNAME_PASSWORD.
+For EJB web service endpoint, supported values are BASIC and CLIENT-CERT.
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at sun-application.xml, it can apply to all the enclosed ejb 
+modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!--
+PM descriptors contain one or more pm descriptors, but only one of them must
+be in use at any given time. If not specified, the Sun CMP is used.
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the pluggable vendor implementation for the CMP 
+support of the CMP entity beans in this module.
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator?, pm-mapping-factory?)>
+
+<!--
+pm-identifier element identifies the vendor who provides the CMP implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific class generator to be used
+at the module deploymant time. This is the name of the class specific to this 
+vendor.
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor.
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-inuse specifies which CMP vendor is used.
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
+
+<!--
+This holds the runtime configuration properties of the message-driven bean 
+in its operation environment.  For example, this may include information 
+about the name of a physical JMS destination etc.
+Defined this way to match the activation-config on the standard
+deployment descriptor for message-driven bean.
+-->
+<!ELEMENT activation-config ( description?, activation-config-property+ ) >
+
+<!--
+provide an element description
+
+Used in activation-config, method
+-->
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This hold a particular activation config propery name-value pair
+-->
+<!ELEMENT activation-config-property ( 
+  activation-config-property-name, activation-config-property-value ) >
+
+<!--
+This holds the name of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-name ( #PCDATA ) >
+
+<!--
+This holds the value of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-value ( #PCDATA ) >
+
+<!--
+This node holds the module ID of the resource adapter that
+is responsible for delivering messages to the message-driven
+bean, as well as the runtime configuration information for
+the mdb.
+-->
+<!ELEMENT mdb-resource-adapter ( resource-adapter-mid, activation-config? )>
+
+<!--
+This node holds the module ID of the resource adapter that is responsible 
+for delivering messages to the message-driven bean.
+-->
+<!ELEMENT resource-adapter-mid ( #PCDATA ) >
+
+<!-- 
+Generic name-value pairs property
+-->
+<!ELEMENT property ( name, value ) >
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+This declares the list of methods that would be allowed to be flushed at the 
+completion of the method. Applicable to entity beans with container managed 
+persistence
+
+Used in: ejb
+-->
+<!ELEMENT flush-at-end-of-method (method+)>
+
+
+<!--
+Used in: flush-at-end-of-method, checkpoint-at-end-of-method, prefetch-disabled
+-->
+<!ELEMENT method (description?, ejb-name?, method-name, method-intf?, method-params?)>
+
+
+<!--
+The method-intf element allows a method element to differentiate
+between the methods with the same name and signature that are multiply
+defined across the component and home interfaces (e.g., in both an
+enterprise bean's remote and local interfaces; in both an enterprise bean's
+home and remote interfaces, etc.)
+
+The method-intf element must be one of the following:
+	<method-intf>Home</method-intf>
+	<method-intf>Remote</method-intf>
+	<method-intf>LocalHome</method-intf>
+	<method-intf>Local</method-intf>
+
+Used in: method
+-->
+<!ELEMENT method-intf (#PCDATA)>
+
+
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: method, query-method, java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+
+<!--
+  			W E B   S E R V I C E S 
+-->
+<!--
+Information about a web service endpoint.
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method, realm? )>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should 
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application 
+does not require any transport guarantees. A value of INTEGRAL means 
+that the application requires that the data sent between the client 
+and server be sent in such a way that it can't be changed in transit. 
+CONFIDENTIAL means that the application requires that the data be 
+transmitted in a fashion that prevents other entities from observing 
+the contents of the transmission. In most cases, the presence of the 
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is 
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-config elements.
+
+Used in: message-security-config
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-1.dtd
new file mode 100644
index 0000000000..34032ab34f
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_0-1.dtd
@@ -0,0 +1,1157 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_3_0.xsd
+
+-->
+
+<!--
+  XML DTD for Sun Application Server specific Java EE ejb 
+  deployment descriptor. This is a companion DTD to ejb-jar_3_0.xsd.
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.1.1 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-1.dtd">
+
+-->
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT sun-ejb-jar (security-role-mapping*, enterprise-beans) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?,
+	message-destination*, webservice-description*, property*)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, message-destination-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?, service-ref*
+
+Additional properties applicable to a stateless session bean:
+    bean-pool, webservice-endpoint
+
+Additional properties applicable to a stateful session bean:
+    bean-cache, webservice-endpoint, checkpointed-methods?, checkpoint-at-end-of-method?
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?, flush-at-end-of-method?
+
+Additional properties applicable to a message-driven bean:
+   mdb-resource-adapter?, mdb-connection-factory?, jms-durable-subscription-name?, 
+   jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, cmt-timeout-in-seconds?, use-thread-pool-id?, gen-classes?, 
+               bean-pool?, bean-cache?, mdb-resource-adapter?, webservice-endpoint*, flush-at-end-of-method?, checkpointed-methods?, checkpoint-at-end-of-method?, per-request-load-balancing?)>
+
+<!-- 
+This attribute is only applicable for stateful session bean 
+-->
+<!ATTLIST ejb availability-enabled CDATA #IMPLIED>
+
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+
+Used in ejb, method
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This element contains a true/false flag that controls the per-request load balancing
+behavior of EJB 2.x/3.x Remote client invocations on a stateless session bean. If set
+to true, per-request load balancing is enabled for the associated stateless session
+bean.  If set to false or not set, per-request load balancing is not enabled. 
+-->
+<!ELEMENT per-request-load-balancing (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+It is used for both ejb remote reference and ejb local reference.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?, prefetch-disabled?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This element in deprecated. It has been left in the DTD for validation purposes.
+Any value will be ignored by the runtime.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This element allows to selectively disable relationship prefetching for finders of a bean.
+Used in: cmp
+-->
+<!ELEMENT prefetch-disabled (query-method+)>
+
+<!--
+Used in: prefetch-disabled
+-->
+<!ELEMENT query-method (method-name, method-params)>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?,  query-ordering?)>
+
+<!--
+The method-name element contains a name of an enterprise bean method
+or the asterisk (*) character. The asterisk is used when the element
+denotes all the methods of an enterprise bean's component and home
+interfaces.
+
+Used in: method, finder, query-method, java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This optional element contains the ordering specification for CMP 1.1 finder.
+-->
+
+<!ELEMENT query-ordering (#PCDATA)>
+
+<!--
+This element identifies the database and the policy for processing CMP beans
+storage. The jndi-name element identifies either the persistence-manager-
+factory-resource or the jdbc-resource as defined in the server configuration.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?, property*,
+        create-tables-at-deploy?, drop-tables-at-undeploy?,
+        database-vendor-name?, schema-generator-properties?)>
+
+<!--
+This element contains the override properties for the schema generation 
+from CMP beans in this module.
+-->
+<!ELEMENT schema-generator-properties (property*) >
+
+<!--
+This element specifies whether automatic creation of tables for the CMP beans 
+is done at module deployment. Acceptable values are true or false
+-->
+<!ELEMENT create-tables-at-deploy ( #PCDATA )>
+
+<!--
+This element specifies whether automatic dropping of tables for the CMP beans 
+is done at module undeployment. Acceptabel values are true of false
+-->
+<!ELEMENT drop-tables-at-undeploy ( #PCDATA )>
+
+<!--
+This element specifies the database vendor name for ddl files generated at
+module deployment. Default is SQL92.
+-->
+<!ELEMENT database-vendor-name ( #PCDATA )>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+Support backward compatibility with AS7.1
+Now deprecated in 8.1 and later releases 
+Use checkpoint-at-end-of-method element instead
+
+The methods should be separated by semicolons. 
+The param list should separated by commas.  
+All method param types should be full qualified.
+Variable name is allowed for the param type.
+No return type or exception type.
+Example:
+foo(java.lang.String, a.b.c d); bar(java.lang.String s)
+
+Used in: ejb
+-->
+<!ELEMENT checkpointed-methods (#PCDATA)>
+
+<!--
+The equivalent element of checkpointed-methods for 8.1 and later releases
+
+Used in: ejb
+-->
+<!ELEMENT checkpoint-at-end-of-method (method+)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the timeout for transactions started by the container. This value must be greater than zero, else it will be ignored by the container.
+-->
+<!ELEMENT cmt-timeout-in-seconds (#PCDATA)>
+
+<!--
+Specifes the thread pool that will be used to process any invocation on this ejb
+-->
+<!ELEMENT use-thread-pool-id (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method.
+For CSIv2, the only supported value is USERNAME_PASSWORD.
+For EJB web service endpoint, supported values are BASIC and CLIENT-CERT.
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at sun-application.xml, it can apply to all the enclosed ejb 
+modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!--
+PM descriptors contain one or more pm descriptors, but only one of them must
+be in use at any given time. If not specified, the Sun CMP is used.
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the pluggable vendor implementation for the CMP 
+support of the CMP entity beans in this module.
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator?, pm-mapping-factory?)>
+
+<!--
+pm-identifier element identifies the vendor who provides the CMP implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific class generator to be used
+at the module deploymant time. This is the name of the class specific to this 
+vendor.
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor.
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-inuse specifies which CMP vendor is used.
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
+
+<!--
+This holds the runtime configuration properties of the message-driven bean 
+in its operation environment.  For example, this may include information 
+about the name of a physical JMS destination etc.
+Defined this way to match the activation-config on the standard
+deployment descriptor for message-driven bean.
+-->
+<!ELEMENT activation-config ( description?, activation-config-property+ ) >
+
+<!--
+provide an element description
+
+Used in activation-config, method
+-->
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This hold a particular activation config propery name-value pair
+-->
+<!ELEMENT activation-config-property ( 
+  activation-config-property-name, activation-config-property-value ) >
+
+<!--
+This holds the name of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-name ( #PCDATA ) >
+
+<!--
+This holds the value of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-value ( #PCDATA ) >
+
+<!--
+This node holds the module ID of the resource adapter that
+is responsible for delivering messages to the message-driven
+bean, as well as the runtime configuration information for
+the mdb.
+-->
+<!ELEMENT mdb-resource-adapter ( resource-adapter-mid, activation-config? )>
+
+<!--
+This node holds the module ID of the resource adapter that is responsible 
+for delivering messages to the message-driven bean.
+-->
+<!ELEMENT resource-adapter-mid ( #PCDATA ) >
+
+<!-- 
+Generic name-value pairs property
+-->
+<!ELEMENT property ( name, value ) >
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+This declares the list of methods that would be allowed to be flushed at the 
+completion of the method. Applicable to entity beans with container managed 
+persistence
+
+Used in: ejb
+-->
+<!ELEMENT flush-at-end-of-method (method+)>
+
+
+<!--
+Used in: flush-at-end-of-method, checkpoint-at-end-of-method, prefetch-disabled
+-->
+<!ELEMENT method (description?, ejb-name?, method-name, method-intf?, method-params?)>
+
+
+<!--
+The method-intf element allows a method element to differentiate
+between the methods with the same name and signature that are multiply
+defined across the component and home interfaces (e.g., in both an
+enterprise bean's remote and local interfaces; in both an enterprise bean's
+home and remote interfaces, etc.)
+
+The method-intf element must be one of the following:
+	<method-intf>Home</method-intf>
+	<method-intf>Remote</method-intf>
+	<method-intf>LocalHome</method-intf>
+	<method-intf>Local</method-intf>
+
+Used in: method
+-->
+<!ELEMENT method-intf (#PCDATA)>
+
+
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: method, query-method, java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+
+<!--
+  			W E B   S E R V I C E S 
+-->
+<!--
+Information about a web service endpoint.
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method, realm? )>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should 
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application 
+does not require any transport guarantees. A value of INTEGRAL means 
+that the application requires that the data sent between the client 
+and server be sent in such a way that it can't be changed in transit. 
+CONFIDENTIAL means that the application requires that the data be 
+transmitted in a fashion that prevents other entities from observing 
+the contents of the transmission. In most cases, the presence of the 
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is 
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-config elements.
+
+Used in: message-security-config
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_1-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_1-0.dtd
new file mode 100644
index 0000000000..3930b9fdf5
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-ejb-jar_3_1-0.dtd
@@ -0,0 +1,1147 @@
+<!--
+  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+  Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.
+
+  The contents of this file are subject to the terms of either the GNU
+  General Public License Version 2 only ("GPL") or the Common Development
+  and Distribution License("CDDL") (collectively, the "License").  You
+  may not use this file except in compliance with the License.  You can
+  obtain a copy of the License at
+  https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+  or packager/legal/LICENSE.txt.  See the License for the specific
+  language governing permissions and limitations under the License.
+
+  When distributing the software, include this License Header Notice in each
+  file and include the License file at packager/legal/LICENSE.txt.
+
+  GPL Classpath Exception:
+  Oracle designates this particular file as subject to the "Classpath"
+  exception as provided by Oracle in the GPL Version 2 section of the License
+  file that accompanied this code.
+
+  Modifications:
+  If applicable, add the following below the License Header, with the fields
+  enclosed by brackets [] replaced by your own identifying information:
+  "Portions Copyright [year] [name of copyright owner]"
+
+  Contributor(s):
+  If you wish your version of this file to be governed by only the CDDL or
+  only the GPL Version 2, indicate your decision by adding "[Contributor]
+  elects to include this software in this distribution under the [CDDL or GPL
+  Version 2] license."  If you don't indicate a single choice of license, a
+  recipient has the option to distribute your version of this file under
+  either the CDDL, the GPL Version 2 or to extend the choice of license to
+  its licensees as provided above.  However, if you add GPL Version 2 code
+  and therefore, elected the GPL Version 2 license, then the option applies
+  only if the new code is made subject to such option by the copyright
+  holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific EJB jar module 
+  deployment descriptor. This is a companion DTD for ejb-jar_3_1.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 EJB 3.1//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_1-0.dtd">
+
+-->
+
+
+<!--
+This is the root element of the ejb module descriptor document.
+-->
+<!ELEMENT sun-ejb-jar (security-role-mapping*, enterprise-beans) >
+
+<!-- 
+System unique object id. Automatically generated and updated at deployment/redeployment 
+-->
+<!ELEMENT unique-id (#PCDATA)>
+
+<!--
+This is the root element describing all the runtime of an ejb-jar in the application.
+-->
+<!ELEMENT enterprise-beans (name?, unique-id?, ejb*, pm-descriptors?, cmp-resource?,
+	message-destination*, webservice-description*)>
+
+<!--
+This is the element describing runtime bindings for a single ejb.
+
+Properties applicable to all types of beans:
+     ejb-name, ejb-ref*, jndi-name, resource-ref*, resource-env-ref*, message-destination-ref*, pass-by-reference?, 
+     ior-security-config?, gen-classes?, service-ref*
+
+Additional properties applicable to a stateless session bean:
+    bean-pool, webservice-endpoint
+
+Additional properties applicable to a stateful session bean:
+    bean-cache, webservice-endpoint, checkpointed-methods?, checkpoint-at-end-of-method?
+
+Additional properties applicable to an entity bean:
+   is-read-only-bean?, refresh-period-in-seconds?, cmp?, commit-option?, bean-cache?, bean-pool?, flush-at-end-of-method?
+
+Additional properties applicable to a message-driven bean:
+   mdb-resource-adapter?, mdb-connection-factory?, jms-durable-subscription-name?, 
+   jms-max-messages-load?, bean-pool?
+   ( In case of MDB, jndi-name is the jndi name of the associated jms destination )
+-->
+
+<!ELEMENT ejb (ejb-name, jndi-name?, ejb-ref*, resource-ref*, resource-env-ref*, service-ref*, message-destination-ref*, pass-by-reference?, 
+               cmp?, principal?, mdb-connection-factory?, jms-durable-subscription-name?, 
+               jms-max-messages-load?, ior-security-config?, is-read-only-bean?, 
+               refresh-period-in-seconds?, commit-option?, cmt-timeout-in-seconds?, use-thread-pool-id?, gen-classes?, 
+               bean-pool?, bean-cache?, mdb-resource-adapter?, webservice-endpoint*, flush-at-end-of-method?, checkpointed-methods?, checkpoint-at-end-of-method?)>
+
+<!-- 
+This attribute is only applicable for stateful session bean 
+-->
+<!ATTLIST ejb availability-enabled CDATA #IMPLIED>
+
+<!--
+The text in this element matches the ejb-name of the ejb to which it refers in ejb-jar.xml.
+
+Used in ejb, method
+-->
+<!ELEMENT ejb-name (#PCDATA)>
+
+<!--
+The text in this element is a true/false flag for read only beans.
+-->
+<!ELEMENT is-read-only-bean (#PCDATA)>
+
+<!--
+This is the root element which binds an ejb reference to a jndi name.
+It is used for both ejb remote reference and ejb local reference.
+-->
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+
+<!--
+The ejb ref name locates the name of the ejb reference in the application.
+-->
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!--
+This element describes runtime information for a CMP EntityBean object for 
+EJB1.1 and EJB2.0 beans.  
+-->
+<!ELEMENT cmp (mapping-properties?, is-one-one-cmp?, one-one-finders?, prefetch-disabled?)>
+
+<!--
+This contains the location of the persistence vendor specific O/R mapping file
+-->
+<!ELEMENT mapping-properties (#PCDATA)>
+
+<!--
+This element in deprecated. It has been left in the DTD for validation purposes.
+Any value will be ignored by the runtime.
+-->
+<!ELEMENT is-one-one-cmp (#PCDATA)>
+
+<!--
+This root element contains the finders for CMP 1.1.
+-->
+<!ELEMENT one-one-finders (finder+ )>
+
+<!--
+This element allows to selectively disable relationship prefetching for finders of a bean.
+Used in: cmp
+-->
+<!ELEMENT prefetch-disabled (query-method+)>
+
+<!--
+Used in: prefetch-disabled
+-->
+<!ELEMENT query-method (method-name, method-params)>
+
+<!--
+This root element contains the finder for CMP 1.1 with a method-name and query parameters
+-->
+<!ELEMENT finder (method-name, query-params?, query-filter?, query-variables?,  query-ordering?)>
+
+<!--
+The method-name element contains a name of an enterprise bean method
+or the asterisk (*) character. The asterisk is used when the element
+denotes all the methods of an enterprise bean's component and home
+interfaces.
+
+Used in: method, finder, query-method, java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+
+
+<!--
+This contains the query parameters for CMP 1.1 finder
+-->
+<!ELEMENT query-params (#PCDATA)>
+
+<!--
+This optional element contains the query filter for CMP 1.1 finder
+-->
+<!ELEMENT query-filter (#PCDATA)>
+
+<!--
+This optional element contains variables in query expression for CMP 1.1 finder
+-->
+<!ELEMENT query-variables (#PCDATA)>
+
+<!--
+This optional element contains the ordering specification for CMP 1.1 finder.
+-->
+
+<!ELEMENT query-ordering (#PCDATA)>
+
+<!--
+This element identifies the database and the policy for processing CMP beans
+storage. The jndi-name element identifies either the persistence-manager-
+factory-resource or the jdbc-resource as defined in the server configuration.
+-->
+<!ELEMENT cmp-resource (jndi-name, default-resource-principal?, property*,
+        create-tables-at-deploy?, drop-tables-at-undeploy?,
+        database-vendor-name?, schema-generator-properties?)>
+
+<!--
+This element contains the override properties for the schema generation 
+from CMP beans in this module.
+-->
+<!ELEMENT schema-generator-properties (property*) >
+
+<!--
+This element specifies whether automatic creation of tables for the CMP beans 
+is done at module deployment. Acceptable values are true or false
+-->
+<!ELEMENT create-tables-at-deploy ( #PCDATA )>
+
+<!--
+This element specifies whether automatic dropping of tables for the CMP beans 
+is done at module undeployment. Acceptabel values are true of false
+-->
+<!ELEMENT drop-tables-at-undeploy ( #PCDATA )>
+
+<!--
+This element specifies the database vendor name for ddl files generated at
+module deployment. Default is SQL92.
+-->
+<!ELEMENT database-vendor-name ( #PCDATA )>
+
+<!--
+This element specifies the connection factory associated with a message-driven bean.
+-->
+<!ELEMENT mdb-connection-factory (jndi-name, default-resource-principal?)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+Specifies the name of a durable subscription associated with a message-driven bean's 
+destination.  Required for a Topic destination, if subscription-durability is set to 
+Durable (in ejb-jar.xml)
+-->
+<!ELEMENT jms-durable-subscription-name (#PCDATA)>
+
+<!--
+A string value specifies the maximum number of messages to load into a JMS session 
+at one time for a message-driven bean to serve. If not specified, the default is 1.
+-->
+<!ELEMENT jms-max-messages-load (#PCDATA)>
+
+<!--
+This element contains all the generated class names for a bean.
+-->
+<!ELEMENT gen-classes ( remote-impl?, local-impl?, remote-home-impl?, local-home-impl? )>
+
+<!--
+This contains the fully qualified class name of the generated EJBObject impl class. 
+-->
+<!ELEMENT remote-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalObject impl class. 
+-->
+<!ELEMENT local-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBHome impl class. 
+-->
+<!ELEMENT remote-home-impl (#PCDATA)>
+
+<!--
+This contains the fully qualified class name of the generated EJBLocalHome impl class. 
+-->
+<!ELEMENT local-home-impl (#PCDATA)>
+
+<!--
+This contains the bean cache properties. Used only for entity beans and stateful session beans
+-->
+<!ELEMENT bean-cache (max-cache-size?, resize-quantity?, is-cache-overflow-allowed?, cache-idle-timeout-in-seconds?, removal-timeout-in-seconds?, victim-selection-policy?)>
+
+<!--
+max-cache-size defines the maximum number of beans in the cache. Should be greater than 1.
+Default is 512.
+-->
+<!ELEMENT max-cache-size (#PCDATA)>
+
+<!--
+is-cache-overflow-allowed is a boolean which indicates if the cache size is a hard limit or not. 
+Default is true i.e there is no hard limit. max-cache-size is a hint to the cache implementation.
+-->
+<!ELEMENT is-cache-overflow-allowed (#PCDATA)>
+
+<!--
+cache-idle-timeout-in-seconds specifies the maximum time that a stateful session bean or 
+entity bean is allowed to be idle in the cache. After this time, the bean is passivated 
+to backup store. This is a hint to server. Default value for cache-idle-timeout-in-seconds 
+is 600 seconds.
+-->
+<!ELEMENT cache-idle-timeout-in-seconds (#PCDATA)>
+
+
+<!--
+The amount of time that the bean remains passivated (i.e. idle in the backup store) is 
+controlled by removal-timeout-in-seconds parameter.  Note that if a bean was not accessed beyond 
+removal-timeout-in-seconds, then it will be removed from the backup store and hence will not 
+be accessible to the client. The Default value for removal-timeout-in-seconds is 60min.
+-->
+<!ELEMENT removal-timeout-in-seconds (#PCDATA)>
+
+<!--
+victim-selection-policy specifies the algorithm to use to pick victims. 
+Possible values are FIFO | LRU | NRU. Default is NRU, which is actually 
+pseudo-random selection policy.
+-->
+<!ELEMENT victim-selection-policy (#PCDATA)>
+
+<!--
+Support backward compatibility with AS7.1
+Now deprecated in 8.1 and later releases 
+Use checkpoint-at-end-of-method element instead
+
+The methods should be separated by semicolons. 
+The param list should separated by commas.  
+All method param types should be full qualified.
+Variable name is allowed for the param type.
+No return type or exception type.
+Example:
+foo(java.lang.String, a.b.c d); bar(java.lang.String s)
+
+Used in: ejb
+-->
+<!ELEMENT checkpointed-methods (#PCDATA)>
+
+<!--
+The equivalent element of checkpointed-methods for 8.1 and later releases
+
+Used in: ejb
+-->
+<!ELEMENT checkpoint-at-end-of-method (method+)>
+
+<!--
+bean-pool is a root element containing the bean pool properties. Used
+for stateless session bean, entity bean, and message-driven bean pools.
+-->
+<!ELEMENT bean-pool (steady-pool-size?, resize-quantity?, max-pool-size?, pool-idle-timeout-in-seconds?, max-wait-time-in-millis?)>
+
+<!--
+steady-pool-size specified the initial and minimum number of beans that must be maintained in the pool. 
+Valid values are from 0 to MAX_INTEGER. 
+-->
+<!ELEMENT steady-pool-size (#PCDATA)>
+
+<!--
+resize-quantity specifies the number of beans to be created or deleted when the pool 
+or cache is being serviced by the server. Valid values are from 0 to MAX_INTEGER and 
+subject to maximum size limit).  Default is 16.
+-->
+<!ELEMENT resize-quantity (#PCDATA)>
+
+<!--
+max-pool-size speifies the maximum pool size. Valid values are from 0 to MAX_INTEGER. 
+Default is 64.
+-->
+<!ELEMENT max-pool-size (#PCDATA)>
+
+<!--
+pool-idle-timeout-in-seconds specifies the maximum time that a stateless session bean or 
+message-driven bean is allowed to be idle in the pool. After this time, the bean is 
+passivated to backup store.  This is a hint to server. Default value for 
+pool-idle-timeout-in-seconds is 600 seconds.
+-->
+<!ELEMENT pool-idle-timeout-in-seconds (#PCDATA)>
+
+<!--
+A string field whose valid values are either "B", or "C". Default is "B" 
+-->
+<!ELEMENT commit-option (#PCDATA)>
+
+<!--
+Specifies the timeout for transactions started by the container. This value must be greater than zero, else it will be ignored by the container.
+-->
+<!ELEMENT cmt-timeout-in-seconds (#PCDATA)>
+
+<!--
+Specifes the thread pool that will be used to process any invocation on this ejb
+-->
+<!ELEMENT use-thread-pool-id (#PCDATA)>
+
+<!--
+Specifies the maximum time that the caller is willing to wait to get a bean from the pool.
+Wait time is infinite, if the value specified is 0. Deprecated.
+-->
+<!ELEMENT max-wait-time-in-millis (#PCDATA)>
+
+<!--
+refresh-period-in-seconds specifies the rate at which the read-only-bean must be refreshed 
+from the data source. 0 (never refreshed) and positive (refreshed at specified intervals).
+Specified value is a hint to the container.  Default is 600 seconds.
+-->
+<!ELEMENT refresh-period-in-seconds (#PCDATA)>
+
+<!--
+Specifies the jndi name string.
+-->
+<!ELEMENT  jndi-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+<!--
+This node describes a username on the platform.
+-->
+<!ELEMENT principal (name)>
+
+<!-- 
+security-role-mapping element maps the user principal or group 
+to a different principal on the server. 
+-->
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)> 
+
+<!-- 
+role-name specifies an accepted role 
+-->
+<!ELEMENT role-name (#PCDATA)> 
+
+<!-- 
+principal-name specifies a valid principal 
+-->
+<!ELEMENT principal-name (#PCDATA)> 
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+
+<!-- 
+group-name specifies a valid group name 
+-->
+<!ELEMENT group-name (#PCDATA)> 
+
+<!--
+The name of a resource reference.
+-->
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!--
+resource-env-ref holds all the runtime bindings of a resource env reference.
+-->
+<!ELEMENT resource-env-ref ( resource-env-ref-name, jndi-name )>
+
+<!--
+name of a resource env reference.
+-->
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!--
+resource-ref node holds all the runtime bindings of a resource reference.
+-->
+<!ELEMENT resource-ref  (res-ref-name, jndi-name, default-resource-principal?)>
+
+<!--
+user name and password to be used when none are specified while accesing a resource
+-->
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+ior-security-config element describes the security configuration information for the IOR.
+-->  
+<!ELEMENT ior-security-config ( transport-config? , as-context?, sas-context?  )> 
+
+<!--
+transport-config is the root element for security between the end points
+-->
+<!ELEMENT transport-config ( integrity, confidentiality, establish-trust-in-target, establish-trust-in-client )> 
+
+<!--
+integrity element indicates if the server (target) supports integrity protected messages. 
+The valid values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT integrity ( #PCDATA)>
+
+<!--
+confidentiality element indicates if the server (target) supports privacy protected 
+messages. The values are NONE, SUPPORTED or REQUIRED
+-->  
+<!ELEMENT confidentiality ( #PCDATA)>
+
+<!--
+establish-trust-in-target element indicates if the target is capable of authenticating to a client. 
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT establish-trust-in-target ( #PCDATA)>
+
+<!--
+establish-trust-in-client element indicates if the target is capable of authenticating a client. The
+values are NONE, SUPPORTED or REQUIRED.
+-->  
+<!ELEMENT establish-trust-in-client ( #PCDATA)>
+
+<!--
+as-context (CSIv2 authentication service) is the element describing the authentication 
+mechanism that will be used to authenticate the client. If specified it will be the 
+username-password mechanism.
+-->  
+<!ELEMENT as-context ( auth-method, realm, required )> 
+
+<!--
+required element specifies if the authentication method specified is required
+to be used for client authentication. If so the EstablishTrustInClient bit
+will be set in the target_requires field of the AS_Context. The element value
+is either true or false. 
+-->  
+<!ELEMENT required ( #PCDATA )> 
+
+<!--
+auth-method element describes the authentication method.
+For CSIv2, the only supported value is USERNAME_PASSWORD.
+For EJB web service endpoint, supported values are BASIC and CLIENT-CERT.
+-->  
+<!ELEMENT auth-method ( #PCDATA )> 
+
+<!--
+realm element describes the realm in which the user is authenticated. Must be 
+a valid realm that is registered in server configuration.
+-->  
+<!ELEMENT realm ( #PCDATA )> 
+
+<!--
+sas-context (related to CSIv2 security attribute service) element describes 
+the sas-context fields.
+-->  
+<!ELEMENT sas-context ( caller-propagation )> 
+
+<!--
+caller-propagation element indicates if the target will accept propagated caller identities
+The values are NONE or SUPPORTED.
+-->  
+<!ELEMENT caller-propagation ( #PCDATA) >
+
+<!-- 
+pass-by-reference elements controls use of Pass by Reference semantics.  
+EJB spec requires pass by value, which will be the default mode of operation. 
+This can be set to true for non-compliant operation and possibly higher 
+performance. For a stand-alone server, this can be used. By setting a similarly 
+named element at sun-application.xml, it can apply to all the enclosed ejb 
+modules. Allowed values are true and false. Default will be false.
+ -->
+<!ELEMENT pass-by-reference (#PCDATA)>
+
+<!--
+PM descriptors contain one or more pm descriptors, but only one of them must
+be in use at any given time. If not specified, the Sun CMP is used.
+-->
+<!ELEMENT pm-descriptors ( pm-descriptor+, pm-inuse)>
+
+<!--
+pm-descriptor describes the pluggable vendor implementation for the CMP 
+support of the CMP entity beans in this module.
+-->
+<!ELEMENT pm-descriptor ( pm-identifier, pm-version, pm-config?, pm-class-generator?, pm-mapping-factory?)>
+
+<!--
+pm-identifier element identifies the vendor who provides the CMP implementation
+-->
+<!ELEMENT pm-identifier (#PCDATA)>
+
+<!--
+pm-version further specifies which version of PM vendor product to be used
+-->
+<!ELEMENT pm-version (#PCDATA)>
+
+<!--
+pm-config specifies the vendor specific config file to be used
+-->
+<!ELEMENT pm-config (#PCDATA)>
+
+<!--
+pm-class-generator specifies the vendor specific class generator to be used
+at the module deploymant time. This is the name of the class specific to this 
+vendor.
+-->
+<!ELEMENT pm-class-generator (#PCDATA)>
+
+<!--
+pm-mapping-factory specifies the vendor specific mapping factory
+This is the name of the class specific to a vendor.
+-->
+<!ELEMENT pm-mapping-factory (#PCDATA)>
+
+<!--
+pm-inuse specifies which CMP vendor is used.
+-->
+<!ELEMENT pm-inuse (pm-identifier, pm-version)>
+
+
+<!--
+This holds the runtime configuration properties of the message-driven bean 
+in its operation environment.  For example, this may include information 
+about the name of a physical JMS destination etc.
+Defined this way to match the activation-config on the standard
+deployment descriptor for message-driven bean.
+-->
+<!ELEMENT activation-config ( description?, activation-config-property+ ) >
+
+<!--
+provide an element description
+
+Used in activation-config, method
+-->
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This hold a particular activation config propery name-value pair
+-->
+<!ELEMENT activation-config-property ( 
+  activation-config-property-name, activation-config-property-value ) >
+
+<!--
+This holds the name of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-name ( #PCDATA ) >
+
+<!--
+This holds the value of a runtime activation-config property
+-->
+<!ELEMENT activation-config-property-value ( #PCDATA ) >
+
+<!--
+This node holds the module ID of the resource adapter that
+is responsible for delivering messages to the message-driven
+bean, as well as the runtime configuration information for
+the mdb.
+-->
+<!ELEMENT mdb-resource-adapter ( resource-adapter-mid, activation-config? )>
+
+<!--
+This node holds the module ID of the resource adapter that is responsible 
+for delivering messages to the message-driven bean.
+-->
+<!ELEMENT resource-adapter-mid ( #PCDATA ) >
+
+<!-- 
+Generic name-value pairs property
+-->
+<!ELEMENT property ( name, value ) >
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!--
+This declares the list of methods that would be allowed to be flushed at the 
+completion of the method. Applicable to entity beans with container managed 
+persistence
+
+Used in: ejb
+-->
+<!ELEMENT flush-at-end-of-method (method+)>
+
+
+<!--
+Used in: flush-at-end-of-method, checkpoint-at-end-of-method, prefetch-disabled
+-->
+<!ELEMENT method (description?, ejb-name?, method-name, method-intf?, method-params?)>
+
+
+<!--
+The method-intf element allows a method element to differentiate
+between the methods with the same name and signature that are multiply
+defined across the component and home interfaces (e.g., in both an
+enterprise bean's remote and local interfaces; in both an enterprise bean's
+home and remote interfaces, etc.)
+
+The method-intf element must be one of the following:
+	<method-intf>Home</method-intf>
+	<method-intf>Remote</method-intf>
+	<method-intf>LocalHome</method-intf>
+	<method-intf>Local</method-intf>
+
+Used in: method
+-->
+<!ELEMENT method-intf (#PCDATA)>
+
+
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: method, query-method, java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
+
+
+<!--
+  			W E B   S E R V I C E S 
+-->
+<!--
+Information about a web service endpoint.
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method, realm? )>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+
+<!--
+Specifies that the communication between client and server should 
+be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application 
+does not require any transport guarantees. A value of INTEGRAL means 
+that the application requires that the data sent between the client 
+and server be sent in such a way that it can't be changed in transit. 
+CONFIDENTIAL means that the application requires that the data be 
+transmitted in a fashion that prevents other entities from observing 
+the contents of the transmission. In most cases, the presence of the 
+INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is 
+required.
+-->
+<!ELEMENT transport-guarantee ( #PCDATA )>
+
+
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-config elements.
+
+Used in: message-security-config
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_0.dtd
new file mode 100644
index 0000000000..d52a2bbf80
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_0.dtd
@@ -0,0 +1,650 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ The contents of this file are subject to the terms 
+ of the Common Development and Distribution License 
+ (the "License").  You may not use this file except 
+ in compliance with the License.
+ 
+ You can obtain a copy of the license at 
+ glassfish/bootstrap/legal/CDDLv1.0.txt or 
+ https://glassfish.dev.java.net/public/CDDLv1.0.html. 
+ See the License for the specific language governing 
+ permissions and limitations under the License.
+ 
+ When distributing Covered Code, include this CDDL 
+ HEADER in each file and include the License file at 
+ glassfish/bootstrap/legal/CDDLv1.0.txt.  If applicable, 
+ add the following below this CDDL HEADER, with the 
+ fields enclosed by brackets "[]" replaced with your 
+ own identifying information: Portions Copyright [yyyy] 
+ [name of copyright owner]
+-->
+<!-- ENTITIES -->
+<!-- boolean
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    persistence-manager-factory-resource                              
+-->
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- isolation
+
+  Used in:
+    jdbc-connection-pool                                              
+-->
+<!ENTITY % isolation
+    "(read-uncommitted | read-committed | repeatable-read | serializable)">    
+
+
+<!-- validation-level
+-->
+<!ENTITY % validation-level "(full | parsing | none)">
+
+<!-- object-type
+    defines the type of the resource. It can be:                      
+    system-all                                                                 
+        These are system resources for all instances and DAS          
+    system-admin                                                               
+        These are system resources only in DAS                        
+    system-instance                                                            
+        These are system resources only in instances (and not DAS)    
+    user                                                                       
+        User resources (This is the default for all elements)         
+
+  Used in:
+    admin-object-resource, connector-resource, custom-resource,       
+    external-jndi-resource, jdbc-resource, mail-resource,             
+    persistence-manager-factory-resource, resource-adapter-config     
+-->
+<!ENTITY % object-type "(system-all | system-admin | system-instance | user)">
+
+<!-- rjmx-protocol
+    SE/EE related ENTITIES: This will define the available JSR 160    
+    connector transport protocols.                                    
+-->
+<!ENTITY % rjmx-protocol "(rmi_jrmp | rmi_iiop | jmxmp)">
+
+<!-- monitoring-level
+    monitoring-level controls the amount of monitoring data collected 
+    and exposed to clients                                            
+    OFF                                                                        
+        no monitoring/statistical data is exposed to the clients.     
+    LOW                                                                        
+        SE/EE only                                                    
+    HIGH                                                                       
+        maximum data is gathered and released.                        
+-->
+<!ENTITY % monitoring-level "(OFF | LOW | HIGH)">
+
+<!-- persistence-type
+    SE/EE related ENTITIES                                            
+-->
+<!ENTITY % persistence-type "(memory | file | ha)">
+
+<!-- session-save-frequency
+-->
+<!ENTITY % session-save-frequency "(web-method | time-based | on-demand)">
+
+<!-- session-save-scope
+-->
+<!ENTITY % session-save-scope
+    "(session | modified-session | modified-attribute)">                       
+
+
+<!-- sfsb-persistence-type
+-->
+<!ENTITY % sfsb-persistence-type "(file | ha)">
+
+<!-- apply-to-type
+-->
+<!ENTITY % apply-to-type "(request | response | both)">
+
+<!-- lb-policy-type
+-->
+<!ENTITY % lb-policy-type
+    "(round-robin | weighted-round-robin | user-defined)">                     
+
+
+<!-- event-type
+-->
+<!ENTITY % event-type
+    "(log | timer | trace | monitor | cluster | lifecycle | notification)">    
+
+
+<!-- message-layer
+-->
+<!ENTITY % message-layer "(SOAP | HttpServlet)">
+
+<!-- ELEMENTS -->
+
+<!-- resources
+    J2EE Applications look up resources registered with the           
+    Application server, using portable JNDI names.                    
+-->
+<!ELEMENT resources
+    ((custom-resource | external-jndi-resource | jdbc-resource | mail-resource 
+    | persistence-manager-factory-resource | admin-object-resource |           
+    connector-resource | resource-adapter-config | jdbc-connection-pool |      
+    connector-connection-pool)*)>                                              
+
+
+
+<!-- description
+    Textual description of a configured entity                        
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    persistence-manager-factory-resource, property                    
+-->
+<!ELEMENT description (#PCDATA)>
+
+
+<!-- custom-resource
+    custom (or generic) resource managed by a user-written factory    
+    class.                                                            
+
+  attributes
+    jndi-name                                                                  
+        JNDI name for generic resource, the fully qualified type of   
+        the resource and whether it is enabled at runtime             
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT custom-resource (description?, property*)>
+
+<!ATTLIST custom-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- external-jndi-resource
+    resource residing in an external JNDI repository                  
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT external-jndi-resource (description?, property*)>
+
+<!ATTLIST external-jndi-resource
+    jndi-name CDATA #REQUIRED
+    jndi-lookup-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- jdbc-resource
+    JDBC javax.sql.(XA)DataSource resource definition                 
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT jdbc-resource (description?, property*)>
+
+<!ATTLIST jdbc-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- mail-resource
+    The mail-resource element describes a javax.mail.Session resource 
+
+  attributes
+    host                                                                       
+        ip V6 or V4 address or hostname.                              
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT mail-resource (description?, property*)>
+
+<!ATTLIST mail-resource
+    jndi-name CDATA #REQUIRED
+    store-protocol CDATA "imap"
+    store-protocol-class CDATA "com.sun.mail.imap.IMAPStore"
+    transport-protocol CDATA "smtp"
+    transport-protocol-class CDATA "com.sun.mail.smtp.SMTPTransport"
+    host CDATA #REQUIRED
+    user CDATA #REQUIRED
+    from CDATA #REQUIRED
+    debug %boolean; "false"
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- persistence-manager-factory-resource
+    Persistence Manager runtime configuration.                        
+
+  attributes
+    factory-class                                                              
+        Class that creates persistence manager instance.              
+    jdbc-resource-jndi-name                                                    
+        jdbc resource with which database connections are obtained.   
+    jndi-name                                                                  
+        JNDI name for this resource                                   
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT persistence-manager-factory-resource (description?, property*)>
+
+<!ATTLIST persistence-manager-factory-resource
+    jndi-name CDATA #REQUIRED
+    factory-class CDATA "com.sun.jdo.spi.persistence.support.sqlstore.impl.PersistenceManagerFactoryImpl"
+    jdbc-resource-jndi-name CDATA #IMPLIED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- admin-object-resource
+    The admin-object-resource element describes a administered object 
+    for a inbound resource adapter.                                   
+
+  attributes
+    jndi-name                                                                  
+        JNDI name for this resource                                   
+    res-adapter                                                                
+        Name of the inbound resource adapter.                         
+    res-type                                                                   
+        Interface definition for the administered object              
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT admin-object-resource (description?, property*)>
+
+<!ATTLIST admin-object-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    res-adapter CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- connector-resource
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT connector-resource (description?, property*)>
+
+<!ATTLIST connector-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- resource-adapter-config
+    This element is for configuring the resource adapter. These       
+    values (properties) over-rides the default values present in      
+    ra.xml. The name attribute has to be unique . It is optional for  
+    PE. It is used mainly for EE.                                     
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT resource-adapter-config (property*)>
+
+<!ATTLIST resource-adapter-config
+    name CDATA #IMPLIED
+    thread-pool-ids CDATA #IMPLIED
+    object-type %object-type; "user"
+    resource-adapter-name CDATA #REQUIRED>
+
+
+<!-- jdbc-connection-pool
+    jdbc-connection-pool defines configuration used to create and     
+    manage a pool physical database connections. Pool definition is   
+    named, and can be referred to by multiple jdbc-resource elements  
+    (See <jdbc-resource>).                                            
+
+    Each named pool definition results in a pool instantiated at server        
+    start-up. Pool is populated when accessed for the first time. If two or    
+    more jdbc-resource elements point to the same jdbc-connection-pool         
+    element, they are using the same pool of connections, at run time.         
+
+
+  children
+    property                                                                   
+        Most JDBC 2.0 drivers permit use of standard property lists,  
+        to specify User, Password and other resource configuration.   
+        While these are optional properties, according to the         
+        specification, several of these properties may be necessary   
+        for most databases. See Section 5.3 of JDBC 2.0 Standard      
+        Extension API.                                                
+
+        The following are the names and corresponding values for these         
+        properties                                                             
+
+        databaseName                                                           
+            Name of the Database                                      
+        serverName                                                             
+            Database Server name.                                     
+        port                                                                   
+            Port where a Database server is listening for requests.   
+        networkProtocol                                                        
+            Communication Protocol used.                              
+        user                                                                   
+            default name of the database user with which connections  
+            will be stablished. Programmatic database authentication  
+            or default-resource-principal specified in vendor         
+            specific web and ejb deployment descriptors will take     
+            precedence, over this default. The details and caveats    
+            are described in detail in the Administrator's guide.     
+        password                                                               
+            password for default database user                        
+        roleName                                                               
+            The initial SQL role name.                                
+        datasourceName                                                         
+            used to name an underlying XADataSource, or               
+            ConnectionPoolDataSource when pooling of connections is   
+            done                                                      
+        description                                                            
+            Textual Description                                       
+
+        When one or more of these properties are specified, they are passed as 
+        is using set<Name>(<Value>) methods to the vendors Datasource class    
+        (specified in datasource-classname). User and Password properties are  
+        used as default principal, if Container Managed authentication is      
+        specified and a default-resource-principal is not found in application 
+        deployment descriptors.                                                
+
+
+  attributes
+    allow-non-component-callers                                                
+        A pool with this property set to true, can be used by         
+        non-J2EE components (i.e components other than EJBs or        
+        Servlets). The returned connection is enlisted automatically  
+        with the transaction context obtained from the transaction    
+        manager. This property is to enable the pool to be used by    
+        non-component callers such as ServletFilters, Lifecycle       
+        modules, and 3rd party persistence managers. Standard J2EE    
+        components can continue to use such pools. Connections        
+        obtained by non-component callers are not automatically       
+        cleaned at the end of a transaction by the container. They    
+        need to be explicitly closed by the the caller.               
+    connection-validation-method                                               
+        specifies the type of validation to be performed when         
+        is-connection-validation-required is true. The following      
+        types of validation are supported:                            
+        auto-commit                                                            
+            using connection.autoCommit()                             
+        meta-data                                                              
+            using connection.getMetaData()                            
+        table                                                                  
+            performing a query on a user specified table (see         
+            validation-table-name).                                   
+    datasource-classname                                                       
+        Name of the vendor supplied JDBC datasource resource manager. 
+        An XA or global transactions capable datasource class will    
+        implement javax.sql.XADatasource interface. Non XA or Local   
+        transactions only datasources will implement                  
+        javax.sql.Datasource interface.                               
+    fail-all-connections                                                       
+        indicates if all connections in the pool must be closed       
+        should a single validation check fail. The default is false.  
+        One attempt will be made to re-establish failed connections.  
+    idle-timeout-in-seconds                                                    
+        maximum time in seconds, that a connection can remain idle in 
+        the pool. After this time, the pool implementation can close  
+        this connection. Note that this does not control connection   
+        timeouts enforced at the database server side. Adminsitrators 
+        are advised to keep this timeout shorter than the database    
+        server side timeout (if such timeouts are configured on the   
+        specific vendor's database), to prevent accumulation of       
+        unusable connection in Application Server.                    
+    is-connection-validation-required                                          
+        if true, connections are validated (checked to find out if    
+        they are usable) before giving out to the application. The    
+        default is false.                                             
+    is-isolation-level-guaranteed                                              
+        Applicable only when a particular isolation level is          
+        specified for transaction-isolation-level. The default value  
+        is true. This assures that every time a connection is         
+        obtained from the pool, it is guaranteed to have the          
+        isolation set to the desired value. This could have some      
+        performance impact on some JDBC drivers. Can be set to false  
+        by that administrator when they are certain that the          
+        application does not change the isolation level before        
+        returning the connection.                                     
+    max-pool-size                                                              
+        maximum number of conections that can be created              
+    max-wait-time-in-millis                                                    
+        amount of time the caller will wait before getting a          
+        connection timeout. The default is 60 seconds. A value of 0   
+        will force caller to wait indefinitely.                       
+    name                                                                       
+        unique name of the pool definition.                           
+    non-transactional-connections                                              
+        A pool with this property set to true returns                 
+        non-transactional connections. This connection does not get   
+        automatically enlisted with the transaction manager.          
+    pool-resize-quantity                                                       
+        number of connections to be removed when                      
+        idle-timeout-in-seconds timer expires. Connections that have  
+        idled for longer than the timeout are candidates for removal. 
+        When the pool size reaches steady-pool-size, the connection   
+        removal stops.                                                
+    res-type                                                                   
+        DataSource implementation class could implement one of of     
+        javax.sql.DataSource, javax.sql.XADataSource or               
+        javax.sql.ConnectionPoolDataSource interfaces. This optional  
+        attribute must be specified to disambiguate when a Datasource 
+        class implements two or more of these interfaces. An error is 
+        produced when this attribute has a legal value and the        
+        indicated interface is not implemented by the datasource      
+        class. This attribute has no default value.                   
+    steady-pool-size                                                           
+        minimum and initial number of connections maintained in the   
+        pool.                                                         
+    transaction-isolation-level                                                
+        Specifies the Transaction Isolation Level on the pooled       
+        database connections. Optional. Has no default. If left       
+        unspecified the pool operates with default isolation level    
+        provided by the JDBC Driver. A desired isolation level can be 
+        set using one of the standard transaction isolation levels,   
+        which see.                                                    
+
+        Applications that change the Isolation level on a pooled connection    
+        programmatically, risk polluting the pool and this could lead to       
+        program errors. Also see: is-isolation-level-guaranteed                
+
+    validation-table-name                                                      
+        specifies the table name to be used to perform a query to     
+        validate a connection. This parameter is mandatory, if        
+        connection-validation-type set to table. Verification by      
+        accessing a user specified table may become necessary for     
+        connection validation, particularly if database driver caches 
+        calls to setAutoCommit() and getMetaData().                   
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT jdbc-connection-pool (description?, property*)>
+
+<!ATTLIST jdbc-connection-pool
+    name CDATA #REQUIRED
+    datasource-classname CDATA #REQUIRED
+    res-type (javax.sql.DataSource | javax.sql.XADataSource | javax.sql.ConnectionPoolDataSource) #IMPLIED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    transaction-isolation-level %isolation; #IMPLIED
+    is-isolation-level-guaranteed %boolean; "true"
+    is-connection-validation-required %boolean; "false"
+    connection-validation-method (auto-commit | meta-data | table) "auto-commit"
+    validation-table-name CDATA #IMPLIED
+    fail-all-connections %boolean; "false"
+    non-transactional-connections %boolean; "false"
+    allow-non-component-callers %boolean; "false">
+
+
+<!-- connector-connection-pool
+    connector-connection-pool defines configuration used to create    
+    and manage a pool of connections to a EIS. Pool definition is     
+    named, and can be referred to by multiple connector-resource      
+    elements (See connector-resource).                                
+
+    Each named pool definition results in a pool instantiated at server        
+    start-up. Pool is populated when accessed for the first time. If two or    
+    more connector-resource elements point to the same                         
+    connector-connection-pool element, they are using the same pool of         
+    connections, at run time.                                                  
+
+    There can be more than one pool for one connection-definition in one       
+    resource-adapter.                                                          
+
+
+  children
+    property                                                                   
+        Properties are used to override the ManagedConnectionFactory  
+        javabean configuration settings.                              
+
+        When one or more of these properties are specified, they are passed as 
+        is using set<Name>(<Value>) methods to the Resource Adapter's          
+        ManagedConnectionfactory class (specified in ra.xml).                  
+
+
+  attributes
+    connection-definition-name                                                 
+        unique name, identifying one connection-definition in a       
+        Resource Adapter. Currently this is ConnectionFactory type.   
+    fail-all-connections                                                       
+        indicates if all connections in the pool must be closed       
+        should a single connection fail validation. The default is    
+        false. One attempt will be made to re-establish failed        
+        connections.                                                  
+    idle-timeout-in-seconds                                                    
+        maximum time in seconds, that a connection can remain idle in 
+        the pool. After this time, the pool implementation can close  
+        this connection. Note that this does not control connection   
+        timeouts enforced at the database server side. Adminsitrators 
+        are advised to keep this timeout shorter than the EIS         
+        connection timeout (if such timeouts are configured on the    
+        specific EIS), to prevent accumulation of unusable connection 
+        in Application Server.                                        
+    is-connection-validation-required                                          
+        This attribute specifies if the connection that is about to   
+        be returned is to be validated by the container,              
+    max-pool-size                                                              
+        maximum number of conections that can be created              
+    max-wait-time-in-millis                                                    
+        amount of time the caller will wait before getting a          
+        connection timeout. The default is 60 seconds. A value of 0   
+        will force caller to wait indefinitely.                       
+    name                                                                       
+        unique name of the pool definition.                           
+    pool-resize-quantity                                                       
+        number of connections to be removed when                      
+        idle-timeout-in-seconds timer expires. Connections that have  
+        idled for longer than the timeout are candidates for removal. 
+        When the pool size reaches steady-pool-size, the connection   
+        removal stops.                                                
+    resource-adapter-name                                                      
+        This is the name of resource adapter. Name of .rar file is    
+        taken as the unique name for the resource adapter.            
+    steady-pool-size                                                           
+        minimum and initial number of connections maintained in the   
+        pool.                                                         
+    transaction-support                                                        
+        Indicates the level of transaction support that this pool     
+        will have. Possible values are "XATransaction",               
+        "LocalTransaction" and "NoTransaction". This attribute will   
+        override that transaction support attribute in the Resource   
+        Adapter in a downward compatible way, i.e it can support a    
+        lower/equal transaction level than specified in the RA, but   
+        not a higher level.                                           
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT connector-connection-pool (description?, security-map*, property*)>
+
+<!ATTLIST connector-connection-pool
+    name CDATA #REQUIRED
+    resource-adapter-name CDATA #REQUIRED
+    connection-definition-name CDATA #REQUIRED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    fail-all-connections %boolean; "false"
+    transaction-support (XATransaction | LocalTransaction | NoTransaction) #IMPLIED
+    is-connection-validation-required %boolean; "false">
+
+
+<!-- property
+    Syntax for supplying properties as name value pairs               
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    persistence-manager-factory-resource, resource-adapter-config     
+-->
+<!ELEMENT property (description?)>
+
+<!ATTLIST property
+    name CDATA #REQUIRED
+    value CDATA #REQUIRED>
+
+
+<!-- security-map
+    Perform mapping from principal received during Servlet/EJB        
+    authentication, to credentials accepted by the EIS. This mapping  
+    is optional.It is possible to map multiple (server) principal to  
+    the same backend principal.                                       
+
+  Used in:
+    connector-connection-pool                                         
+-->
+<!ELEMENT security-map ((principal | user-group)+, backend-principal)>
+
+<!ATTLIST security-map
+    name CDATA #REQUIRED>
+
+
+<!-- principal
+    Principal of the Servlet and EJB client                           
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT principal (#PCDATA)>
+
+
+<!-- user-group
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT user-group (#PCDATA)>
+
+
+<!-- backend-principal
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT backend-principal EMPTY>
+
+<!ATTLIST backend-principal
+    user-name CDATA #REQUIRED
+    password CDATA #IMPLIED>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_3.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_3.dtd
new file mode 100644
index 0000000000..e16e849e38
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-resources_1_3.dtd
@@ -0,0 +1,732 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--  
+  The contents of this file are subject to the terms
+ of the Common Development and Distribution License
+ (the License).  You may not use this file except in
+ compliance with the License.
+ You can obtain a copy of the license at
+
+ https://glassfish.dev.java.net/public/CDDLv1.0.html or
+ glassfish/bootstrap/legal/CDDLv1.0.txt.
+ See the License for the specific language governing
+ permissions and limitations under the License.
+
+ When distributing Covered Code, include this CDDL
+
+ Header Notice in each file and include the License file
+ at glassfish/bootstrap/legal/CDDLv1.0.txt. 
+ If applicable, add the following below the CDDL Header,
+ with the fields enclosed by brackets [] replaced by
+ you own identifying information:
+ "Portions Copyrighted [year] [name of copyright owner]"
+
+ Copyright 2006 Sun Microsystems, Inc. All rights reserved.-->
+<!--  
+  A resources instance document referring to this DTD should have a DOCTYPE as follows:
+ <!DOCTYPE resources PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Resource Definitions//EN" "http://www.sun.com/software/appserver/dtds/sun-resources_1_3.dtd">-->
+<!-- ENTITIES -->
+<!-- boolean
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    persistence-manager-factory-resource                              
+-->
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- isolation
+
+  Used in:
+    jdbc-connection-pool                                              
+-->
+<!ENTITY % isolation
+    "(read-uncommitted | read-committed | repeatable-read | serializable)">    
+
+
+<!-- object-type
+    defines the type of the resource. It can be:                      
+    system-all                                                                 
+        These are system resources for all instances and DAS          
+    system-admin                                                               
+        These are system resources only in DAS                        
+    system-instance                                                            
+        These are system resources only in instances (and not DAS)    
+    user                                                                       
+        User resources (This is the default for all elements)         
+
+  Used in:
+    admin-object-resource, connector-resource, custom-resource,       
+    external-jndi-resource, jdbc-resource, mail-resource,             
+    persistence-manager-factory-resource, resource-adapter-config     
+-->
+<!ENTITY % object-type "(system-all | system-admin | system-instance | user)">
+
+<!-- ELEMENTS -->
+
+<!-- resources
+    J2EE Applications look up resources registered with the           
+    Application server, using portable JNDI names.                    
+-->
+<!ELEMENT resources
+    ((custom-resource | external-jndi-resource | jdbc-resource | mail-resource 
+    | persistence-manager-factory-resource | admin-object-resource |           
+    connector-resource | resource-adapter-config | jdbc-connection-pool |      
+    connector-connection-pool)*)>                                              
+
+
+
+<!-- description
+    Textual description of a configured entity                        
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    persistence-manager-factory-resource, property                    
+-->
+<!ELEMENT description (#PCDATA)>
+
+
+<!-- custom-resource
+    custom (or generic) resource managed by a user-written factory    
+    class.                                                            
+
+  attributes
+    jndi-name                                                                  
+        JNDI name for generic resource, the fully qualified type of   
+        the resource and whether it is enabled at runtime             
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT custom-resource (description?, property*)>
+
+<!ATTLIST custom-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- external-jndi-resource
+    resource residing in an external JNDI repository                  
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT external-jndi-resource (description?, property*)>
+
+<!ATTLIST external-jndi-resource
+    jndi-name CDATA #REQUIRED
+    jndi-lookup-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    factory-class CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- jdbc-resource
+    JDBC javax.sql.(XA)DataSource resource definition                 
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT jdbc-resource (description?, property*)>
+
+<!ATTLIST jdbc-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- mail-resource
+    The mail-resource element describes a javax.mail.Session resource 
+
+  attributes
+    host                                                                       
+        ip V6 or V4 address or hostname.                              
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT mail-resource (description?, property*)>
+
+<!ATTLIST mail-resource
+    jndi-name CDATA #REQUIRED
+    store-protocol CDATA "imap"
+    store-protocol-class CDATA "com.sun.mail.imap.IMAPStore"
+    transport-protocol CDATA "smtp"
+    transport-protocol-class CDATA "com.sun.mail.smtp.SMTPTransport"
+    host CDATA #REQUIRED
+    user CDATA #REQUIRED
+    from CDATA #REQUIRED
+    debug %boolean; "false"
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- persistence-manager-factory-resource
+    Persistence Manager runtime configuration.                        
+
+  attributes
+    factory-class                                                              
+        Class that creates persistence manager instance.              
+    jdbc-resource-jndi-name                                                    
+        jdbc resource with which database connections are obtained.   
+    jndi-name                                                                  
+        JNDI name for this resource                                   
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT persistence-manager-factory-resource (description?, property*)>
+
+<!ATTLIST persistence-manager-factory-resource
+    jndi-name CDATA #REQUIRED
+    factory-class CDATA "com.sun.jdo.spi.persistence.support.sqlstore.impl.PersistenceManagerFactoryImpl"
+    jdbc-resource-jndi-name CDATA #IMPLIED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- admin-object-resource
+    The admin-object-resource element describes a administered object 
+    for a inbound resource adapter.                                   
+
+  attributes
+    jndi-name                                                                  
+        JNDI name for this resource                                   
+    res-adapter                                                                
+        Name of the inbound resource adapter.                         
+    res-type                                                                   
+        Interface definition for the administered object              
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT admin-object-resource (description?, property*)>
+
+<!ATTLIST admin-object-resource
+    jndi-name CDATA #REQUIRED
+    res-type CDATA #REQUIRED
+    res-adapter CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- connector-resource
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT connector-resource (description?, property*)>
+
+<!ATTLIST connector-resource
+    jndi-name CDATA #REQUIRED
+    pool-name CDATA #REQUIRED
+    object-type %object-type; "user"
+    enabled %boolean; "true">
+
+
+<!-- resource-adapter-config
+    This element is for configuring the resource adapter. These       
+    values (properties) over-rides the default values present in      
+    ra.xml. The name attribute has to be unique . It is optional for  
+    PE. It is used mainly for EE.                                     
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT resource-adapter-config (property*)>
+
+<!ATTLIST resource-adapter-config
+    name CDATA #IMPLIED
+    thread-pool-ids CDATA #IMPLIED
+    object-type %object-type; "user"
+    resource-adapter-name CDATA #REQUIRED>
+
+
+<!-- jdbc-connection-pool
+    jdbc-connection-pool defines configuration used to create and     
+    manage a pool physical database connections. Pool definition is   
+    named, and can be referred to by multiple jdbc-resource elements  
+    (See <jdbc-resource>).                                            
+
+    Each named pool definition results in a pool instantiated at server        
+    start-up. Pool is populated when accessed for the first time. If two or    
+    more jdbc-resource elements point to the same jdbc-connection-pool         
+    element, they are using the same pool of connections, at run time.         
+
+
+  children
+    property                                                                   
+        Most JDBC 2.0 drivers permit use of standard property lists,  
+        to specify User, Password and other resource configuration.   
+        While these are optional properties, according to the         
+        specification, several of these properties may be necessary   
+        for most databases. See Section 5.3 of JDBC 2.0 Standard      
+        Extension API.                                                
+
+        The following are the names and corresponding values for these         
+        properties                                                             
+
+        databaseName                                                           
+            Name of the Database                                      
+        serverName                                                             
+            Database Server name.                                     
+        port                                                                   
+            Port where a Database server is listening for requests.   
+        networkProtocol                                                        
+            Communication Protocol used.                              
+        user                                                                   
+            default name of the database user with which connections  
+            will be stablished. Programmatic database authentication  
+            or default-resource-principal specified in vendor         
+            specific web and ejb deployment descriptors will take     
+            precedence, over this default. The details and caveats    
+            are described in detail in the Administrator's guide.     
+        password                                                               
+            password for default database user                        
+        roleName                                                               
+            The initial SQL role name.                                
+        datasourceName                                                         
+            used to name an underlying XADataSource, or               
+            ConnectionPoolDataSource when pooling of connections is   
+            done                                                      
+        description                                                            
+            Textual Description                                       
+
+        When one or more of these properties are specified, they are passed as 
+        is using set<Name>(<Value>) methods to the vendors Datasource class    
+        (specified in datasource-classname). User and Password properties are  
+        used as default principal, if Container Managed authentication is      
+        specified and a default-resource-principal is not found in application 
+        deployment descriptors.                                                
+
+
+  attributes
+    allow-non-component-callers                                                
+        A pool with this property set to true, can be used by         
+        non-J2EE components (i.e components other than EJBs or        
+        Servlets). The returned connection is enlisted automatically  
+        with the transaction context obtained from the transaction    
+        manager. This property is to enable the pool to be used by    
+        non-component callers such as ServletFilters, Lifecycle       
+        modules, and 3rd party persistence managers. Standard J2EE    
+        components can continue to use such pools. Connections        
+        obtained by non-component callers are not automatically       
+        cleaned at the end of a transaction by the container. They    
+        need to be explicitly closed by the the caller.               
+    associate-with-thread                                                      
+        Associate a connection with the thread such that when the     
+        same thread is in need of a connection, it can reuse the      
+        connection already associated with that thread, thereby not   
+        incurring the overhead of getting a connection from the pool. 
+        Default value is false.                                       
+    connection-creation-retry-attempts                                         
+        The number of attempts to create a new connection. Default is 
+        0, which implies no retries.                                  
+    connection-creation-retry-interval-in-seconds                              
+        The time interval between retries while attempting to create  
+        a connection. Default is 10 seconds. Effective when           
+        connection-creation-retry-attempts is greater than 0.         
+    connection-leak-reclaim                                                    
+        If enabled, connection will be reusable (put back into pool)  
+        after connection-leak-timeout-in-seconds occurs. Default      
+        value is false.                                               
+    connection-leak-timeout-in-seconds                                         
+        To aid user in detecting potential connection leaks by the    
+        application. When a connection is not returned back to the    
+        pool by the application within the specified period, it is    
+        assumed to be a potential leak and stack trace of the caller  
+        will be logged. Default is 0, which implies there is no leak  
+        detection, by default. A positive non-zero value turns on     
+        leak detection. Note however that, this attribute only        
+        detects if there is a connection leak. The connection can be  
+        reclaimed only if connection-leak-reclaim is set to true.     
+    connection-validation-method                                               
+        specifies the type of validation to be performed when         
+        is-connection-validation-required is true. The following      
+        types of validation are supported:                            
+        auto-commit                                                            
+            using connection.autoCommit()                             
+        meta-data                                                              
+            using connection.getMetaData()                            
+        table                                                                  
+            performing a query on a user specified table (see         
+            validation-table-name).                                   
+    datasource-classname                                                       
+        Name of the vendor supplied JDBC datasource resource manager. 
+        An XA or global transactions capable datasource class will    
+        implement javax.sql.XADatasource interface. Non XA or Local   
+        transactions only datasources will implement                  
+        javax.sql.Datasource interface.                               
+    fail-all-connections                                                       
+        indicates if all connections in the pool must be closed       
+        should a single validation check fail. The default is false.  
+        One attempt will be made to re-establish failed connections.  
+    idle-timeout-in-seconds                                                    
+        maximum time in seconds, that a connection can remain idle in 
+        the pool. After this time, the pool implementation can close  
+        this connection. Note that this does not control connection   
+        timeouts enforced at the database server side. Adminsitrators 
+        are advised to keep this timeout shorter than the database    
+        server side timeout (if such timeouts are configured on the   
+        specific vendor's database), to prevent accumulation of       
+        unusable connection in Application Server.                    
+    is-connection-validation-required                                          
+        if true, connections are validated (checked to find out if    
+        they are usable) before giving out to the application. The    
+        default is false.                                             
+    is-isolation-level-guaranteed                                              
+        Applicable only when a particular isolation level is          
+        specified for transaction-isolation-level. The default value  
+        is true. This assures that every time a connection is         
+        obtained from the pool, it is guaranteed to have the          
+        isolation set to the desired value. This could have some      
+        performance impact on some JDBC drivers. Can be set to false  
+        by that administrator when they are certain that the          
+        application does not change the isolation level before        
+        returning the connection.                                     
+    lazy-connection-association                                                
+        Connections are lazily associated when an operation is        
+        performed on them. Also, they are disassociated when the      
+        transaction is completed and a component method ends, which   
+        helps reuse of the physical connections. Default value is     
+        false.                                                        
+    lazy-connection-enlistment                                                 
+        Enlist a resource to the transaction only when it is actually 
+        used in a method, which avoids enlistment of connections that 
+        are not used in a transaction. This also prevents unnecessary 
+        enlistment of connections cached in the calling components.   
+        Default value is false.                                       
+    match-connections                                                          
+        To switch on/off connection matching for the pool. It can be  
+        set to false if the administrator knows that the connections  
+        in the pool will always be homogeneous and hence a connection 
+        picked from the pool need not be matched by the resource      
+        adapter. Default value is false.                              
+    max-connection-usage-count                                                 
+        When specified, connections will be re-used by the pool for   
+        the specified number of times after which it will be closed.  
+        This is useful for instance, to avoid statement-leaks.        
+        Default value is 0, which implies the feature is not enabled. 
+    max-pool-size                                                              
+        maximum number of conections that can be created              
+    max-wait-time-in-millis                                                    
+        amount of time the caller will wait before getting a          
+        connection timeout. The default is 60 seconds. A value of 0   
+        will force caller to wait indefinitely.                       
+    name                                                                       
+        unique name of the pool definition.                           
+    non-transactional-connections                                              
+        A pool with this property set to true returns                 
+        non-transactional connections. This connection does not get   
+        automatically enlisted with the transaction manager.          
+    pool-resize-quantity                                                       
+        number of connections to be removed when                      
+        idle-timeout-in-seconds timer expires. Connections that have  
+        idled for longer than the timeout are candidates for removal. 
+        When the pool size reaches steady-pool-size, the connection   
+        removal stops.                                                
+    res-type                                                                   
+        DataSource implementation class could implement one of of     
+        javax.sql.DataSource, javax.sql.XADataSource or               
+        javax.sql.ConnectionPoolDataSource interfaces. This optional  
+        attribute must be specified to disambiguate when a Datasource 
+        class implements two or more of these interfaces. An error is 
+        produced when this attribute has a legal value and the        
+        indicated interface is not implemented by the datasource      
+        class. This attribute has no default value.                   
+    statement-timeout-in-seconds                                               
+        Sets the timeout property of a connection to enable           
+        termination of abnormally long running queries. Default value 
+        of -1 implies that it is not enabled.                         
+    steady-pool-size                                                           
+        minimum and initial number of connections maintained in the   
+        pool.                                                         
+    transaction-isolation-level                                                
+        Specifies the Transaction Isolation Level on the pooled       
+        database connections. Optional. Has no default. If left       
+        unspecified the pool operates with default isolation level    
+        provided by the JDBC Driver. A desired isolation level can be 
+        set using one of the standard transaction isolation levels,   
+        which see.                                                    
+
+        Applications that change the Isolation level on a pooled connection    
+        programmatically, risk polluting the pool and this could lead to       
+        program errors. Also see: is-isolation-level-guaranteed                
+
+    validate-atmost-once-period-in-seconds                                     
+        Used to set the time-interval within which a connection is    
+        validated atmost once. Default is 0 which implies that it is  
+        not enabled. TBD: Documentation is to be corrected.           
+    validation-table-name                                                      
+        specifies the table name to be used to perform a query to     
+        validate a connection. This parameter is mandatory, if        
+        connection-validation-type set to table. Verification by      
+        accessing a user specified table may become necessary for     
+        connection validation, particularly if database driver caches 
+        calls to setAutoCommit() and getMetaData().                   
+    wrap-jdbc-objects                                                          
+        When set to true, application will get wrapped jdbc objects   
+        for Statement, PreparedStatement, CallableStatement,          
+        ResultSet, DatabaseMetaData. Defaults to false.               
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT jdbc-connection-pool (description?, property*)>
+
+<!ATTLIST jdbc-connection-pool
+    name CDATA #REQUIRED
+    datasource-classname CDATA #REQUIRED
+    res-type (javax.sql.DataSource | javax.sql.XADataSource | javax.sql.ConnectionPoolDataSource) #IMPLIED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    transaction-isolation-level %isolation; #IMPLIED
+    is-isolation-level-guaranteed %boolean; "true"
+    is-connection-validation-required %boolean; "false"
+    connection-validation-method (auto-commit | meta-data | table) "auto-commit"
+    validation-table-name CDATA #IMPLIED
+    fail-all-connections %boolean; "false"
+    non-transactional-connections %boolean; "false"
+    allow-non-component-callers %boolean; "false"
+    validate-atmost-once-period-in-seconds CDATA "0"
+    connection-leak-timeout-in-seconds CDATA "0"
+    connection-leak-reclaim %boolean; "false"
+    connection-creation-retry-attempts CDATA "0"
+    connection-creation-retry-interval-in-seconds CDATA "10"
+    statement-timeout-in-seconds CDATA "-1"
+    lazy-connection-enlistment %boolean; "false"
+    lazy-connection-association %boolean; "false"
+    associate-with-thread %boolean; "false"
+    match-connections %boolean; "false"
+    max-connection-usage-count CDATA "0"
+    wrap-jdbc-objects %boolean; "false">
+
+
+<!-- connector-connection-pool
+    connector-connection-pool defines configuration used to create    
+    and manage a pool of connections to a EIS. Pool definition is     
+    named, and can be referred to by multiple connector-resource      
+    elements (See connector-resource).                                
+
+    Each named pool definition results in a pool instantiated at server        
+    start-up. Pool is populated when accessed for the first time. If two or    
+    more connector-resource elements point to the same                         
+    connector-connection-pool element, they are using the same pool of         
+    connections, at run time.                                                  
+
+    There can be more than one pool for one connection-definition in one       
+    resource-adapter.                                                          
+
+
+  children
+    property                                                                   
+        Properties are used to override the ManagedConnectionFactory  
+        javabean configuration settings.                              
+
+        When one or more of these properties are specified, they are passed as 
+        is using set<Name>(<Value>) methods to the Resource Adapter's          
+        ManagedConnectionfactory class (specified in ra.xml).                  
+
+
+  attributes
+    associate-with-thread                                                      
+        Associate a connection with the thread such that when the     
+        same thread is in need of a connection, it can reuse the      
+        connection already associated with that thread, thereby not   
+        incurring the overhead of getting a connection from the pool. 
+        Default value is false.                                       
+    connection-creation-retry-attempts                                         
+        The number of attempts to create a new connection. Default is 
+        0, which implies no retries.                                  
+    connection-creation-retry-interval-in-seconds                              
+        The time interval between retries while attempting to create  
+        a connection. Default is 10 seconds. Effective when           
+        connection-creation-retry-attempts is greater than 0.         
+    connection-definition-name                                                 
+        unique name, identifying one connection-definition in a       
+        Resource Adapter. Currently this is ConnectionFactory type.   
+    connection-leak-reclaim                                                    
+        If enabled, connection will be reusable (put back into pool)  
+        after connection-leak-timeout-in-seconds occurs. Default      
+        value is false.                                               
+    connection-leak-timeout-in-seconds                                         
+        To aid user in detecting potential connection leaks by the    
+        application. When a connection is not returned back to the    
+        pool by the application within the specified period, it is    
+        assumed to be a potential leak and stack trace of the caller  
+        will be logged. Default is 0, which implies there is no leak  
+        detection, by default. A positive non-zero value turns on     
+        leak detection. Note however that, this attribute only        
+        detects if there is a connection leak. The connection can be  
+        reclaimed only if connection-leak-reclaim is set to true.     
+    fail-all-connections                                                       
+        indicates if all connections in the pool must be closed       
+        should a single connection fail validation. The default is    
+        false. One attempt will be made to re-establish failed        
+        connections.                                                  
+    idle-timeout-in-seconds                                                    
+        maximum time in seconds, that a connection can remain idle in 
+        the pool. After this time, the pool implementation can close  
+        this connection. Note that this does not control connection   
+        timeouts enforced at the database server side. Adminsitrators 
+        are advised to keep this timeout shorter than the EIS         
+        connection timeout (if such timeouts are configured on the    
+        specific EIS), to prevent accumulation of unusable connection 
+        in Application Server.                                        
+    is-connection-validation-required                                          
+        This attribute specifies if the connection that is about to   
+        be returned is to be validated by the container,              
+    lazy-connection-association                                                
+        Connections are lazily associated when an operation is        
+        performed on them. Also, they are disassociated when the      
+        transaction is completed and a component method ends, which   
+        helps reuse of the physical connections. Default value is     
+        false.                                                        
+    lazy-connection-enlistment                                                 
+        Enlist a resource to the transaction only when it is actually 
+        used in a method, which avoids enlistment of connections that 
+        are not used in a transaction. This also prevents unnecessary 
+        enlistment of connections cached in the calling components.   
+        Default value is false.                                       
+    match-connections                                                          
+        To switch on/off connection matching for the pool. It can be  
+        set to false if the administrator knows that the connections  
+        in the pool will always be homogeneous and hence a connection 
+        picked from the pool need not be matched by the resource      
+        adapter. Default value is true.                               
+    max-connection-usage-count                                                 
+        When specified, connections will be re-used by the pool for   
+        the specified number of times after which it will be closed.  
+        This is useful for instance, to avoid statement-leaks.        
+        Default value is 0, which implies the feature is not enabled. 
+    max-pool-size                                                              
+        maximum number of conections that can be created              
+    max-wait-time-in-millis                                                    
+        amount of time the caller will wait before getting a          
+        connection timeout. The default is 60 seconds. A value of 0   
+        will force caller to wait indefinitely.                       
+    name                                                                       
+        unique name of the pool definition.                           
+    pool-resize-quantity                                                       
+        number of connections to be removed when                      
+        idle-timeout-in-seconds timer expires. Connections that have  
+        idled for longer than the timeout are candidates for removal. 
+        When the pool size reaches steady-pool-size, the connection   
+        removal stops.                                                
+    resource-adapter-name                                                      
+        This is the name of resource adapter. Name of .rar file is    
+        taken as the unique name for the resource adapter.            
+    steady-pool-size                                                           
+        minimum and initial number of connections maintained in the   
+        pool.                                                         
+    transaction-support                                                        
+        Indicates the level of transaction support that this pool     
+        will have. Possible values are "XATransaction",               
+        "LocalTransaction" and "NoTransaction". This attribute will   
+        override that transaction support attribute in the Resource   
+        Adapter in a downward compatible way, i.e it can support a    
+        lower/equal transaction level than specified in the RA, but   
+        not a higher level.                                           
+    validate-atmost-once-period-in-seconds                                     
+        Used to set the time-interval within which a connection is    
+        validated atmost once. Default is 0 which implies that it is  
+        not enabled. TBD: Documentation is to be corrected.           
+
+  Used in:
+    resources                                                         
+-->
+<!ELEMENT connector-connection-pool (description?, security-map*, property*)>
+
+<!ATTLIST connector-connection-pool
+    name CDATA #REQUIRED
+    resource-adapter-name CDATA #REQUIRED
+    connection-definition-name CDATA #REQUIRED
+    steady-pool-size CDATA "8"
+    max-pool-size CDATA "32"
+    max-wait-time-in-millis CDATA "60000"
+    pool-resize-quantity CDATA "2"
+    idle-timeout-in-seconds CDATA "300"
+    fail-all-connections %boolean; "false"
+    transaction-support (XATransaction | LocalTransaction | NoTransaction) #IMPLIED
+    is-connection-validation-required %boolean; "false"
+    validate-atmost-once-period-in-seconds CDATA "0"
+    connection-leak-timeout-in-seconds CDATA "0"
+    connection-leak-reclaim %boolean; "false"
+    connection-creation-retry-attempts CDATA "0"
+    connection-creation-retry-interval-in-seconds CDATA "10"
+    lazy-connection-enlistment %boolean; "false"
+    lazy-connection-association %boolean; "false"
+    associate-with-thread %boolean; "false"
+    match-connections %boolean; "true"
+    max-connection-usage-count CDATA "0">
+
+
+<!-- property
+    Syntax for supplying properties as name value pairs               
+
+  Used in:
+    admin-object-resource, connector-connection-pool,                 
+    connector-resource, custom-resource, external-jndi-resource,      
+    jdbc-connection-pool, jdbc-resource, mail-resource,               
+    persistence-manager-factory-resource, resource-adapter-config     
+-->
+<!ELEMENT property (description?)>
+
+<!ATTLIST property
+    name CDATA #REQUIRED
+    value CDATA #REQUIRED>
+
+
+<!-- security-map
+    Perform mapping from principal received during Servlet/EJB        
+    authentication, to credentials accepted by the EIS. This mapping  
+    is optional.It is possible to map multiple (server) principal to  
+    the same backend principal.                                       
+
+  Used in:
+    connector-connection-pool                                         
+-->
+<!ELEMENT security-map ((principal | user-group)+, backend-principal)>
+
+<!ATTLIST security-map
+    name CDATA #REQUIRED>
+
+
+<!-- principal
+    Principal of the Servlet and EJB client                           
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT principal (#PCDATA)>
+
+
+<!-- user-group
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT user-group (#PCDATA)>
+
+
+<!-- backend-principal
+
+  Used in:
+    security-map                                                      
+-->
+<!ELEMENT backend-principal EMPTY>
+
+<!ATTLIST backend-principal
+    user-name CDATA #REQUIRED
+    password CDATA #IMPLIED>
+
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_3-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_3-0.dtd
new file mode 100644
index 0000000000..0b7a17a8d8
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_3-0.dtd
@@ -0,0 +1,266 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- root element for vendor specific web application (module) configuration -->
+<!ELEMENT sun-web-app (security-role-mapping*, servlet*, session-config?,
+                       resource-env-ref*, resource-ref*,
+                       ejb-ref*, cache?, class-loader?,
+                       jsp-config?, locale-charset-info?, property*)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+<!ELEMENT group-name (#PCDATA)>
+
+<!ELEMENT servlet (servlet-name, principal-name)>
+
+<!ELEMENT session-config (session-manager?, session-properties?, cookie-properties?)>
+
+<!ENTITY % persistence-type "(memory | file | custom)">
+
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!ATTLIST session-manager persistence-type %persistence-type; "memory">
+
+<!ELEMENT manager-properties (property*)>
+<!ELEMENT store-properties (property*)>
+<!ELEMENT session-properties (property*)>
+<!ELEMENT cookie-properties (property*)>
+
+<!ELEMENT jndi-name (#PCDATA)>
+
+<!ELEMENT resource-env-ref (resource-env-ref-name, jndi-name)>
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+           
+<!ELEMENT resource-ref (res-ref-name, jndi-name, default-resource-principal?)>
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!ENTITY % scope "(context.attribute | request.header  | request.parameter | 
+                   request.cookie  | request.attribute | session.attribute)">
+<!ENTITY % key-scope "(context.attribute | request.header | request.parameter | 
+                       request.cookie | session.id | session.attribute)">
+<!ENTITY % expr "(equals | greater | lesser | not-equals | in-range)">
+
+<!-- cache element configures the cache for web application. iAS 7.0 web container    
+     supports one such cache object per application: i.e. <cache> is a sub element    
+     of <ias-web-app>. A cache can have zero or more cache-mapping elements and
+     zero or more customizable cache-helper classes.
+                                                                                   
+        max-entries        Maximum number of entries this cache may hold. [4096]
+        timeout-in-seconds Default timeout for the cache entries in seconds. [30]
+        enabled            Is this cache enabled? [false]                                 
+-->                                                                                   
+<!ELEMENT cache (cache-helper*, default-helper?, property*, cache-mapping*)>
+<!ATTLIST cache  max-entries         CDATA     "4096"
+                 timeout-in-seconds  CDATA     "30"
+                 enabled             %boolean; "false">
+
+<!-- cache-helper specifies customizable class which implements CacheHelper interface. 
+
+     name                     Unique name for the helper class; this is referenced in
+                              the cache-mapping elements (see below).
+                              "default" is reserved for the built-in default helper.
+     class-name               Fully qualified class name of the cache-helper; this class
+                              must extend the com.sun.appserv.web.CacheHelper class.
+-->
+<!ELEMENT cache-helper (property*)>
+<!ATTLIST cache-helper name CDATA #REQUIRED
+                       class-name CDATA #REQUIRED>
+
+<!-- 
+Default, built-in cache-helper properties
+-->
+<!ELEMENT default-helper (property*)>
+
+<!-- 
+cache-mapping element defines what to be cached, the key to be used, any other   
+constraints to be applied and a customizable cache-helper to programmatically
+hook this information.
+-->
+<!ELEMENT cache-mapping ((servlet-name | url-pattern), 
+                        (cache-helper-ref |
+                        (timeout?, refresh-field?, http-method*, key-field*, constraint-field*)))>
+
+<!-- 
+servlet-name element defines a named servlet to which this caching is enabled.
+the specified name must be present in the web application deployment descriptor
+(web.xml)
+-->
+<!ELEMENT servlet-name (#PCDATA)>
+
+<!-- 
+url-pattern element specifies the url pattern to which caching is to be enabled.
+See Servlet 2.3 specification section SRV. 11.2 for the applicable patterns.
+-->
+<!ELEMENT url-pattern  (#PCDATA)>
+
+<!-- 
+cache-helper-ref s a reference to the cache-helper used by this cache-mapping 
+-->
+<!ELEMENT cache-helper-ref (#PCDATA)>
+
+<!-- 
+timeout element defines the cache timeout in seconds applicable for this mapping.
+default is to use cache object's timeout. The timeout value is specified statically
+ere (e.g. <timeout> 60 </timeout> or dynamically via fields in the relevant scope.
+
+   name             Name of the field where this timeout could be found
+   scope            Scope of the field. default scope is request attribute.
+-->
+<!ELEMENT timeout (#PCDATA)>
+<!ATTLIST timeout  name  CDATA   #REQUIRED
+                   scope %scope; 'request.attribute'>
+
+<!-- 
+http-method specifies HTTP method eligible for caching default is GET. 
+-->
+<!ELEMENT http-method (#PCDATA)>
+
+<!-- 
+specifies the request parameter name that triggers refresh. the cached entry 
+is refreshed when there such a request parameter is set to "true"
+example:
+<cache-mapping> 
+    <url-pattern> /quote </url-pattern> 
+    <refresh-field name="refresh" scope="request.parameter"/> 
+</cache-mapping> 
+-->
+<!ELEMENT refresh-field EMPTY>
+<!ATTLIST refresh-field name  CDATA       #REQUIRED
+                        scope %key-scope; 'request.parameter'>
+<!-- 
+key-field specifies a component of the key; container looks for the named 
+field in the given scope to access the cached entry. Default is to use
+the Servlet Path (the path section that corresponds to the servlet mapping 
+which activated this request). See Servlet 2.3 specification section SRV 4.4 
+on Servlet Path.
+
+  name             Name of the field to look for in the given scope
+  scope            Scope of the field. default scope is request parameter.
+-->
+<!ELEMENT key-field EMPTY>
+<!ATTLIST key-field name  CDATA       #REQUIRED
+                    scope %key-scope; 'request.parameter'>
+
+<!-- 
+constraint-field specifies a field whose value is used as a cacheability constraint.
+  
+  name                     Name of the field to look for in the given scope
+  scope                    Scope of the field. Default scope is request parameter.
+  cache-on-match           Should this constraint check pass, is the response cacheable?
+                           Default is true (i.e. cache the response on success match). 
+                           Useful to turn off caching when there is an attribute in the 
+                           scope (e.g. don't cache when there is an attribute called UID 
+                           in the session.attribute scope).
+  cache-on-match-failure   Should the constraint check fail, is response not cacheable?
+                           Default is false (i.e. a failure in enforcing the constraint
+                           would negate caching). Useful to turn on caching when the 
+                           an an attribute is not present (e.g. turn on caching 
+                           when there is no session or session attribute called UID).
+
+  Example 1: don't cache when there is a session attribute
+  <constraint-field name="UID" scope="session.attribute" cache-on-match="false">
+
+  Example 2: do cache only when there is no session attribute
+  <constraint-field name="UID" scope="session.attribute" 
+                    cache-on-match-failure="false">
+-->
+<!ELEMENT constraint-field (value*)>
+<!ATTLIST constraint-field  name                    CDATA      #REQUIRED
+                            scope                   %scope;    'request.parameter'
+                            cache-on-match          %boolean;  'true'
+                            cache-on-match-failure  %boolean;  'false'>
+
+<!-- 
+value element specifies the applicable value and a matching expression for a constraint-field
+  match-expr            Expression used to match the value. Default is 'equals'.
+
+  Example 1: cache when the category matches with any value other than a specific value
+  <constraint-field name="category" scope="request.parameter>
+    <value match-expr="equals" cache-on-match-failure="true">
+         bogus
+    </value>
+  </constraint-field>
+-->             
+<!ELEMENT value (#PCDATA)>
+<!ATTLIST value match-expr              %expr;    'equals'
+                cache-on-match          %boolean;  'true'
+                cache-on-match-failure  %boolean;  'false'>
+
+<!ELEMENT class-loader EMPTY>
+<!ATTLIST class-loader extra-class-path CDATA  #IMPLIED
+                       delegate %boolean; 'false'>
+
+<!ELEMENT jsp-config (property*)>
+
+<!ELEMENT locale-charset-info (locale-charset-map+, parameter-encoding?)>
+<!ATTLIST locale-charset-info default-locale CDATA #REQUIRED>
+
+<!ELEMENT locale-charset-map (description?)>
+<!ATTLIST locale-charset-map locale  CDATA  #REQUIRED
+                             agent   CDATA  #IMPLIED
+                             charset CDATA  #REQUIRED>
+
+<!ELEMENT parameter-encoding EMPTY>
+<!ATTLIST parameter-encoding form-hint-field CDATA #REQUIRED>
+
+<!-- 
+Syntax for supplying properties as name value pairs 
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property name  CDATA  #REQUIRED
+                   value CDATA  #REQUIRED>
+
+<!ELEMENT description (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-0.dtd
new file mode 100644
index 0000000000..839bef91bb
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-0.dtd
@@ -0,0 +1,502 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- root element for vendor specific web application (module) configuration -->
+<!ELEMENT sun-web-app (context-root?, security-role-mapping*, servlet*, session-config?,
+                       ejb-ref*, resource-ref*, resource-env-ref*,  service-ref*,
+                       cache?, class-loader?,
+                       jsp-config?, locale-charset-info?, property*,
+		           message-destination*, webservice-description*)>
+
+<!-- 
+ Context Root for the web application when the war file is a standalone module.
+ When the war module is part of the J2EE Application, use the application.xml
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+<!ELEMENT group-name (#PCDATA)>
+
+<!ELEMENT servlet (servlet-name, principal-name?, webservice-endpoint*)>
+
+<!ELEMENT session-config (session-manager?, session-properties?, cookie-properties?)>
+
+<!ENTITY % persistence-type "(memory | file | custom)">
+
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!ATTLIST session-manager persistence-type %persistence-type; "memory">
+
+<!ELEMENT manager-properties (property*)>
+<!ELEMENT store-properties (property*)>
+<!ELEMENT session-properties (property*)>
+<!ELEMENT cookie-properties (property*)>
+
+<!ELEMENT jndi-name (#PCDATA)>
+
+<!ELEMENT resource-env-ref (resource-env-ref-name, jndi-name)>
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+           
+<!ELEMENT resource-ref (res-ref-name, jndi-name, default-resource-principal?)>
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!ENTITY % scope "(context.attribute | request.header  | request.parameter | 
+                   request.cookie  | request.attribute | session.attribute)">
+<!ENTITY % key-scope "(context.attribute | request.header | request.parameter | 
+                       request.cookie | session.id | session.attribute)">
+<!ENTITY % expr "(equals | greater | lesser | not-equals | in-range)">
+
+<!-- cache element configures the cache for web application. iAS 7.0 web container    
+     supports one such cache object per application: i.e. <cache> is a sub element    
+     of <ias-web-app>. A cache can have zero or more cache-mapping elements and
+     zero or more customizable cache-helper classes.
+                                                                                   
+        max-entries        Maximum number of entries this cache may hold. [4096]
+        timeout-in-seconds Default timeout for the cache entries in seconds. [30]
+        enabled            Is this cache enabled? [false]                                 
+-->                                                                                   
+<!ELEMENT cache (cache-helper*, default-helper?, property*, cache-mapping*)>
+<!ATTLIST cache  max-entries         CDATA     "4096"
+                 timeout-in-seconds  CDATA     "30"
+                 enabled             %boolean; "false">
+
+<!-- cache-helper specifies customizable class which implements CacheHelper interface. 
+
+     name                     Unique name for the helper class; this is referenced in
+                              the cache-mapping elements (see below).
+                              "default" is reserved for the built-in default helper.
+     class-name               Fully qualified class name of the cache-helper; this class
+                              must extend the com.sun.appserv.web.CacheHelper class.
+-->
+<!ELEMENT cache-helper (property*)>
+<!ATTLIST cache-helper name CDATA #REQUIRED
+                       class-name CDATA #REQUIRED>
+
+<!-- 
+Default, built-in cache-helper properties
+-->
+<!ELEMENT default-helper (property*)>
+
+<!-- 
+cache-mapping element defines what to be cached, the key to be used, any other   
+constraints to be applied and a customizable cache-helper to programmatically
+hook this information.
+-->
+<!ELEMENT cache-mapping ((servlet-name | url-pattern), 
+                        (cache-helper-ref |
+                        (timeout?, refresh-field?, http-method*, key-field*, constraint-field*)))>
+
+<!-- 
+servlet-name element defines a named servlet to which this caching is enabled.
+the specified name must be present in the web application deployment descriptor
+(web.xml)
+-->
+<!ELEMENT servlet-name (#PCDATA)>
+
+<!-- 
+url-pattern element specifies the url pattern to which caching is to be enabled.
+See Servlet 2.3 specification section SRV. 11.2 for the applicable patterns.
+-->
+<!ELEMENT url-pattern  (#PCDATA)>
+
+<!-- 
+cache-helper-ref s a reference to the cache-helper used by this cache-mapping 
+-->
+<!ELEMENT cache-helper-ref (#PCDATA)>
+
+<!-- 
+timeout element defines the cache timeout in seconds applicable for this mapping.
+default is to use cache object's timeout. The timeout value is specified statically
+ere (e.g. <timeout> 60 </timeout> or dynamically via fields in the relevant scope.
+
+   name             Name of the field where this timeout could be found
+   scope            Scope of the field. default scope is request attribute.
+-->
+<!ELEMENT timeout (#PCDATA)>
+<!ATTLIST timeout  name  CDATA   #REQUIRED
+                   scope %scope; 'request.attribute'>
+
+<!-- 
+http-method specifies HTTP method eligible for caching default is GET. 
+-->
+<!ELEMENT http-method (#PCDATA)>
+
+<!-- 
+specifies the request parameter name that triggers refresh. the cached entry 
+is refreshed when there such a request parameter is set to "true"
+example:
+<cache-mapping> 
+    <url-pattern> /quote </url-pattern> 
+    <refresh-field name="refresh" scope="request.parameter"/> 
+</cache-mapping> 
+-->
+<!ELEMENT refresh-field EMPTY>
+<!ATTLIST refresh-field name  CDATA       #REQUIRED
+                        scope %key-scope; 'request.parameter'>
+<!-- 
+key-field specifies a component of the key; container looks for the named 
+field in the given scope to access the cached entry. Default is to use
+the Servlet Path (the path section that corresponds to the servlet mapping 
+which activated this request). See Servlet 2.3 specification section SRV 4.4 
+on Servlet Path.
+
+  name             Name of the field to look for in the given scope
+  scope            Scope of the field. default scope is request parameter.
+-->
+<!ELEMENT key-field EMPTY>
+<!ATTLIST key-field name  CDATA       #REQUIRED
+                    scope %key-scope; 'request.parameter'>
+
+<!-- 
+constraint-field specifies a field whose value is used as a cacheability constraint.
+  
+  name                     Name of the field to look for in the given scope
+  scope                    Scope of the field. Default scope is request parameter.
+  cache-on-match           Should this constraint check pass, is the response cacheable?
+                           Default is true (i.e. cache the response on success match). 
+                           Useful to turn off caching when there is an attribute in the 
+                           scope (e.g. don't cache when there is an attribute called UID 
+                           in the session.attribute scope).
+  cache-on-match-failure   Should the constraint check fail, is response not cacheable?
+                           Default is false (i.e. a failure in enforcing the constraint
+                           would negate caching). Useful to turn on caching when the 
+                           an an attribute is not present (e.g. turn on caching 
+                           when there is no session or session attribute called UID).
+
+  Example 1: don't cache when there is a session attribute
+  <constraint-field name="UID" scope="session.attribute" cache-on-match="false">
+
+  Example 2: do cache only when there is no session attribute
+  <constraint-field name="UID" scope="session.attribute" 
+                    cache-on-match-failure="false">
+-->
+<!ELEMENT constraint-field (constraint-field-value*)>
+<!ATTLIST constraint-field  name                    CDATA      #REQUIRED
+                            scope                   %scope;    'request.parameter'
+                            cache-on-match          %boolean;  'true'
+                            cache-on-match-failure  %boolean;  'false'>
+
+<!-- 
+value element specifies the applicable value and a matching expression for a constraint-field
+  match-expr            Expression used to match the value. Default is 'equals'.
+
+  Example 1: cache when the category matches with any value other than a specific value
+  <constraint-field name="category" scope="request.parameter>
+    <value match-expr="equals" cache-on-match-failure="true">
+         bogus
+    </value>
+  </constraint-field>
+-->             
+<!ELEMENT constraint-field-value (#PCDATA)>
+<!ATTLIST constraint-field-value 	match-expr              %expr;    'equals'
+                			cache-on-match          %boolean;  'true'
+                			cache-on-match-failure  %boolean;  'false'>
+
+<!ELEMENT class-loader EMPTY>
+<!ATTLIST class-loader extra-class-path CDATA  #IMPLIED
+                       delegate %boolean; 'true'>
+
+<!ELEMENT jsp-config (property*)>
+
+<!ELEMENT locale-charset-info (locale-charset-map+, parameter-encoding?)>
+<!ATTLIST locale-charset-info default-locale CDATA #REQUIRED>
+
+<!ELEMENT locale-charset-map (description?)>
+<!ATTLIST locale-charset-map locale  CDATA  #REQUIRED
+                             agent   CDATA  #IMPLIED
+                             charset CDATA  #REQUIRED>
+
+<!ELEMENT parameter-encoding EMPTY>
+<!ATTLIST parameter-encoding form-hint-field CDATA #IMPLIED
+			     default-charset CDATA #IMPLIED>
+
+<!-- 
+Syntax for supplying properties as name value pairs 
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property name  CDATA  #REQUIRED
+                   value CDATA  #REQUIRED>
+
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+
+<!--
+  					W E B   S E R V I C E S 
+--> 	
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property* )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+Information about a web service endpoint.  
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, login-config?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+The auth-method element is used to configure the authentication
+mechanism for the web application. As a prerequisite to gaining access
+to any web resources which are protected by an authorization
+constraint, a user must have authenticated using the configured
+mechanism.
+-->
+
+<!ELEMENT auth-method (#PCDATA)>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+The transport-guarantee element specifies that the communication
+between client and server should be NONE, INTEGRAL, or
+CONFIDENTIAL. NONE means that the application does not require any
+transport guarantees. A value of INTEGRAL means that the application
+requires that the data sent between the client and server be sent in
+such a way that it can't be changed in transit. CONFIDENTIAL means
+that the application requires that the data be transmitted in a
+fashion that prevents other entities from observing the contents of
+the transmission. In most cases, the presence of the INTEGRAL or
+CONFIDENTIAL flag will indicate that the use of SSL is required.
+-->
+
+<!ELEMENT transport-guarantee (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-1.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-1.dtd
new file mode 100644
index 0000000000..c61ebdffc8
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_4-1.dtd
@@ -0,0 +1,778 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ 
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+ 
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+ 
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+ 
+ Contributor(s):
+ 
+ If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+
+<!-- The PUBLIC ID (defined in DOCTYPE) associated with this dtd is:
+     "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.4//EN"
+-->
+
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- root element for vendor specific web application (module) configuration -->
+<!ELEMENT sun-web-app (context-root?, security-role-mapping*, servlet*, idempotent-url-pattern*, session-config?,
+                       ejb-ref*, resource-ref*, resource-env-ref*,  service-ref*,
+                       cache?, class-loader?,
+                       jsp-config?, locale-charset-info?, parameter-encoding?,
+                       property*, message-destination*, webservice-description*)>
+<!ATTLIST sun-web-app error-url CDATA "">
+
+<!--
+  Idempotent URL Patterns
+    url-pattern      URL Pattern of the idempotent requests
+    num-of-retries  Specifies the number of times the Load Balancer will retry a request that is idempotent.
+-->
+<!ELEMENT idempotent-url-pattern EMPTY>
+<!ATTLIST idempotent-url-pattern url-pattern CDATA #REQUIRED
+                                 num-of-retries CDATA "-1">
+
+<!-- 
+ Context Root for the web application when the war file is a standalone module.
+ When the war module is part of the J2EE Application, use the application.xml
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+<!ELEMENT group-name (#PCDATA)>
+
+<!ELEMENT servlet (servlet-name, principal-name?, webservice-endpoint*)>
+
+<!ELEMENT session-config (session-manager?, session-properties?, cookie-properties?)>
+
+<!--
+The valid values for
+8.1 PE:     memory, file, custom
+8.1 SE/EE:  memory, file, custom, ha
+PWC:        memory, file, s1ws60, mmap 
+-->
+<!ENTITY % persistence-type "(memory | file | custom | ha | s1ws60 | mmap)">
+
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!ATTLIST session-manager persistence-type %persistence-type; "memory">
+
+<!ELEMENT manager-properties (property*)>
+<!ELEMENT store-properties (property*)>
+<!ELEMENT session-properties (property*)>
+<!ELEMENT cookie-properties (property*)>
+
+<!ELEMENT jndi-name (#PCDATA)>
+
+<!ELEMENT resource-env-ref (resource-env-ref-name, jndi-name)>
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+           
+<!ELEMENT resource-ref (res-ref-name, jndi-name, default-resource-principal?)>
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!ENTITY % scope "(context.attribute | request.header  | request.parameter | 
+                   request.cookie  | request.attribute | session.attribute)">
+<!ENTITY % key-scope "(context.attribute | request.header | request.parameter | 
+                       request.cookie | session.id | session.attribute)">
+<!ENTITY % expr "(equals | greater | lesser | not-equals | in-range)">
+
+<!-- cache element configures the cache for web application. iAS 7.0 web container    
+     supports one such cache object per application: i.e. <cache> is a sub element    
+     of <ias-web-app>. A cache can have zero or more cache-mapping elements and
+     zero or more customizable cache-helper classes.
+                                                                                   
+        max-entries        Maximum number of entries this cache may hold. [4096]
+        timeout-in-seconds Default timeout for the cache entries in seconds. [30]
+        enabled            Is this cache enabled? [true]                                                   The default value is changed to true from 8.1
+-->                                                                                   
+<!ELEMENT cache (cache-helper*, default-helper?, property*, cache-mapping*)>
+<!ATTLIST cache  max-entries         CDATA     "4096"
+                 timeout-in-seconds  CDATA     "30"
+                 enabled             %boolean; "true">
+
+<!-- cache-helper specifies customizable class which implements CacheHelper interface. 
+
+     name                     Unique name for the helper class; this is referenced in
+                              the cache-mapping elements (see below).
+                              "default" is reserved for the built-in default helper.
+     class-name               Fully qualified class name of the cache-helper; this class
+                              must extend the com.sun.appserv.web.CacheHelper class.
+-->
+<!ELEMENT cache-helper (property*)>
+<!ATTLIST cache-helper name CDATA #REQUIRED
+                       class-name CDATA #REQUIRED>
+
+<!-- 
+Default, built-in cache-helper properties
+-->
+<!ELEMENT default-helper (property*)>
+
+<!-- 
+cache-mapping element defines what to be cached, the key to be used, any other   
+constraints to be applied and a customizable cache-helper to programmatically
+hook this information.
+-->
+<!ELEMENT cache-mapping ((servlet-name | url-pattern), 
+                        (cache-helper-ref |
+                        (dispatcher*, timeout?, refresh-field?, http-method*, key-field*, constraint-field*)))>
+
+<!-- 
+servlet-name element defines a named servlet to which this caching is enabled.
+the specified name must be present in the web application deployment descriptor
+(web.xml)
+-->
+<!ELEMENT servlet-name (#PCDATA)>
+
+<!-- 
+url-pattern element specifies the url pattern to which caching is to be enabled.
+See Servlet 2.3 specification section SRV. 11.2 for the applicable patterns.
+-->
+<!ELEMENT url-pattern  (#PCDATA)>
+
+<!-- 
+cache-helper-ref s a reference to the cache-helper used by this cache-mapping 
+-->
+<!ELEMENT cache-helper-ref (#PCDATA)>
+
+<!-- 
+Specifies the RequestDispatcher methods for which caching is to be
+enabled on the target resource. Valid values are REQUEST, FORWARD, INCLUDE,
+and ERROR (default: REQUEST).
+See SRV.6.2.5 of the Servlet 2.4 Specification for more information.
+-->
+<!ELEMENT dispatcher (#PCDATA)>
+
+<!-- 
+timeout element defines the cache timeout in seconds applicable for this mapping.
+default is to use cache object's timeout. The timeout value is specified statically
+ere (e.g. <timeout> 60 </timeout> or dynamically via fields in the relevant scope.
+
+   name             Name of the field where this timeout could be found
+   scope            Scope of the field. default scope is request attribute.
+-->
+<!ELEMENT timeout (#PCDATA)>
+<!ATTLIST timeout  name  CDATA  #IMPLIED
+                   scope %scope; 'request.attribute'>
+
+<!-- 
+http-method specifies HTTP method eligible for caching default is GET. 
+-->
+<!ELEMENT http-method (#PCDATA)>
+
+<!-- 
+specifies the request parameter name that triggers refresh. the cached entry 
+is refreshed when there such a request parameter is set to "true"
+example:
+<cache-mapping> 
+    <url-pattern> /quote </url-pattern> 
+    <refresh-field name="refresh" scope="request.parameter"/> 
+</cache-mapping> 
+-->
+<!ELEMENT refresh-field EMPTY>
+<!ATTLIST refresh-field name  CDATA       #REQUIRED
+                        scope %key-scope; 'request.parameter'>
+<!-- 
+key-field specifies a component of the key; container looks for the named 
+field in the given scope to access the cached entry. Default is to use
+the Servlet Path (the path section that corresponds to the servlet mapping 
+which activated this request). See Servlet 2.3 specification section SRV 4.4 
+on Servlet Path.
+
+  name             Name of the field to look for in the given scope
+  scope            Scope of the field. default scope is request parameter.
+-->
+<!ELEMENT key-field EMPTY>
+<!ATTLIST key-field name  CDATA       #REQUIRED
+                    scope %key-scope; 'request.parameter'>
+
+<!-- 
+constraint-field specifies a field whose value is used as a cacheability constraint.
+  
+  name                     Name of the field to look for in the given scope
+  scope                    Scope of the field. Default scope is request parameter.
+  cache-on-match           Should this constraint check pass, is the response cacheable?
+                           Default is true (i.e. cache the response on success match). 
+                           Useful to turn off caching when there is an attribute in the 
+                           scope (e.g. don't cache when there is an attribute called UID 
+                           in the session.attribute scope).
+  cache-on-match-failure   Should the constraint check fail, is response not cacheable?
+                           Default is false (i.e. a failure in enforcing the constraint
+                           would negate caching). Useful to turn on caching when the 
+                           an an attribute is not present (e.g. turn on caching 
+                           when there is no session or session attribute called UID).
+
+  Example 1: don't cache when there is a session attribute
+  <constraint-field name="UID" scope="session.attribute" cache-on-match="false">
+
+  Example 2: do cache only when there is no session attribute
+  <constraint-field name="UID" scope="session.attribute" 
+                    cache-on-match-failure="false">
+-->
+<!ELEMENT constraint-field (constraint-field-value*)>
+<!ATTLIST constraint-field  name                    CDATA      #REQUIRED
+                            scope                   %scope;    'request.parameter'
+                            cache-on-match          %boolean;  'true'
+                            cache-on-match-failure  %boolean;  'false'>
+
+<!-- 
+value element specifies the applicable value and a matching expression for a constraint-field
+  match-expr            Expression used to match the value. Default is 'equals'.
+
+  Example 1: cache when the category matches with any value other than a specific value
+  <constraint-field name="category" scope="request.parameter>
+    <value match-expr="equals" cache-on-match-failure="true">
+         bogus
+    </value>
+  </constraint-field>
+-->             
+<!ELEMENT constraint-field-value (#PCDATA)>
+<!ATTLIST constraint-field-value 	match-expr              %expr;    'equals'
+                			cache-on-match          %boolean;  'true'
+                			cache-on-match-failure  %boolean;  'false'>
+
+<!ELEMENT class-loader (property*)>
+<!ATTLIST class-loader extra-class-path CDATA  #IMPLIED
+                       delegate %boolean; 'true'
+                       dynamic-reload-interval CDATA #IMPLIED >
+
+<!ELEMENT jsp-config (property*)>
+
+<!ELEMENT locale-charset-info (locale-charset-map+, parameter-encoding?)>
+<!ATTLIST locale-charset-info default-locale CDATA #IMPLIED>
+
+<!ELEMENT locale-charset-map (description?)>
+<!ATTLIST locale-charset-map locale  CDATA  #REQUIRED
+                             agent   CDATA  #IMPLIED
+                             charset CDATA  #REQUIRED>
+
+<!ELEMENT parameter-encoding EMPTY>
+<!ATTLIST parameter-encoding form-hint-field CDATA #IMPLIED
+			     default-charset CDATA #IMPLIED>
+
+<!-- 
+Syntax for supplying properties as name value pairs 
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property name  CDATA  #REQUIRED
+                   value CDATA  #REQUIRED>
+
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+
+<!--
+  					W E B   S E R V I C E S 
+--> 	
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+Information about a web service endpoint.  
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+The auth-method element is used to configure the authentication
+mechanism for the web application. As a prerequisite to gaining access
+to any web resources which are protected by an authorization
+constraint, a user must have authenticated using the configured
+mechanism.
+-->
+
+<!ELEMENT auth-method (#PCDATA)>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+The transport-guarantee element specifies that the communication
+between client and server should be NONE, INTEGRAL, or
+CONFIDENTIAL. NONE means that the application does not require any
+transport guarantees. A value of INTEGRAL means that the application
+requires that the data sent between the client and server be sent in
+such a way that it can't be changed in transit. CONFIDENTIAL means
+that the application requires that the data be transmitted in a
+fashion that prevents other entities from observing the contents of
+the transmission. In most cases, the presence of the INTEGRAL or
+CONFIDENTIAL flag will indicate that the use of SSL is required.
+-->
+
+<!ELEMENT transport-guarantee (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_5-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_5-0.dtd
new file mode 100644
index 0000000000..2a56a5c109
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_2_5-0.dtd
@@ -0,0 +1,824 @@
+<!--
+ DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+ Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
+
+ The contents of this file are subject to the terms of either the GNU
+ General Public License Version 2 only ("GPL") or the Common Development
+ and Distribution License("CDDL") (collectively, the "License").  You
+ may not use this file except in compliance with the License. You can obtain
+ a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
+ or glassfish/bootstrap/legal/LICENSE.txt.  See the License for the specific
+ language governing permissions and limitations under the License.
+
+ When distributing the software, include this License Header Notice in each
+ file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
+ Sun designates this particular file as subject to the "Classpath" exception
+ as provided by Sun in the GPL Version 2 section of the License file that
+ accompanied this code.  If applicable, add the following below the License
+ Header, with the fields enclosed by brackets [] replaced by your own
+ identifying information: "Portions Copyrighted [year]
+ [name of copyright owner]"
+
+ Contributor(s):
+
+If you wish your version of this file to be governed by only the CDDL or
+ only the GPL Version 2, indicate your decision by adding "[Contributor]
+ elects to include this software in this distribution under the [CDDL or GPL
+ Version 2] license."  If you don't indicate a single choice of license, a
+ recipient has the option to distribute your version of this file under
+ either the CDDL, the GPL Version 2 or to extend the choice of license to
+ its licensees as provided above.  However, if you add GPL Version 2 code
+ and therefore, elected the GPL Version 2 license, then the option applies
+ only if the new code is made subject to such option by the copyright
+ holder.
+-->
+
+<!--
+  XML DTD for Sun Application Server specific Java EE web
+  deployment descriptor. This is a companion DTD to web-app_2_5.xsd
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
+
+-->
+
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- root element for vendor specific web application (module) configuration -->
+<!ELEMENT sun-web-app (context-root?, security-role-mapping*, servlet*, idempotent-url-pattern*, session-config?,
+                       ejb-ref*, resource-ref*, resource-env-ref*,  service-ref*,
+                       message-destination-ref*, cache?, class-loader?,
+                       jsp-config?, locale-charset-info?, parameter-encoding?,
+                       property*, message-destination*, webservice-description*)>
+<!ATTLIST sun-web-app error-url CDATA ""
+                      httpservlet-security-provider CDATA #IMPLIED>
+
+<!--
+  Idempotent URL Patterns
+    url-pattern      URL Pattern of the idempotent requests
+    num-of-retries  Specifies the number of times the Load Balancer will retry a request that is idempotent.
+-->
+<!ELEMENT idempotent-url-pattern EMPTY>
+<!ATTLIST idempotent-url-pattern url-pattern CDATA #REQUIRED
+                                 num-of-retries CDATA "-1">
+
+<!-- 
+ Context Root for the web application when the war file is a standalone module.
+ When the war module is part of the Java EE Application, use the application.xml
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+<!ELEMENT group-name (#PCDATA)>
+
+<!ELEMENT servlet (servlet-name, principal-name?, webservice-endpoint*)>
+
+<!ELEMENT session-config (session-manager?, session-properties?, cookie-properties?)>
+
+<!ENTITY % persistence-type "(memory | file | custom | ha | s1ws60 | mmap | replicated)">
+
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!ATTLIST session-manager persistence-type CDATA "memory">
+
+<!ELEMENT manager-properties (property*)>
+<!ELEMENT store-properties (property*)>
+<!ELEMENT session-properties (property*)>
+<!ELEMENT cookie-properties (property*)>
+
+<!ELEMENT jndi-name (#PCDATA)>
+
+<!ELEMENT resource-env-ref (resource-env-ref-name, jndi-name)>
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!ELEMENT resource-ref (res-ref-name, jndi-name, default-resource-principal?)>
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!ENTITY % scope "(context.attribute | request.header  | request.parameter | 
+                   request.cookie  | request.attribute | session.attribute)">
+<!ENTITY % key-scope "(context.attribute | request.header | request.parameter | 
+                       request.cookie | session.id | session.attribute)">
+<!ENTITY % expr "(equals | greater | lesser | not-equals | in-range)">
+
+<!-- cache element configures the cache for web application. iAS 7.0 web container    
+     supports one such cache object per application: i.e. <cache> is a sub element    
+     of <ias-web-app>. A cache can have zero or more cache-mapping elements and
+     zero or more customizable cache-helper classes.
+                                                                                   
+        max-entries        Maximum number of entries this cache may hold. [4096]
+        timeout-in-seconds Default timeout for the cache entries in seconds. [30]
+        enabled            Is this cache enabled? [true]                                                   The default value is changed to true from 8.1
+-->
+<!ELEMENT cache (cache-helper*, default-helper?, property*, cache-mapping*)>
+<!ATTLIST cache  max-entries         CDATA     "4096"
+                 timeout-in-seconds  CDATA     "30"
+                 enabled             %boolean; "true">
+
+<!-- cache-helper specifies customizable class which implements CacheHelper interface. 
+
+     name                     Unique name for the helper class; this is referenced in
+                              the cache-mapping elements (see below).
+                              "default" is reserved for the built-in default helper.
+     class-name               Fully qualified class name of the cache-helper; this class
+                              must extend the com.sun.appserv.web.CacheHelper class.
+-->
+<!ELEMENT cache-helper (property*)>
+<!ATTLIST cache-helper name CDATA #REQUIRED
+                       class-name CDATA #REQUIRED>
+
+<!-- 
+Default, built-in cache-helper properties
+-->
+<!ELEMENT default-helper (property*)>
+
+<!-- 
+cache-mapping element defines what to be cached, the key to be used, any other   
+constraints to be applied and a customizable cache-helper to programmatically
+hook this information.
+-->
+<!ELEMENT cache-mapping ((servlet-name | url-pattern), 
+                        (cache-helper-ref |
+                        (dispatcher*, timeout?, refresh-field?, http-method*, key-field*, constraint-field*)))>
+
+<!-- 
+servlet-name element defines a named servlet to which this caching is enabled.
+the specified name must be present in the web application deployment descriptor
+(web.xml)
+-->
+<!ELEMENT servlet-name (#PCDATA)>
+
+<!-- 
+url-pattern element specifies the url pattern to which caching is to be enabled.
+See Servlet 2.3 specification section SRV. 11.2 for the applicable patterns.
+-->
+<!ELEMENT url-pattern  (#PCDATA)>
+
+<!-- 
+cache-helper-ref s a reference to the cache-helper used by this cache-mapping 
+-->
+<!ELEMENT cache-helper-ref (#PCDATA)>
+
+<!-- 
+Specifies the RequestDispatcher methods for which caching is to be
+enabled on the target resource. Valid values are REQUEST, FORWARD, INCLUDE,
+and ERROR (default: REQUEST).
+See SRV.6.2.5 of the Servlet 2.4 Specification for more information.
+-->
+<!ELEMENT dispatcher (#PCDATA)>
+
+<!-- 
+timeout element defines the cache timeout in seconds applicable for this mapping.
+default is to use cache object's timeout. The timeout value is specified statically
+ere (e.g. <timeout> 60 </timeout> or dynamically via fields in the relevant scope.
+
+   name             Name of the field where this timeout could be found
+   scope            Scope of the field. default scope is request attribute.
+-->
+<!ELEMENT timeout (#PCDATA)>
+<!ATTLIST timeout  name  CDATA  #IMPLIED
+                   scope %scope; 'request.attribute'>
+
+<!-- 
+http-method specifies HTTP method eligible for caching default is GET. 
+-->
+<!ELEMENT http-method (#PCDATA)>
+
+<!-- 
+specifies the request parameter name that triggers refresh. the cached entry 
+is refreshed when there such a request parameter is set to "true"
+example:
+<cache-mapping> 
+    <url-pattern> /quote </url-pattern> 
+    <refresh-field name="refresh" scope="request.parameter"/> 
+</cache-mapping> 
+-->
+<!ELEMENT refresh-field EMPTY>
+<!ATTLIST refresh-field name  CDATA       #REQUIRED
+                        scope %key-scope; 'request.parameter'>
+<!-- 
+key-field specifies a component of the key; container looks for the named 
+field in the given scope to access the cached entry. Default is to use
+the Servlet Path (the path section that corresponds to the servlet mapping 
+which activated this request). See Servlet 2.3 specification section SRV 4.4 
+on Servlet Path.
+
+  name             Name of the field to look for in the given scope
+  scope            Scope of the field. default scope is request parameter.
+-->
+<!ELEMENT key-field EMPTY>
+<!ATTLIST key-field name  CDATA       #REQUIRED
+                    scope %key-scope; 'request.parameter'>
+
+<!-- 
+constraint-field specifies a field whose value is used as a cacheability constraint.
+  
+  name                     Name of the field to look for in the given scope
+  scope                    Scope of the field. Default scope is request parameter.
+  cache-on-match           Should this constraint check pass, is the response cacheable?
+                           Default is true (i.e. cache the response on success match). 
+                           Useful to turn off caching when there is an attribute in the 
+                           scope (e.g. don't cache when there is an attribute called UID 
+                           in the session.attribute scope).
+  cache-on-match-failure   Should the constraint check fail, is response not cacheable?
+                           Default is false (i.e. a failure in enforcing the constraint
+                           would negate caching). Useful to turn on caching when the 
+                           an an attribute is not present (e.g. turn on caching 
+                           when there is no session or session attribute called UID).
+
+  Example 1: don't cache when there is a session attribute
+  <constraint-field name="UID" scope="session.attribute" cache-on-match="false">
+
+  Example 2: do cache only when there is no session attribute
+  <constraint-field name="UID" scope="session.attribute" 
+                    cache-on-match-failure="false">
+-->
+<!ELEMENT constraint-field (constraint-field-value*)>
+<!ATTLIST constraint-field  name                    CDATA      #REQUIRED
+                            scope                   %scope;    'request.parameter'
+                            cache-on-match          %boolean;  'true'
+                            cache-on-match-failure  %boolean;  'false'>
+
+<!-- 
+value element specifies the applicable value and a matching expression for a constraint-field
+  match-expr            Expression used to match the value. Default is 'equals'.
+
+  Example 1: cache when the category matches with any value other than a specific value
+  <constraint-field name="category" scope="request.parameter>
+    <value match-expr="equals" cache-on-match-failure="true">
+         bogus
+    </value>
+  </constraint-field>
+-->
+<!ELEMENT constraint-field-value (#PCDATA)>
+<!ATTLIST constraint-field-value 	match-expr              %expr;    'equals'
+                			cache-on-match          %boolean;  'true'
+                			cache-on-match-failure  %boolean;  'false'>
+
+<!--
+  The class-loader element allows developers to customize the behaviour
+  of their web application's classloader.
+
+  attributes
+    extra-class-path          List of comma-separated JAR files to be
+                              added to the web application's class path
+    delegate                  If set to false, the delegation behavior
+                              of the web application's classloader complies
+                              with the Servlet 2.3 specification,
+                              section 9.7.2, and gives preference to classes
+                              and resources within the WAR file or the
+                              extra-class-path over those higher up in the
+                              classloader hierarchy, unless those classes or
+                              resources are part of the Java EE platform.
+                              If set to its default value of true, classes
+                              and resources residing in container-wide library
+                              JAR files are loaded in preference to classes
+                              and resources packaged within the WAR file or
+                              specified on the extra-class-path.
+    dynamic-reload-interval   Not supported. Included for backward
+                              compatibility with previous Sun Java System
+                              Web Server versions
+-->
+<!ELEMENT class-loader (property*)>
+<!ATTLIST class-loader extra-class-path CDATA  #IMPLIED
+                       delegate %boolean; 'true'
+                       dynamic-reload-interval CDATA #IMPLIED >
+
+<!ELEMENT jsp-config (property*)>
+
+<!ELEMENT locale-charset-info (locale-charset-map+, parameter-encoding?)>
+<!ATTLIST locale-charset-info default-locale CDATA #IMPLIED>
+
+<!ELEMENT locale-charset-map (description?)>
+<!ATTLIST locale-charset-map locale  CDATA  #REQUIRED
+                             agent   CDATA  #IMPLIED
+                             charset CDATA  #REQUIRED>
+
+<!ELEMENT parameter-encoding EMPTY>
+<!ATTLIST parameter-encoding form-hint-field CDATA #IMPLIED
+			     default-charset CDATA #IMPLIED>
+
+<!-- 
+Syntax for supplying properties as name value pairs 
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property name  CDATA  #REQUIRED
+                   value CDATA  #REQUIRED>
+
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+
+<!--
+  					W E B   S E R V I C E S 
+-->
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+Information about a web service endpoint.  
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+The auth-method element is used to configure the authentication
+mechanism for the web application. As a prerequisite to gaining access
+to any web resources which are protected by an authorization
+constraint, a user must have authenticated using the configured
+mechanism.
+-->
+
+<!ELEMENT auth-method (#PCDATA)>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+The transport-guarantee element specifies that the communication
+between client and server should be NONE, INTEGRAL, or
+CONFIDENTIAL. NONE means that the application does not require any
+transport guarantees. A value of INTEGRAL means that the application
+requires that the data sent between the client and server be sent in
+such a way that it can't be changed in transit. CONFIDENTIAL means
+that the application requires that the data be transmitted in a
+fashion that prevents other entities from observing the contents of
+the transmission. In most cases, the presence of the INTEGRAL or
+CONFIDENTIAL flag will indicate that the use of SSL is required.
+-->
+
+<!ELEMENT transport-guarantee (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_3_0-0.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_3_0-0.dtd
new file mode 100644
index 0000000000..fa68e6565a
--- /dev/null
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/resources/sun-web-app_3_0-0.dtd
@@ -0,0 +1,831 @@
+<!--
+  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+
+  Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.
+
+  The contents of this file are subject to the terms of either the GNU
+  General Public License Version 2 only ("GPL") or the Common Development
+  and Distribution License("CDDL") (collectively, the "License").  You
+  may not use this file except in compliance with the License.  You can
+  obtain a copy of the License at
+  https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+  or packager/legal/LICENSE.txt.  See the License for the specific
+  language governing permissions and limitations under the License.
+
+  When distributing the software, include this License Header Notice in each
+  file and include the License file at packager/legal/LICENSE.txt.
+
+  GPL Classpath Exception:
+  Oracle designates this particular file as subject to the "Classpath"
+  exception as provided by Oracle in the GPL Version 2 section of the License  file that accompanied this code.
+
+  Modifications:
+  If applicable, add the following below the License Header, with the fields
+  enclosed by brackets [] replaced by your own identifying information:
+  "Portions Copyright [year] [name of copyright owner]"
+
+  Contributor(s):
+  If you wish your version of this file to be governed by only the CDDL or
+  only the GPL Version 2, indicate your decision by adding "[Contributor]
+  elects to include this software in this distribution under the [CDDL or GPL
+  Version 2] license."  If you don't indicate a single choice of license, a
+  recipient has the option to distribute your version of this file under
+  either the CDDL, the GPL Version 2 or to extend the choice of license to
+  its licensees as provided above.  However, if you add GPL Version 2 code
+  and therefore, elected the GPL Version 2 license, then the option applies
+  only if the new code is made subject to such option by the copyright
+  holder.
+--> 
+
+<!--
+  XML DTD for Sun Application Server specific Java EE web
+  deployment descriptor. This is a companion DTD to web-app_3_0.xsd
+  and web-common_3_0.xsd.
+
+  It must include a DOCTYPE of the following form:
+
+  <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
+
+-->
+
+<!ENTITY % boolean "(yes | no | on | off | 1 | 0 | true | false)">
+
+<!-- root element for vendor specific web application (module) configuration -->
+<!ELEMENT sun-web-app (context-root?, security-role-mapping*, servlet*, idempotent-url-pattern*, session-config?,
+                       ejb-ref*, resource-ref*, resource-env-ref*,  service-ref*,
+                       message-destination-ref*, cache?, class-loader?,
+                       jsp-config?, locale-charset-info?, parameter-encoding?,
+                       property*, valve*, message-destination*, webservice-description*)>
+<!ATTLIST sun-web-app error-url CDATA ""
+                      httpservlet-security-provider CDATA #IMPLIED>
+
+<!--
+  Idempotent URL Patterns
+    url-pattern      URL Pattern of the idempotent requests
+    num-of-retries  Specifies the number of times the Load Balancer will retry a request that is idempotent.
+-->
+<!ELEMENT idempotent-url-pattern EMPTY>
+<!ATTLIST idempotent-url-pattern url-pattern CDATA #REQUIRED
+                                 num-of-retries CDATA "-1">
+
+<!-- 
+ Context Root for the web application when the war file is a standalone module.
+ When the war module is part of the Java EE Application, use the application.xml
+-->
+<!ELEMENT context-root (#PCDATA)>
+
+<!ELEMENT security-role-mapping (role-name, (principal-name | group-name)+)>
+<!ELEMENT role-name (#PCDATA)>
+
+<!ELEMENT principal-name (#PCDATA)>
+<!ATTLIST principal-name class-name CDATA #IMPLIED>
+<!ELEMENT group-name (#PCDATA)>
+
+<!ELEMENT servlet (servlet-name, principal-name?, webservice-endpoint*)>
+
+<!ELEMENT session-config (session-manager?, session-properties?, cookie-properties?)>
+
+<!ENTITY % persistence-type "(memory | file | custom | ha | s1ws60 | mmap | replicated)">
+
+<!ELEMENT session-manager (manager-properties?, store-properties?)>
+<!ATTLIST session-manager persistence-type CDATA "memory">
+
+<!ELEMENT manager-properties (property*)>
+<!ELEMENT store-properties (property*)>
+<!ELEMENT session-properties (property*)>
+<!ELEMENT cookie-properties (property*)>
+
+<!ELEMENT jndi-name (#PCDATA)>
+
+<!ELEMENT resource-env-ref (resource-env-ref-name, jndi-name)>
+<!ELEMENT resource-env-ref-name (#PCDATA)>
+
+<!ELEMENT resource-ref (res-ref-name, jndi-name, default-resource-principal?)>
+<!ELEMENT res-ref-name (#PCDATA)>
+
+<!ELEMENT default-resource-principal ( name,  password)>
+
+<!--
+This node holds information about a logical message destination
+-->
+<!ELEMENT message-destination (message-destination-name, jndi-name)>
+
+<!--
+This node holds the name of a logical message destination
+-->
+<!ELEMENT message-destination-name (#PCDATA)>
+
+<!--
+message-destination-ref is used to directly bind a message destination reference
+to the jndi-name of a Queue,Topic, or some other physical destination. It should
+only be used when the corresponding message destination reference does not
+specify a message-destination-link to a logical message-destination.
+-->
+<!ELEMENT message-destination-ref (message-destination-ref-name, jndi-name)>
+
+<!--
+name of a message-destination reference.
+-->
+<!ELEMENT message-destination-ref-name (#PCDATA)>
+
+<!--
+This text nodes holds a name string.
+-->
+<!ELEMENT name (#PCDATA)>
+
+<!--
+This element holds password text.
+-->
+<!ELEMENT password (#PCDATA)>
+
+
+<!ELEMENT ejb-ref (ejb-ref-name, jndi-name)>
+<!ELEMENT ejb-ref-name (#PCDATA)>
+
+<!ENTITY % scope "(context.attribute | request.header  | request.parameter | 
+                   request.cookie  | request.attribute | session.attribute)">
+<!ENTITY % key-scope "(context.attribute | request.header | request.parameter | 
+                       request.cookie | session.id | session.attribute)">
+<!ENTITY % expr "(equals | greater | lesser | not-equals | in-range)">
+
+<!-- cache element configures the cache for web application. iAS 7.0 web container    
+     supports one such cache object per application: i.e. <cache> is a sub element    
+     of <ias-web-app>. A cache can have zero or more cache-mapping elements and
+     zero or more customizable cache-helper classes.
+                                                                                   
+        max-entries        Maximum number of entries this cache may hold. [4096]
+        timeout-in-seconds Default timeout for the cache entries in seconds. [30]
+        enabled            Is this cache enabled? [true]                                                   The default value is changed to true from 8.1
+-->
+<!ELEMENT cache (cache-helper*, default-helper?, property*, cache-mapping*)>
+<!ATTLIST cache  max-entries         CDATA     "4096"
+                 timeout-in-seconds  CDATA     "30"
+                 enabled             %boolean; "true">
+
+<!-- cache-helper specifies customizable class which implements CacheHelper interface. 
+
+     name                     Unique name for the helper class; this is referenced in
+                              the cache-mapping elements (see below).
+                              "default" is reserved for the built-in default helper.
+     class-name               Fully qualified class name of the cache-helper; this class
+                              must extend the com.sun.appserv.web.CacheHelper class.
+-->
+<!ELEMENT cache-helper (property*)>
+<!ATTLIST cache-helper name CDATA #REQUIRED
+                       class-name CDATA #REQUIRED>
+
+<!-- 
+Default, built-in cache-helper properties
+-->
+<!ELEMENT default-helper (property*)>
+
+<!-- 
+cache-mapping element defines what to be cached, the key to be used, any other   
+constraints to be applied and a customizable cache-helper to programmatically
+hook this information.
+-->
+<!ELEMENT cache-mapping ((servlet-name | url-pattern), 
+                        (cache-helper-ref |
+                        (dispatcher*, timeout?, refresh-field?, http-method*, key-field*, constraint-field*)))>
+
+<!-- 
+servlet-name element defines a named servlet to which this caching is enabled.
+the specified name must be present in the web application deployment descriptor
+(web.xml)
+-->
+<!ELEMENT servlet-name (#PCDATA)>
+
+<!-- 
+url-pattern element specifies the url pattern to which caching is to be enabled.
+See Servlet 2.3 specification section SRV. 11.2 for the applicable patterns.
+-->
+<!ELEMENT url-pattern  (#PCDATA)>
+
+<!-- 
+cache-helper-ref s a reference to the cache-helper used by this cache-mapping 
+-->
+<!ELEMENT cache-helper-ref (#PCDATA)>
+
+<!-- 
+Specifies the RequestDispatcher methods for which caching is to be
+enabled on the target resource. Valid values are REQUEST, FORWARD, INCLUDE,
+and ERROR (default: REQUEST).
+See SRV.6.2.5 of the Servlet 2.4 Specification for more information.
+-->
+<!ELEMENT dispatcher (#PCDATA)>
+
+<!-- 
+timeout element defines the cache timeout in seconds applicable for this mapping.
+default is to use cache object's timeout. The timeout value is specified statically
+ere (e.g. <timeout> 60 </timeout> or dynamically via fields in the relevant scope.
+
+   name             Name of the field where this timeout could be found
+   scope            Scope of the field. default scope is request attribute.
+-->
+<!ELEMENT timeout (#PCDATA)>
+<!ATTLIST timeout  name  CDATA  #IMPLIED
+                   scope %scope; 'request.attribute'>
+
+<!-- 
+http-method specifies HTTP method eligible for caching default is GET. 
+-->
+<!ELEMENT http-method (#PCDATA)>
+
+<!-- 
+specifies the request parameter name that triggers refresh. the cached entry 
+is refreshed when there such a request parameter is set to "true"
+example:
+<cache-mapping> 
+    <url-pattern> /quote </url-pattern> 
+    <refresh-field name="refresh" scope="request.parameter"/> 
+</cache-mapping> 
+-->
+<!ELEMENT refresh-field EMPTY>
+<!ATTLIST refresh-field name  CDATA       #REQUIRED
+                        scope %key-scope; 'request.parameter'>
+<!-- 
+key-field specifies a component of the key; container looks for the named 
+field in the given scope to access the cached entry. Default is to use
+the Servlet Path (the path section that corresponds to the servlet mapping 
+which activated this request). See Servlet 2.3 specification section SRV 4.4 
+on Servlet Path.
+
+  name             Name of the field to look for in the given scope
+  scope            Scope of the field. default scope is request parameter.
+-->
+<!ELEMENT key-field EMPTY>
+<!ATTLIST key-field name  CDATA       #REQUIRED
+                    scope %key-scope; 'request.parameter'>
+
+<!-- 
+constraint-field specifies a field whose value is used as a cacheability constraint.
+  
+  name                     Name of the field to look for in the given scope
+  scope                    Scope of the field. Default scope is request parameter.
+  cache-on-match           Should this constraint check pass, is the response cacheable?
+                           Default is true (i.e. cache the response on success match). 
+                           Useful to turn off caching when there is an attribute in the 
+                           scope (e.g. don't cache when there is an attribute called UID 
+                           in the session.attribute scope).
+  cache-on-match-failure   Should the constraint check fail, is response not cacheable?
+                           Default is false (i.e. a failure in enforcing the constraint
+                           would negate caching). Useful to turn on caching when the 
+                           an an attribute is not present (e.g. turn on caching 
+                           when there is no session or session attribute called UID).
+
+  Example 1: don't cache when there is a session attribute
+  <constraint-field name="UID" scope="session.attribute" cache-on-match="false">
+
+  Example 2: do cache only when there is no session attribute
+  <constraint-field name="UID" scope="session.attribute" 
+                    cache-on-match-failure="false">
+-->
+<!ELEMENT constraint-field (constraint-field-value*)>
+<!ATTLIST constraint-field  name                    CDATA      #REQUIRED
+                            scope                   %scope;    'request.parameter'
+                            cache-on-match          %boolean;  'true'
+                            cache-on-match-failure  %boolean;  'false'>
+
+<!-- 
+value element specifies the applicable value and a matching expression for a constraint-field
+  match-expr            Expression used to match the value. Default is 'equals'.
+
+  Example 1: cache when the category matches with any value other than a specific value
+  <constraint-field name="category" scope="request.parameter>
+    <value match-expr="equals" cache-on-match-failure="true">
+         bogus
+    </value>
+  </constraint-field>
+-->
+<!ELEMENT constraint-field-value (#PCDATA)>
+<!ATTLIST constraint-field-value 	match-expr              %expr;    'equals'
+                			cache-on-match          %boolean;  'true'
+                			cache-on-match-failure  %boolean;  'false'>
+
+<!--
+  The class-loader element allows developers to customize the behaviour
+  of their web application's classloader.
+
+  attributes
+    extra-class-path          List of comma-separated JAR files to be
+                              added to the web application's class path
+    delegate                  If set to false, the delegation behavior
+                              of the web application's classloader complies
+                              with the Servlet 2.3 specification,
+                              section 9.7.2, and gives preference to classes
+                              and resources within the WAR file or the
+                              extra-class-path over those higher up in the
+                              classloader hierarchy, unless those classes or
+                              resources are part of the Java EE platform.
+                              If set to its default value of true, classes
+                              and resources residing in container-wide library
+                              JAR files are loaded in preference to classes
+                              and resources packaged within the WAR file or
+                              specified on the extra-class-path.
+    dynamic-reload-interval   Not supported. Included for backward
+                              compatibility with previous Sun Java System
+                              Web Server versions
+-->
+<!ELEMENT class-loader (property*)>
+<!ATTLIST class-loader extra-class-path CDATA  #IMPLIED
+                       delegate %boolean; 'true'
+                       dynamic-reload-interval CDATA #IMPLIED >
+
+<!ELEMENT jsp-config (property*)>
+
+<!ELEMENT locale-charset-info (locale-charset-map+, parameter-encoding?)>
+<!ATTLIST locale-charset-info default-locale CDATA #IMPLIED>
+
+<!ELEMENT locale-charset-map (description?)>
+<!ATTLIST locale-charset-map locale  CDATA  #REQUIRED
+                             agent   CDATA  #IMPLIED
+                             charset CDATA  #REQUIRED>
+
+<!ELEMENT parameter-encoding EMPTY>
+<!ATTLIST parameter-encoding form-hint-field CDATA #IMPLIED
+			     default-charset CDATA #IMPLIED>
+
+<!-- 
+Syntax for supplying properties as name value pairs 
+-->
+<!ELEMENT property (description?)>
+<!ATTLIST property name  CDATA  #REQUIRED
+                   value CDATA  #REQUIRED>
+
+<!ELEMENT description (#PCDATA)>
+
+<!--
+This text nodes holds a value string.
+-->
+<!ELEMENT value (#PCDATA)>
+
+<!ELEMENT valve (description?, property*)>
+<!ATTLIST valve name        CDATA  #REQUIRED
+                class-name  CDATA  #REQUIRED>
+
+<!--
+  					W E B   S E R V I C E S 
+-->
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl-override?, service-impl-class?, service-qname? )>
+
+<!--
+Coded name (relative to java:comp/env) for a service-reference
+-->
+<!ELEMENT service-ref-name ( #PCDATA )>
+
+<!-- 
+Information for a port within a service-reference.
+
+Either service-endpoint-interface or wsdl-port or both
+(service-endpoint-interface and wsdl-port) should be specified.  
+
+If both are specified, wsdl-port represents the
+port the container should choose for container-managed port selection.
+
+The same wsdl-port value must not appear in
+more than one port-info entry within the same service-ref.
+
+If a particular service-endpoint-interface is using container-managed port
+selection, it must not appear in more than one port-info entry
+within the same service-ref.
+
+The optional message-security-binding element is used to customize the
+port to provider binding; either by binding the port to a specific provider
+or by providing a definition of the message security requirements to be
+enforced by the provider.
+
+-->
+<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>
+
+<!--
+Fully qualified name of service endpoint interface
+-->
+<!ELEMENT service-endpoint-interface ( #PCDATA )>
+<!-- 
+Port used in port-info.  
+-->
+<!ELEMENT wsdl-port ( namespaceURI, localpart )>
+
+<!-- 
+JAXRPC property values that should be set on a stub before it's returned to 
+to the web service client.  The property names can be any properties supported
+by the JAXRPC Stub implementation. See javadoc for javax.xml.rpc.Stub
+-->
+<!ELEMENT stub-property ( name, value )>
+
+<!-- 
+JAXRPC property values that should be set on a Call object before it's 
+returned to the web service client.  The property names can be any 
+properties supported by the JAXRPC Call implementation.  See javadoc
+for javax.xml.rpc.Call
+-->
+<!ELEMENT call-property ( name, value )>
+
+<!--
+This is a valid URL pointing to a final WSDL document. It is optional.
+If specified, the WSDL document at this URL will be used during
+deployment instead of the WSDL document associated with the
+service-ref in the standard deployment descriptor.
+
+Examples :
+
+  // available via HTTP
+  <wsdl-override>http://localhost:8000/myservice/myport?WSDL</wsdl-override>
+
+  // in a file
+  <wsdl-override>file:/home/user1/myfinalwsdl.wsdl</wsdl-override>
+
+-->
+<!ELEMENT wsdl-override ( #PCDATA )>
+
+<!--
+Name of generated service implementation class. This is not set by the 
+deployer. It is derived during deployment.
+-->
+<!ELEMENT service-impl-class ( #PCDATA )>
+
+<!-- 
+The service-qname element declares the specific WSDL service
+element that is being refered to.  It is not set by the deployer.
+It is derived during deployment.
+-->
+<!ELEMENT service-qname (namespaceURI, localpart)>
+
+<!-- 
+Runtime information about a web service.  
+
+wsdl-publish-location is optionally used to specify 
+where the final wsdl and any dependent files should be stored.  This location
+resides on the file system from which deployment is initiated.
+
+-->
+<!ELEMENT webservice-description ( webservice-description-name, wsdl-publish-location? )>
+
+<!--
+Unique name of a webservice within a module
+-->
+<!ELEMENT webservice-description-name ( #PCDATA )>
+
+<!--
+file: URL of a directory to which a web-service-description's wsdl should be
+published during deployment.  Any required files will be published to this
+directory, preserving their location relative to the module-specific
+wsdl directory(META-INF/wsdl or WEB-INF/wsdl).
+
+Example :
+
+  For an ejb.jar whose webservices.xml wsdl-file element contains
+    META-INF/wsdl/a/Foo.wsdl 
+
+  <wsdl-publish-location>file:/home/user1/publish
+  </wsdl-publish-location>
+
+  The final wsdl will be stored in /home/user1/publish/a/Foo.wsdl
+
+-->
+<!ELEMENT wsdl-publish-location ( #PCDATA )>
+
+<!--
+Information about a web service endpoint.  
+
+The optional message-security-binding element is used to customize the
+webservice-endpoint to provider binding; either by binding the
+webservice-endpoint to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+When login-config is specified, a default message-security provider
+is not applied to the endpoint.
+-->
+<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>
+
+<!--
+Unique name of a port component within a module
+-->
+<!ELEMENT port-component-name ( #PCDATA )>
+
+<!--
+Relative path combined with web server root to form fully qualified
+endpoint address for a web service endpoint.  For servlet endpoints, this
+value is relative to the servlet's web application context root.  In
+all cases, this value must be a fixed pattern(i.e. no "*" allowed).
+If the web service endpoint is a servlet that only implements a single
+endpoint has only one url-pattern, it is not necessary to set 
+this value since the container can derive it from web.xml.
+-->
+<!ELEMENT endpoint-address-uri ( #PCDATA )>
+
+<!--
+The name of tie implementation class for a port-component.  This is
+not specified by the deployer.  It is derived during deployment.
+-->
+<!ELEMENT tie-class (#PCDATA)>
+
+<!-- 
+Optional authentication configuration for an EJB web service endpoint.
+Not needed for servet web service endpoints.  Their security configuration
+is contained in the standard web application descriptor.
+-->
+<!ELEMENT login-config ( auth-method )>
+
+<!--
+The auth-method element is used to configure the authentication
+mechanism for the web application. As a prerequisite to gaining access
+to any web resources which are protected by an authorization
+constraint, a user must have authenticated using the configured
+mechanism.
+-->
+
+<!ELEMENT auth-method (#PCDATA)>
+
+<!--
+Name of application-written servlet impl class contained in deployed war.
+This is not set by the deployer.  It is derived by the container
+during deployment.
+-->
+<!ELEMENT servlet-impl-class (#PCDATA)>
+
+<!--
+Specify whether or not the debugging servlet should be enabled for this 
+Web Service endpoint. 
+
+Supported values : "true" to debug the endpoint
+-->
+<!ELEMENT debugging-enabled (#PCDATA)>
+
+<!--
+The transport-guarantee element specifies that the communication
+between client and server should be NONE, INTEGRAL, or
+CONFIDENTIAL. NONE means that the application does not require any
+transport guarantees. A value of INTEGRAL means that the application
+requires that the data sent between the client and server be sent in
+such a way that it can't be changed in transit. CONFIDENTIAL means
+that the application requires that the data be transmitted in a
+fashion that prevents other entities from observing the contents of
+the transmission. In most cases, the presence of the INTEGRAL or
+CONFIDENTIAL flag will indicate that the use of SSL is required.
+-->
+
+<!ELEMENT transport-guarantee (#PCDATA)>
+
+<!--
+Runtime settings for a web service reference.  In the simplest case,
+there is no runtime information required for a service ref.  Runtime info
+is only needed in the following cases :
+ * to define the port that should be used to resolve a container-managed port
+ * to define default Stub/Call property settings for Stub objects
+ * to define the URL of a final WSDL document to be used instead of
+the one packaged with a service-ref
+-->
+
+<!--
+The localpart element indicates the local part of a QNAME.
+-->
+<!ELEMENT localpart (#PCDATA)>
+
+<!--
+The namespaceURI element indicates a URI.
+-->
+<!ELEMENT namespaceURI (#PCDATA)>
+
+<!--
+The message-layer entity is used to define the value of the
+auth-layer attribute of message-security-binding elements.
+
+Used in: message-security-binding
+-->
+<!ENTITY % message-layer    "(SOAP)">
+
+<!--
+The message-security-binding element is used to customize the
+webservice-endpoint or port to provider binding; either by binding the
+webservice-endpoint or port to a specific provider or by providing a
+definition of the message security requirements to be enforced by the
+provider.
+
+These elements are typically NOT created as a result of the
+deployment of an application. They need only be created when the
+deployer or system administrator chooses to customize the 
+webservice-endpoint or port to provider binding.
+
+The optional (repeating) message-security sub-element is used 
+to accomplish the latter; in which case the specified 
+message-security requirements override any defined with the
+provider.
+
+The auth-layer attribute identifies the message layer at which the
+message-security requirements are to be enforced.
+
+The optional provider-id attribute identifies the provider-config 
+and thus the authentication provider that is to be used to satisfy 
+the application specific message security requirements. If a value for 
+the provider-id attribute is not specified, and a default
+provider is defined for the message layer, then it is used. 
+if a value for the provider-id attribute is not specified, and a
+default provider is not defined at the layer, the authentication
+requirements defined in the message-security-binding are not
+enforced. 
+ 
+Default:
+Used in: webservice-endpoint, port-info
+-->
+<!ELEMENT message-security-binding ( message-security* )>
+<!ATTLIST message-security-binding
+          auth-layer  %message-layer; #REQUIRED
+          provider-id CDATA           #IMPLIED >
+
+<!--
+The message-security element describes message security requirements
+that pertain to the request and response messages of the containing 
+endpoint, or port
+
+When contained within a webservice-endpoint this element describes 
+the message security requirements that pertain to the request and 
+response messages of the containing endpoint. When contained within a 
+port-info of a service-ref this element describes the message security
+requirements of the port of the referenced service.
+
+The one or more contained message elements define the methods or operations
+of the containing application, endpoint, or referenced service to which 
+the message security requirements apply.
+
+Multiple message-security elements occur within a containing
+element when it is necessary to define different message
+security requirements for different messages within the encompassing
+context. In such circumstances, the peer elements should not overlap
+in the messages they pertain to. If there is any overlap in the
+identified messages, no message security requirements apply to
+the messages for which more than one message-security element apply.
+
+Also, no message security requirements apply to any messages of
+the encompassing context that are not identified by a message element. 
+ 
+Default:
+Used in: webservice-endpoint, and port-info
+-->
+<!ELEMENT message-security ( message+, request-protection?, response-protection? )>
+
+<!--
+The message element identifies the methods or operations to which
+the message security requirements apply.
+
+The identified methods or operations are methods or operations of
+the resource identified by the context in which the message-security
+element is defined (e.g. the the resource identified by the
+service-qname of the containing webservice-endpoint or service-ref).
+
+An empty message element indicates that the security requirements
+apply to all the methods or operations of the identified resource.
+
+When operation-name is specified, the security
+requirements defined in the containing message-security 
+element apply to all the operations of the endpoint 
+with the specified (and potentially overloaded) operation name.
+
+Default: 
+Used in: message-security
+-->
+<!ELEMENT message ( java-method? | operation-name? )>
+
+<!--
+The java-method element is used to identify a method (or methods
+in the case of an overloaded method-name) of the java class 
+indicated by the context in which the java-method is contained.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT java-method ( method-name, method-params? )>
+
+<!--
+The operation-name element is used to identify the WSDL name of an
+operation of a web service.
+
+Default: 
+Used in: message
+-->
+<!ELEMENT operation-name ( #PCDATA )>
+
+<!--
+The request-protection element describes the authentication requirements
+that apply to a request.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent request-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * request-protection ( content-auth-policy* )
+ *
+ * If the request-protection element contains one or more
+ * content-auth-policy sub-elements, they define the authentication
+ * requirements to be applied to the identified request content. If multiple
+ * content-auth-policy sub-elements are defined, a request sender must
+ * satisfy the requirements independently, and in the specified order.  
+ *
+ * The content-auth-policy element would be used to associate authentication
+ * requirements with the parts of the request or response object identified
+ * by the contained method-params or part-name-list sub-elements.
+ *
+ * The content-auth-policy element would be defined as follows:
+ * 
+ * content-auth-policy ( method-params | part-name-list )
+ * ATTLIST content-auth-policy 
+ *         auth-source (sender | content) #IMPLIED
+ *	   auth-recipient (before-content | after-content) #IMPLIED
+ * 
+ * The part-name-list and part-name elements would be defined as follows:
+ *
+ * part-name-list ( part-name* )
+ * part-name ( #PCDATA )
+ *
+-->
+<!ELEMENT request-protection EMPTY >
+<!ATTLIST request-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The response-protection element describes the authentication requirements
+that apply to a response.
+
+The auth-source attribute defines a requirement for message layer
+sender authentication (e.g. username password) or content authentication 
+(e.g. digital signature).
+
+The auth-recipient attribute defines a requirement for message
+layer authentication of the reciever of a message to its sender (e.g. by 
+XML encryption).
+
+The before-content attribute value indicates that recipient
+authentication (e.g. encryption) is to occur before any 
+content authentication (e.g. encrypt then sign) with respect
+to the target of the containing auth-policy.
+
+An absent response-protection element is the recommended shorthand
+for a request-protection element with unspecified values for both the
+auth-source and auth-recipient attributes.
+
+Default: 
+Used in: message-security
+
+ * Expected evolution to support partial message protection:
+ *
+ * response-protection ( content-auth-policy* )
+ *
+ * see request-protection element for more details
+ *
+-->
+<!ELEMENT response-protection EMPTY >
+<!ATTLIST response-protection
+          auth-source (sender | content) #IMPLIED
+	  auth-recipient (before-content | after-content) #IMPLIED>
+
+<!--
+The method-name element contains the name of a service method of a web service
+implementation class.
+
+Used in: java-method
+-->
+<!ELEMENT method-name (#PCDATA)>
+<!--
+The method-params element contains a list of the fully-qualified Java
+type names of the method parameters.
+
+Used in: java-method
+-->
+<!ELEMENT method-params (method-param*)>
+
+<!--
+The method-param element contains the fully-qualified Java type name
+of a method parameter.
+
+Used in: method-params
+-->
+<!ELEMENT method-param (#PCDATA)>
diff --git a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/transform/transform.dtd b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/transform/transform.dtd
index 160e6a207a..ce3c54d372 100644
--- a/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/transform/transform.dtd
+++ b/enterprise/j2ee.sun.dd/src/org/netbeans/modules/j2ee/sun/dd/impl/transform/transform.dtd
@@ -1,3 +1,23 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
 
 <!--- Put your DTDDoc comment here. -->
 <!ELEMENT transform (xmltype)*>


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists