Legend: Optional (0 or 1) *Any number (0 - n) +1 or more (1 - n)
No following character Required (1)
< web-app (icon?, display-name?, description?, distributable?,
context-param*, < context-param (param-name, param-value, description?)>
filter*,
filter-mapping*,
listener*,< listener (listener-class)>
servlet*,<servlet (icon?, servlet-name, display-name?, description?, (servlet-class|jsp-file),
init-param*, <init-param (param-name, param-value, description?)>
load-on-startup?, run-as?,
security-role-ref*)< security-role-ref (description?, role-name, role-link?)>
servlet-mapping*, <servlet-mapping (servlet-name, url-pattern)>
session-config?, < session-config (session-timeout?)>
mime-mapping*, < mime-mapping (extension, mime-type)>
welcome-file-list?, < welcome-file-list (welcome-file+)>
error-page*,<error-page ((error-code | exception-type), location)>
taglib*, < taglib (taglib-uri, taglib-location)>
resource-env-ref*,
resource-ref*,
security-constraint*, <security-constraint (display-name?,
web-resource-collection+, < web-resource-collection (web-resource-name, description?,
url-pattern*, http-method*)>
auth-constraint?, < auth-constraint (description?, role-name*)>
user-data-constraint?)<user-data-constraint (description?, transport-guarantee)>
NONE, INTEGRAL, or CONFIDENTIAL.
login-config?, < login-config (auth-method?, "BASIC", "DIGEST", "FORM", or "CLIENT-CERT"
realm-name?, Only for BASIC
form-login-config?)< form-login-config (form-login-page, form-error-page)>
security-role*, <security-role (description?, role-name)>
env-entry*,
ejb-ref*,
ejb-local-ref*)>