Global context reference

This topic contains reference tables that show the defined paths to available attributes in the global context zones.

App zone

Constant for accessing the App zone of the GlobalContext. Apps are free to use this zone for their own purposes.

Key	Type	Description	Read/Write

Config zone

Constant for accessing the Config zone of the GlobalContext, where the configuration information for the application is contained. Most values within this zone will be loaded from the configuration files of the application or at application startup, and are read-only.

Key	Type	Description	Read/Write
/config/accessLogging	boolean	Enables/Disables access logging. When enabled, an access log similar to Apache's access log will be written to the logs directory.	Read/write
/config/accessLoggingCustomClass	String	Enables/Disables custom access logger if accesslogging is enabled. Should implement zero.core.cfadapter.AccessLogger interface	Read-Only
/config/accessLoggingCustomClassFormatString	String	Format string that is custom class specific. Not all custom classes need / support format String.	Read-Only
/config/apacheRouteID	String	This routeID is appended to the zsessionid to make it compatible with apache/mod_proxy, enabling session affinity with the Apache webserver.	Read-only
/config/appLogDir		location of the logs directory for both the app and the instance. These maybe have the same value if there is no instance id
/config/applicationFactoryClass		The fully qualified name of the class to use as an application Factory. Defaults to `zero.management.appconfig.DefaultApplicationFactory`.
/config/compressResponse		Indicates if the response should be compressed if accept-encoding is compress or gzip default is enabled
/config/connection/defaults	Object	Default protocol configuration parameter values for the `Connection` API.	Read-only
/config/connection/destinations	List<Map<String, Object>>	Configured destinations for the `Connection` API.	Read-only
/config/connection/https	Map<String, Object>	Outbound HTTPS configurations for the `Connection` API.	Read-only
/config/connection/protocols	Map<String, Object>	Explicitly registered protocol definition for use with the `Connection` API. For use by connection protocol implementations.	Read-only
/config/connection/smtps	Map<String, Object>	SMTPS configurations for the `Connection` API.	Read-only
/config/contextRoot	String	The optional application context root uniquely identifies the application. An empty string indicates no context root; otherwise, it starts with a slash. The context root must only contain legal URI characters. If the context root (from the client perspective) is to contain nonlegal URI characters, then they should be encoded in the configuration of the application. For example, for the application to have a context root of "my app", and the user to enter "http://localhost:8080/my app/index.html in a browser, than the value in stored in config should be "/my%20app"	Read-only
/config/createDumpOnErrantRequest	Boolean	Forces a JVM dump to be created if there are any errant requests during a recycle or stop. If a request does not complete within the alloted stop time, it is considered errant. This allows those requests to be corrected, as an errant request can cause significant issues with the application recycle pattern.	Read-only
/config/defaultContentType	String	The default response content type. The default is "text/html;charset=UTF-8".	Read-only
/config/dependencies	List	List of the dependencies by name, with the dependency's root directories as the value. For example, /config/dependencies/foo contains the root directory for dependency "foo".	Read-only
/config/exitCode	Integer	Optional The termination status code set by config event handlers. If set, then the application exits.	Read/write for "config" handlers.
/config/externalUriPrefix	String	The optional external URI prefix. If defined, it replaces the scheme, host and port when calculating absolute URIs.	Read-only
/config/fileserver/contentNegotiation	boolean	Indicates whether static file serving should attempt content negotiation when handling requests for static resources. The default value is `false`. If enabled and the request does not match to a resource in the virtualized path, the file serving runtime will leverage the Accept-Language header and search for the best match resource in the format of <resource>.<extension>.<language>. For instance, index.html.en would be a valid resource for content negotiation if the client contained an Accept-Language value of `en` and the requested resource was index.html.	Read/write
/config/fileserver/defaultExtensions	List<String>	The list of file extensions for default file serving, in search order. The default is `[.groovy, .gt, .html]`.	Read/write
/config/fileserver/defaultLanguage	String	Default language used during content negotiation for static resources. The default language to be added as the file extension when the language (i.e. en, ja, de, etc.) included in the Accept-Language header is not available. The default value is the language property of the default locale of the server.	Read/write
/config/fileserver/directoryBrowsing	Boolean	Indicates whether directory browsing is enabled. The default is `false`.	Read/write
/config/fileserver/directoryView	String	Reference to view template/script file used for displaying directories when directory browsing is enabled. (relative to app/views)	Read/write
/config/fileserver/expires	Long	The time, in seconds, that a client should cache static files. It is set in a Cache-Control header. By default, static files are sent with a max-age of 300 seconds. The caching time can be overridden for individual extensions by setting: /config/fileserver/expires/.extension	Read/write
/config/fileserver/setEtag	Boolean	Indicates whether the Etag header is set on outgoing static file headers. The default is `true`.	Read/write
/config/http/ipAddress	String	The ip address to which HTTP should bind.	Read-only
/config/http/keepAliveTimeout	Integer	The TCP/IP keep alive timeout that should be used with new incoming connections. The default is 4 seconds.	Read-only
/config/http/largeFileRate	Integer	Optional setting to scale `writeTimeout` when serving large files over HTTP. The value represents a lower bound on the outbound transfer rate. When applied, this setting results in an effective write timeout of `file_size / largeFileRate` seconds, without affecting timeout of other writes. Scaling is applied only if `largeFileRate` is positive; the effective write timeout will always be at least `writeTimeout`. Value is expressed in bits/sec; default is 17476 bits/sec (about 1 Mb/min).	Read-only
/config/http/port	Long	The HTTP port associated with this application.	Read-only
/config/http/readTimeout	Integer	The timeout for reads that should be used for incoming connections be for considering the request in error. The default is 300 seconds.	Read-only
/config/http/writeTimeout	Integer	Timeout to use when writing a response. For file serving over HTTP, the timeout applies to the full file write; for all other cases, the timeout applies to chunk writes. To address timeouts while serving large files over HTTP, see also `largeFileRate`. Value is expressed in seconds; default is 60 seconds.	Read-only
/config/https/ipAddress	String	The ip address to which HTTPS should bind.	Read-only
/config/https/port	Long	The HTTPS port associated with this application.	Read-only
/config/https/sslconfig#clientAuthentication	boolean	Whether the client's SSL certificate should be validated against trust authorities for access. Defaults to `false` .	Read-only
/config/https/sslconfig#keyStore	String	The location of the keystore file.	Read-only
/config/https/sslconfig#keyStorePassword	String	The password to access the keystore file.	Read-only
/config/https/sslconfig#keyStoreType	String	The encryption type of the keystore file. Allowed types are dependent on the JSSE implementation of the runtime.	Read-only
/config/https/sslconfig#trustStore	String	The location of the truststore file. If a truststore is not defined, the keystore file will be used for both.	Read-only
/config/https/sslconfig#trustStorePassword	String	The password to access the truststore file.	Read-only
/config/https/sslconfig#trustStoreType	String	The encryption type of the truststore file. Allowed types are dependent on the JSSE implementation of the runtime.	Read-only
/config/id	String	The current process id.	Read-only
/config/instanceLogDir
/config/instanceNumber
/config/json/converters	Map <String, String>	Map of class name/converter pairs that are invoked when serializing from/parsing to an instance of the specified class. Key=class name; value=converter implementation class.	Read-only
/config/json/prettyPrint	Boolean	Displays the JSON in a more human readable format.	Read-only
/config/json/stringFilters	String	The implementation class name which handles special filtering of content that may be embedded in the JSON string.	Read-only
/config/maxLockWait	Integer	The maximum time in seconds that Filelocks should wait before aborting operation.	Read-only
/config/maxStopTime	Integer	The maximum time that any single request is allowed after a stop or recycle request is issued. After this timeout is reached, the request will be forcibly stopped. Value is in seconds.	Read-only
/config/maxThreads	Integer	The maximum size of the thread pool used to serve HTTP and HTTPS requests.	Read-only
/config/mimeTypes	Map <String, String>	Map that maps extensions -> content-Type headers This map overrides the default map	Read-only
/config/minThreads	Integer	The minimum size of the thread pool used to serve HTTP and HTTPS requests.	Read-only
/config/name	String	The name of this application.	Read-only
/config/properties
/config/requestLogging	boolean	Enables/Disables request logging. Request logging creates files for each request containing the exact request and response. This should only be enabled in development systems.	Read/write
/config/requestLoggingLimit	Integer	The per request logging limit for the input/output streams. If the limits are reached the request log is truncated. Value in bytes.	Read/write
/config/resources/defaultExtensions	List<String>	A list of file extensions for resource handlers, in search order. The default is `[.groovy]`.	Read/write
/config/root	String	The root directory of the application.	Read-only
/config/runtime/bootstrapClasspath	String	The bootstrap classpath used by the application as determined during the resolve process	Read-only
/config/runtime/classpath	String	The classpath used by the application as determined during the resolve process	Read-only
/config/runtime/mode	String	Adjusts the behavior of the runtime depending on the current deployment environment. Valid values are `production` and `development`.	Read-only
/config/runtime/natives	String	The path for native dependencies as determined during the resolve process.	Read-only
/config/security/cacheControl	List	The default Cache-Control header for all secured resources and their associated login forms (OpenID, Form-based Login, Single Sign-On) that are provided as part of WebSphere sMash The default Cache-Control header value is ["must-revalidate","max-age=0","private"]	Read-only
/config/security/formLoginPage	String	The uri location of the form login page for form based authentication	Read-only
/config/security/jaas/callbackHandler	String	The JAAS callback handler implementation class used for verifying the credentials of the user.	Read-only
/config/security/jaas/configName	String	The name of the list of maps representing JAAS login modules to be used by the security runtime	Read-only
/config/security/jaas/loginModules	List<Map>	The List containing a map of login modules associated with a specified config name. /config/security/jaas/loginModules/configName	Read-only
/config/security/realm	String	The realm value returned when a WWW-Authenticate response header is sent to the client. Default value is based upon the authType specified for the security rule	Read-only
/config/security/roles	List	A list of users and/or groups associated with a particular role. /config/security/roles/role/USERS or /config/security/roles/role/GROUPS	Read-only
/config/security/secretKey	String	The secret key used to generate encrypted values related to security. Currently leveraged by SimpleToken and CrossSiteRequestForgery (CSRF) tokens	Read-only
/config/security/ssoURL	String	The uri location of the sso login page for Single Sign-On based authentication	Read-only
/config/security/token/csrfGlobalPostLoginFallback	String	Fallback URI when CSRF protection is enabled. After successful login, user will be redirected to this uri. Default is "/"	Read-only
/config/security/token/enableCsrfProtection	String	Key to determine whether cross site request forgery protection should be enabled and at what level. Default value is "", which means that this protection is disabled. Valid values are "" (disabled), "REQUEST" (token generation is automatic, but requires using CSRF API), and "REQUEST_RESPONSE" (transparent rewriting of responses to include CSRF token, requires zero.acf dependency)	Read-only
/config/security/token/enableStrongCsrfProtection	Boolean	Enables stronger support for CSRF protection than what is provided by default. Note requires some additional configuration by the application developer so please read the Developer's Guide for more information. Default is false.	Read-only
/config/security/token/ltpa2#cookieName	String	The name of the cookie to use for the token The default value is LtpaToken2	Read-only
/config/security/token/ltpa2#keyImportFile	String	The relative path of the LTPA key import file from the configuration folder of the application. The file is exported by WebSphere Application Server.	Read-only
/config/security/token/ltpa2#keyPassword	String	The password to extract the LTPA keys from the LTPA key import file. (See Leveraging XOREncoding in Developer's Guide)	Read-only
/config/security/token/ltpa2#ssoDomains	List	List of possible values for the ltpa token cookie domain. Each element in the list will be matched against the server name obtained the request (GlobalContext.zget(Request.serverName)). If the serverName, obtained from the GlobalContext, ends with a value from the list of ssoDomains, the cookie will be created with that domain (first match wins).	Read-only
/config/security/token/ltpa2#tokenExpiration	Long	The expiration limit of the LTPAToken2 in minutes. The default value is 120.	Read-only
/config/security/token/securedCookie	Boolean	Boolean flag to determine whether security cookie should be marked as secured (HTTPs only) or not Default false	Read-only
/config/security/token/simple#cookieName	String	The name of the cookie to use for the token The default value is SimpleToken	Read-only
/config/security/token/simple#ssoDomains	List	List of possible values for the simple token cookie domain. Each element in the list will be matched against the server name obtained the request (GlobalContext.zget(Request.serverName)). If the serverName, obtained from the GlobalContext, ends with a value from the list of ssoDomains, the cookie will be created with that domain (first match wins).	Read-only
/config/security/token/simple#tokenExpiration	Long	The expiration limit of the simple token expiration in minutes. The default value is 120	Read-only
/config/security/token/tokenType	String	The token type generated and validated by the runtime for secured resources. Default is Simple.	Read-only
/config/security/userservice/file/pathToUserfile	String	The path to the user registry file for file based user registry The default value is ${config.root}/zero.users	Read-only
/config/security/userservice/ldap#fullBaseDNFilterPattern	String	The filter to search for a user based upon the fully qualified domain name. The default value is "(objectclass=*)"	Read-only
/config/security/userservice/ldap#ignoreBaseDN	String	Boolean flag supports fully qualified domain name (FQDN) lookups. If false, FQDN lookups will be disabled. The default value is true	Read-only
/config/security/userservice/ldap#jndiInitialContextFactory	String	Initial context factory name. The default value is "com.sun.jndi.ldap.LdapCtxFactory"	Read-only
/config/security/userservice/ldap#jndiProviderUrl	String	JNDI provider URL	Read-only
/config/security/userservice/ldap#jndiSecurityAuthentication	String	The level of authentication used by JNDI. The default value is "simple".	Read-only
/config/security/userservice/ldap#jndiSecurityCredentials	String	Administrator's credential, in XOREncoding format.	Read-only
/config/security/userservice/ldap#jndiSecurityPrincipal	String	Administrator's principal.	Read-only
/config/security/userservice/ldap#ldapGroupAttributeType	String	The attribute type of the group name. The default value is "cn"	Read-only
/config/security/userservice/ldap#ldapGroupBaseDn	String	The base DN of groups.	Read-only
/config/security/userservice/ldap#ldapGroupSearchFilterPattern	String	The filter to search groups to which a user ID belongs. A user ID is embedded in the place holder "{0}" . The default value is "(&(uniqueMember={0}) (objectclass=groupOfUniqueNames))"	Read-only
/config/security/userservice/ldap#ldapSearchScope	Integer	The search scope set to javax.naming.directory.SearchControls: 0(SearchControls.OBJECT_SCOPE) 1(SearchControls.ONELEVEL_SCOPE) 2(SearchControls.SUBTREE_SCOPE) The default value is 2 (SearchControls.SUBTREE_SCOPE)	Read-only
/config/security/userservice/ldap#ldapSearchTimeLimit	Integer	The search time limit, in milliseconds, set to javax.naming.directory.SearchControls. The default value is 3000	Read-only
/config/security/userservice/ldap#ldapSocketFactory	String	The classname for a custom socket factory implementation used by the LDAP service provider.	Read-only
/config/security/userservice/ldap#ldapUserIdAttributeType	String	The attribute type of the user name. The default value is "uid"	Read-only
/config/security/userservice/ldap#ldapUserIdBaseDn	String	The root from which the LDAP user service starts to search a user.	Read-only
/config/security/userservice/ldap#ldapUserIdRdnPattern	String	The pattern of user entries' RDN. A user ID is embedded in the placeholder "{0}" .	Read-only
/config/security/userservice/ldap#ldapUserIdSearchFilterPattern	String	The pattern of the user search filter. A user ID is embedded in the place holder "{0}" . The default value is "(&(uid={0}) (objectclass=inetOrgPerson))"	Read-only
/config/security/userservice/registryImpl	String	The implementation class associated with the registry type /config/security/userservice/registryImpl/registryType	Read-only
/config/security/userservice/registryType	String	The alias user registry type used by the security runtime The default value is "file".	Read-only
/config/serverHeader	String	The value of the Server header string. If not set, then default value of IBM WebSphere sMash/{Version Number} will be returned by the value. If set to the empty string {""}, then the server header value will not be included in responses.	Read-only
/config/system/hostName	String	The hostname of the System	Read/write
/config/task	String	The task which is being run, or should be run, when the runtime starts. Set by the CLI.	Read-only
/config/tasks/defaultExtensions	List <String>	List of file extensions for CLI task handlers, in search order.	Read
/config/tmpDir	String	The location of a directory for temporary files to be stored. The default is the Java system property `java.io.tmpdir`. If the Java system property `java.io.tmpdir` is `null`, it creates a new directory at `.zero/private/temp` relate to application root directory when the application starts.	Read-only
/config/userZone/cookieName	String	The name of the cookie to use for the User zone The default value is zsessionid	Read-only
/config/userZone/disableSessionReaper	Boolean	If set to true will disable session reaper. If this is done then the responsibility of cleaning up expired sessions is with the user.	Read only
/config/userZone/idleTimeout	Integer	The time of inactivity after which user sessions should be destroyed. Value is in seconds.	Read-only
/config/userZone/invalidationTimeout	Integer	The total time after which user sessions should be destroyed. Value is in seconds	Read-only
/config/xml/converters	Map <String, String>	Map of class name/converter pairs that are invoked when serializing from/parsing to an instance of the specified class. Key=class name; value=converter implementation class.	Read-only
/config/xml/objectToDom	String	name of the class that implements ObjectToDom interface This class is instantiated by the ObjectToDomFactory	Read-only
/config/zerohome	String	The location where the CLI is installed.	Read-only
/config/zso/foreground	Boolean	Whether the ZSO should start in foreground mode. Default is false.	Read only
/config/zso/immediateStart	Boolean	Whether the ZSO should start the underlying java runtime immediately upon the start of the application. The default is on demand, or `false`.	Read only
/config/zso/jvmargs	List<String>	The jvm args that should be used when the process is started. This section is further divided by a System property to retrieve, then a String which will be used with .startsWith to determine the list of parameters to add.	Read only
/config/zso/loggingLevel	Level	What the default logging level of the ZSO should be when started	Read Only
/config/zso/recycle/enable	Boolean	Whether recycle based on maxRequests / idleTimeout is enabled. Setting this to false will disable all automatic recycles, but will not disable the ability to force a recycle via command line or API.	Read only
/config/zso/recycle/idleTimeout	Integer	The default maximum number of seconds to wait after the last request before the Java Runtime recycles.	Read only
/config/zso/recycle/inParallel		enable parallel recycling
/config/zso/recycle/maxRequests	Integer	The default maximum number of requests that should be accepted before the Java runtime recycles.	Read only
/config/zso/recycle/pauseTime		How long to wait before quiescing the running jvm This value is ignored if parallelRecycle is false
/config/zso/umask	Integer	The umask to apply when launching zso. Default value is 18 (022)	Read only

Connection zone

Key	Type	Description	Read/Write
/connection/configuration		Connection handler configuration. Only accessbile within a connection handler implementation.	Read-only
/connection/request/body		Connection request body. Only accessible within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/request/cookies	List<Cookie>	Connection request cookies. Only accessbile within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/request/headers	List<Object>	Connection request headers. Only accessbile within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/request/operation	String	Connection request operation name. Only accessible within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/request/outputStream	String	Request `OutputStream`. Only applicable to `OutputStream` aware protocol `Transport` implementations.	Read/write
/connection/request/protocol/_name	String	Connection protocol name. Only accessible within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/request/target	String	Connection request target resource name or URL. Only accessible within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/response/body		Connection response body. Only accessible within `transmit` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/response/cookies	List<Cookie>	Connection response cookies. Only accessbile within `transmit` or `getTransport` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/response/defaultCharset	String	Default response character encoding suggested by the protocol `Transport`. Only accessible within `transmit` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/response/headers	List<Object>	Connection response headers. Only accessible within `transmit` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/response/status	String	Connection response status. Only accessible within `transmit` handler, a connection handler or a protocol `Transport` implementation.	Read/write
/connection/response/valuePath	String	Suggested value path the connection infrastructure should used when reading body as `String` or `byte[]`. Set by some protocol `Transport` implementations. Only accessible within `transmit` handler, a connection handler or a protocol `Transport` implementation.	Read/write

Event zone

GlobalContext Event zone constants for accessing properties of a fired event.

Key	Type	Description	Read/Write
/event/_name	String	The event name.	Read-only
/event/authType	String	String representing the authentication type that was associated with this event handler (Basic, Form, SSO, OpenID)	Read-only
/event/csrfProtect	Boolean	Flag used during the token validation process to determine if request is required to be CSRF protected	Read-only
/event/done	Boolean	Indicates that the completion of an event.
/event/groups	List	The list of groups that are permitting access to this resource. This is available during the authorize event.	Read-only
/event/isAuthorized	Boolean	The boolean flag set during the secure event processing. This flag can be set in either the preauthenticate or authorize event handlers to indicate the user should be considered authorized.	Read/write
/event/matchedPath	String	Not used. Use `/event/matchedURI` instead.	Read-only
/event/matchedURI	String	URI prefix that matched the condition that triggered the event handler. This value is available in the `event` zone only when the condition is a selector pattern match with a trailing pipe (e.g. `"/request/path == /a\|"`). `decode(Request.uri) == Config.contextRoot + Event.matchedURI + Event.pathInfo`	Read-only
/event/parentPath	String	The URI to the parent directory containing the current handler.	Read-only
/event/password	String	The password obtained in the request that is passed to the security handler during the secure event	Read-only
/event/pathInfo	String	Segment of URI path after Event.matchedURI. This value is available in the `event` zone only when the condition is a selector pattern match with a trailing pipe (e.g. `"/request/path == /a\|"`). `decode(Request.uri) == Config.contextRoot + Event.matchedURI + Event.pathInfo`	Read-only
/event/redirect	Boolean	Flag used during the requireSSL check to determine if request is to be redirected over SSL	Read-only
/event/remoteGroup	String	The value of the selector expression variable {remoteGroup}, if applicable to the request URI.	Read-only
/event/remoteUser	String	The value of the selector expression variable {remoteUser}, if applicable to the request URI.	Read-only
/event/requireSSL	Boolean	Flag used during the requireSSL check to determine if request is required to be over SSL	Read-only
/event/resolvedHandlers	List <Map <String, String>>	Contains a `List<handlerData>` of handlers associated with the event.	Read-only
/event/resolvingEvent	String	The name of the underlying event.	Read-only
/event/roles	List	The list of roles that are permitting access to this resource. This is available during the authorize event.	Read-only
/event/subTask	String	The name of the invoked CLI sub task.
/event/task	String	The name of the invoked CLI task.
/event/uri	String	The Global Context key requested in the context of a Global Context miss (gcMiss) event.	Read-only
/event/username	String	The username obtained in the request that is passed to the security handler during the secure event	Read-only
/event/users	List	The list of users that are permitting access to this resource. This is available during the authorize event.	Read-only

Request zone

GlobalContext Request zone constants used for accessing the properties of a given request.

Key	Type	Description	Read/Write
/request/_csrfGeneratedToken	Boolean	Flag which tells whether csrf handler generated a CSRF for this request	Read-only
/request/_csrfVerifiedUnuthenticatedRequest	Boolean	Flag which tells whether csrf handler has verified that this request is an unauthenticated request for an unprotected resources	Read-only
/request/authType	String	The type of authentication associated with this request (Basic, Form, RP, SSO).	Read-only
/request/committed	Boolean	Flag indicating whether response headers have already been sent. If `true`, then subsequent changes to `/request/headers/out` are ignored.	Read-only
/request/connection		For use by connection protocol implementations.
/request/cookies/in	Map<String, List<Cookie>>	The cookies that a client sent. Example: `List<Cookie> cookies1 = GlobalContext.zget("/request/cookies/in#cookieName1");` `List<Cookie> cookies2 = GlobalContext.zget("/request/cookies/in#cookieName2");`	Read-only
/request/cookies/out	List<Cookie>	The outgoing cookies. Example: `Cookie newCookie = new Cookie(name, value);` `GlobalContext.zpost("/request/cookies/out",newCookie);`	Read/write
/request/csrfProtect	Boolean	Flag used during the request process to determine if request is CSRF protected	Read-only
/request/error/exception	Throwable	The exception that was thrown when the error occurred.	Read/write
/request/error/message	String	The error message.	Read/write
/request/files	Map<String, Map<String, String>[]>	Information regarding uploaded files. For the outer map, the key is the name. The client can upload multiple files with the same name. The inner map contains three keys, filename, path, and Content-Type. The filename is the name of the file as defined by the client. The Content-Type is the content-type defined by the client. The path is the location of the file on disk.	Read-only
/request/headers/in	FirstElementArrayList <String>	Values of request headers.	Read-only
/request/headers/out	List <String>	Values of response headers.	Read/write
/request/headers/sent	Boolean	Indicates whether the HTTP response headers have been sent. If this value is `true`, then any changes to `/request/headers/out` are not sent to the client.	Read-only
/request/input	InputStream	The input stream associated with the HTTP request. Form-encoded parameters are available using `/request/params`, not on the input stream.	Read-only
/request/isSecure	Boolean	The request is protected with an authorization rule	Read-only
/request/json/output
/request/locales	String	The languages and countries sent by the client in the accept-language header	Read-only
/request/method	String	The HTTP request method (GET, POST, PUT, DELETE).	Read-only
/request/outputStream	OutputStream	The binary output stream. This is available only to render handlers.	Write for render handlers
/request/params	FirstElementArrayList <String>	Includes parameters from query string and form-encoded parameters (POST). Parameters are stored as new entries in the Global Context, for example to get the parameter "userid", use the following: `zget("/request/params/userid");` This will return a FirstElementArrayList. Usually, if there was only a single value for the parameter, it is possible to assign it directly, as in this sample: `String userid = GlobalContext.zget("/request/params/userid", null);` To get a list of all parameters, use `zlist()`	Read-only
/request/path	String	The request URI path beyond the context root (see `/config/contextRoot`). URI decoded.	Read-only
/request/protocol	String	The request protocol (for example HTTP/1.1).	Read-only
/request/queryString	String	The query string associated with the request URI.	Read-only
/request/remoteAddress	String	The IP address of the remote host.	Read-only
/request/remoteHost	String	The name of the remote host.	Read-only
/request/remotePort	Integer	The remote port number.	Read-only
/request/requestLog
/request/requestLogName
/request/scheme	String	The URL scheme (`<scheme>://host/path`).	Read-only
/request/serverName	String	The host name of the server to which the request was sent.	Read-only
/request/serverPort	Integer	The server port on which the request was received.	Read-only
/request/status	Integer	Status of the response.	Read/write
/request/subject/groups	List<String>	The groups an authenticated user belongs to.	Read-only
/request/subject/remoteCodePrincipals	List<String>	The list of remote code principals user is a member of. Used during CSRF validation.	Read-only
/request/subject/remoteUser	String	The authenticated remote user name.	Read-only
/request/subject/roles	List<String>	The roles an authenticated user belongs to.	Read-only
/request/subject/users
/request/uri	String	The fully qualified request URI, including context-root and query string. URI encoded. Includes (proxy) context root, path, and query string	Read-only
/request/view	String	A path to view `script/template` (relative to `app/views`). This is a required field for the `ViewHandler` renderer.	Read/write
/request/writer	PrintWriter	The text output stream.	Write

Tmp zone

Key	Type	Description	Read/Write
/tmp/task/noMessage	Boolean	Determine whether the success or failure message should be displayed Should be set to TRUE when displaying JSON output	Read/write for "task" handlers.
/tmp/zso/recycle/reason

User zone

Key	Type	Description	Read/Write
/user#invalidate		Invalidate the current userzone session. `zpost (User.invalidate, true)`
/user#save		Save the current userzone session. `zpost (User.save, true)`
/user/zsessionid	String	Value of the zsessionid cookie for the current user session.	Read

go back to Management commands
move on to JSON support

Version 1.1.31300