gistfile1.txt

# Add new file system realm to ApplicationRealm. Benefit of File System realms is that it is editable from the Business Central UI.
# We need to use "role" for roles, Business Central depends on it
/subsystem=elytron/filesystem-realm=KieRealm:add(path=kie-fs-realm-users)
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=role)

/subsystem=elytron/security-domain=ApplicationDomain:list-add(name=realms, index=0, value={realm=KieRealm, role-decoder=from-roles-attribute})
/subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=default-realm, value=KieRealm)
/subsystem=elytron/security-domain=ApplicationDomain:write-attribute(name=permission-mapper, value=default-permission-mapper)

/subsystem=undertow/application-security-domain=other:add(security-domain=ApplicationDomain)

/subsystem=elytron/http-authentication-factory=application-http-authentication:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=KieRealm}]}, {mechanism-name=FORM}])

/subsystem=ejb3/service=remote:remove
/subsystem=ejb3/service=remote:add(connector-ref=http-remoting-connector, thread-pool-name=default)

/core-service=management/security-realm=KieRealm:add()
/core-service=management/security-realm=KieRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir, keystore-password=password)

# Use Elytron for JMS
/subsystem=messaging-activemq/server=default:undefine-attribute(name=security-domain)
/subsystem=messaging-activemq/server=default:write-attribute(name=elytron-domain, value=ApplicationDomain)