Created
May 26, 2017 19:04
-
-
Save kwart/b3f57823a779afaeb3dbdc2bf94d8c4f to your computer and use it in GitHub Desktop.
Wildfly - EXTERNAL SASL mechanism configured in Elytron
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0' encoding='UTF-8'?> | |
<server xmlns="urn:jboss:domain:5.0"> | |
<extensions> | |
<extension module="org.jboss.as.clustering.infinispan"/> | |
<extension module="org.jboss.as.connector"/> | |
<extension module="org.jboss.as.deployment-scanner"/> | |
<extension module="org.jboss.as.ee"/> | |
<extension module="org.jboss.as.ejb3"/> | |
<extension module="org.jboss.as.jaxrs"/> | |
<extension module="org.jboss.as.jdr"/> | |
<extension module="org.jboss.as.jmx"/> | |
<extension module="org.jboss.as.jpa"/> | |
<extension module="org.jboss.as.jsf"/> | |
<extension module="org.jboss.as.logging"/> | |
<extension module="org.jboss.as.mail"/> | |
<extension module="org.jboss.as.naming"/> | |
<extension module="org.jboss.as.pojo"/> | |
<extension module="org.jboss.as.remoting"/> | |
<extension module="org.jboss.as.sar"/> | |
<extension module="org.jboss.as.security"/> | |
<extension module="org.jboss.as.transactions"/> | |
<extension module="org.jboss.as.webservices"/> | |
<extension module="org.jboss.as.weld"/> | |
<extension module="org.wildfly.extension.batch.jberet"/> | |
<extension module="org.wildfly.extension.bean-validation"/> | |
<extension module="org.wildfly.extension.core-management"/> | |
<extension module="org.wildfly.extension.elytron"/> | |
<extension module="org.wildfly.extension.io"/> | |
<extension module="org.wildfly.extension.request-controller"/> | |
<extension module="org.wildfly.extension.security.manager"/> | |
<extension module="org.wildfly.extension.undertow"/> | |
</extensions> | |
<paths> | |
<path name="elytron.project" path="/home/kwart/projects/wildfly-security/wildfly-elytron"/> | |
<path name="elytron.project.jks" path="src/test/resources/ca/jks" relative-to="elytron.project"/> | |
<path name="elytron.project.properties" path="src/test/resources/org/wildfly/security/auth/realm" relative-to="elytron.project"/> | |
</paths> | |
<management> | |
<security-realms> | |
<security-realm name="ManagementRealm"> | |
<authentication> | |
<local default-user="$local" skip-group-loading="true"/> | |
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> | |
</authentication> | |
<authorization map-groups-to-roles="false"> | |
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
</authorization> | |
</security-realm> | |
<security-realm name="ApplicationRealm"> | |
<server-identities> | |
<ssl> | |
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> | |
</ssl> | |
</server-identities> | |
<authentication> | |
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> | |
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/> | |
</authentication> | |
<authorization> | |
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
</authorization> | |
</security-realm> | |
</security-realms> | |
<audit-log> | |
<formatters> | |
<json-formatter name="json-formatter"/> | |
</formatters> | |
<handlers> | |
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> | |
</handlers> | |
<logger log-boot="true" log-read-only="false" enabled="false"> | |
<handlers> | |
<handler name="file"/> | |
</handlers> | |
</logger> | |
</audit-log> | |
<management-interfaces> | |
<http-interface http-authentication-factory="client-cert-basic" ssl-context="localhost" security-realm="ManagementRealm"> | |
<http-upgrade enabled="true" sasl-authentication-factory="client-cert-digest"/> | |
<socket-binding http="management-http" https="management-https"/> | |
</http-interface> | |
</management-interfaces> | |
<access-control provider="simple"> | |
<role-mapping> | |
<role name="SuperUser"> | |
<include> | |
<user name="$local"/> | |
</include> | |
</role> | |
</role-mapping> | |
</access-control> | |
</management> | |
<profile> | |
<subsystem xmlns="urn:jboss:domain:logging:3.0"> | |
<console-handler name="CONSOLE"> | |
<level name="ALL"/> | |
<formatter> | |
<named-formatter name="COLOR-PATTERN"/> | |
</formatter> | |
</console-handler> | |
<periodic-rotating-file-handler name="FILE" autoflush="true"> | |
<formatter> | |
<named-formatter name="PATTERN"/> | |
</formatter> | |
<file relative-to="jboss.server.log.dir" path="server.log"/> | |
<suffix value=".yyyy-MM-dd"/> | |
<append value="true"/> | |
</periodic-rotating-file-handler> | |
<logger category="com.arjuna"> | |
<level name="WARN"/> | |
</logger> | |
<logger category="org.jboss.as.config"> | |
<level name="DEBUG"/> | |
</logger> | |
<logger category="sun.rmi"> | |
<level name="WARN"/> | |
</logger> | |
<logger category="org.jboss.security"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.jboss.as.security"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.picketbox"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.apache.catalina.authenticator"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.jboss.as.web.security"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.jboss.as.domain.management.security"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.wildfly.security"> | |
<level name="ALL"/> | |
</logger> | |
<logger category="org.wildfly.elytron"> | |
<level name="ALL"/> | |
</logger> | |
<root-logger> | |
<level name="INFO"/> | |
<handlers> | |
<handler name="CONSOLE"/> | |
<handler name="FILE"/> | |
</handlers> | |
</root-logger> | |
<formatter name="PATTERN"> | |
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
</formatter> | |
<formatter name="COLOR-PATTERN"> | |
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
</formatter> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:batch-jberet:2.0"> | |
<default-job-repository name="in-memory"/> | |
<default-thread-pool name="batch"/> | |
<job-repository name="in-memory"> | |
<in-memory/> | |
</job-repository> | |
<thread-pool name="batch"> | |
<max-threads count="10"/> | |
<keepalive-time time="30" unit="seconds"/> | |
</thread-pool> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:datasources:5.0"> | |
<datasources> | |
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> | |
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url> | |
<driver>h2</driver> | |
<security> | |
<user-name>sa</user-name> | |
<password>sa</password> | |
</security> | |
</datasource> | |
<drivers> | |
<driver name="h2" module="com.h2database.h2"> | |
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> | |
</driver> | |
</drivers> | |
</datasources> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"> | |
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:ee:4.0"> | |
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> | |
<concurrent> | |
<context-services> | |
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/> | |
</context-services> | |
<managed-thread-factories> | |
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/> | |
</managed-thread-factories> | |
<managed-executor-services> | |
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/> | |
</managed-executor-services> | |
<managed-scheduled-executor-services> | |
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/> | |
</managed-scheduled-executor-services> | |
</concurrent> | |
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:ejb3:5.0"> | |
<session-bean> | |
<stateless> | |
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> | |
</stateless> | |
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/> | |
<singleton default-access-timeout="5000"/> | |
</session-bean> | |
<pools> | |
<bean-instance-pools> | |
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
</bean-instance-pools> | |
</pools> | |
<caches> | |
<cache name="simple"/> | |
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/> | |
</caches> | |
<passivation-stores> | |
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/> | |
</passivation-stores> | |
<async thread-pool-name="default"/> | |
<timer-service thread-pool-name="default" default-data-store="default-file-store"> | |
<data-stores> | |
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/> | |
</data-stores> | |
</timer-service> | |
<remote connector-ref="http-remoting-connector" thread-pool-name="default"> | |
<channel-creation-options> | |
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/> | |
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/> | |
</channel-creation-options> | |
</remote> | |
<thread-pools> | |
<thread-pool name="default"> | |
<max-threads count="10"/> | |
<keepalive-time time="100" unit="milliseconds"/> | |
</thread-pool> | |
</thread-pools> | |
<default-security-domain value="other"/> | |
<default-missing-method-permissions-deny-access value="true"/> | |
<log-system-exceptions value="true"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:io:2.0"> | |
<worker name="default"/> | |
<buffer-pool name="default"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:infinispan:4.0"> | |
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server"> | |
<local-cache name="default"> | |
<transaction mode="BATCH"/> | |
</local-cache> | |
</cache-container> | |
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan"> | |
<local-cache name="passivation"> | |
<locking isolation="REPEATABLE_READ"/> | |
<transaction mode="BATCH"/> | |
<file-store passivation="true" purge="false"/> | |
</local-cache> | |
<local-cache name="persistent"> | |
<locking isolation="REPEATABLE_READ"/> | |
<transaction mode="BATCH"/> | |
<file-store passivation="false" purge="false"/> | |
</local-cache> | |
<local-cache name="concurrent"> | |
<file-store passivation="true" purge="false"/> | |
</local-cache> | |
</cache-container> | |
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan"> | |
<local-cache name="passivation"> | |
<locking isolation="REPEATABLE_READ"/> | |
<transaction mode="BATCH"/> | |
<file-store passivation="true" purge="false"/> | |
</local-cache> | |
<local-cache name="persistent"> | |
<locking isolation="REPEATABLE_READ"/> | |
<transaction mode="BATCH"/> | |
<file-store passivation="false" purge="false"/> | |
</local-cache> | |
</cache-container> | |
<cache-container name="hibernate" module="org.hibernate.infinispan"> | |
<local-cache name="entity"> | |
<transaction mode="NON_XA"/> | |
<eviction strategy="LRU" max-entries="10000"/> | |
<expiration max-idle="100000"/> | |
</local-cache> | |
<local-cache name="local-query"> | |
<eviction strategy="LRU" max-entries="10000"/> | |
<expiration max-idle="100000"/> | |
</local-cache> | |
<local-cache name="timestamps"/> | |
</cache-container> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:jca:5.0"> | |
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> | |
<bean-validation enabled="true"/> | |
<default-workmanager> | |
<short-running-threads> | |
<core-threads count="50"/> | |
<queue-length count="50"/> | |
<max-threads count="50"/> | |
<keepalive-time time="10" unit="seconds"/> | |
</short-running-threads> | |
<long-running-threads> | |
<core-threads count="50"/> | |
<queue-length count="50"/> | |
<max-threads count="50"/> | |
<keepalive-time time="10" unit="seconds"/> | |
</long-running-threads> | |
</default-workmanager> | |
<cached-connection-manager/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:jmx:1.3"> | |
<expose-resolved-model/> | |
<expose-expression-model/> | |
<remoting-connector/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:jpa:1.1"> | |
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:mail:3.0"> | |
<mail-session name="default" jndi-name="java:jboss/mail/Default"> | |
<smtp-server outbound-socket-binding-ref="mail-smtp"/> | |
</mail-session> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:naming:2.0"> | |
<remote-naming/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:pojo:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:remoting:4.0"> | |
<endpoint/> | |
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:resource-adapters:5.0"/> | |
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:sar:1.0"/> | |
<subsystem xmlns="urn:jboss:domain:security-manager:3.0"> | |
<deployment-permissions> | |
<maximum-set> | |
<permission class="java.security.AllPermission"/> | |
</maximum-set> | |
</deployment-permissions> | |
</subsystem> | |
<subsystem xmlns="urn:wildfly:elytron:1.0" final-providers="combined-providers"> | |
<providers> | |
<aggregate-providers name="combined-providers"> | |
<providers name="elytron"/> | |
<providers name="openssl"/> | |
</aggregate-providers> | |
<provider-loader name="elytron" module="org.wildfly.security.elytron"/> | |
<provider-loader name="openssl" module="org.wildfly.openssl"/> | |
</providers> | |
<audit-logging> | |
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/> | |
</audit-logging> | |
<security-domains> | |
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit"> | |
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/> | |
<realm name="local"/> | |
</security-domain> | |
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper" trusted-security-domains="client-cert-domain" security-event-listener="local-audit"> | |
<realm name="ManagementRealm" role-decoder="groups-to-roles"/> | |
<realm name="local" role-mapper="super-user-mapper"/> | |
</security-domain> | |
<security-domain name="client-cert-domain" default-realm="key-store-realm" permission-mapper="default-permission-mapper" principal-decoder="x500-decoder" role-mapper="users"> | |
<realm name="key-store-realm"/> | |
</security-domain> | |
</security-domains> | |
<security-realms> | |
<identity-realm name="local" identity="$local"/> | |
<key-store-realm name="key-store-realm" key-store="beetles"/> | |
<properties-realm name="ApplicationRealm"> | |
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> | |
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
</properties-realm> | |
<properties-realm name="ManagementRealm"> | |
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> | |
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
</properties-realm> | |
<properties-realm name="test-users"> | |
<users-properties path="clear.properties" relative-to="elytron.project.properties" digest-realm-name="ManagementRealm" plain-text="true"/> | |
<groups-properties path="groups.properties" relative-to="elytron.project.properties"/> | |
</properties-realm> | |
</security-realms> | |
<mappers> | |
<logical-permission-mapper name="default-permission-mapper" logical-operation="unless" left="constant-permission-mapper" right="anonymous-permission-mapper"/> | |
<simple-permission-mapper name="anonymous-permission-mapper"> | |
<permission-mapping principals="anonymous"> | |
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | |
</permission-mapping> | |
</simple-permission-mapper> | |
<constant-permission-mapper name="constant-permission-mapper"> | |
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | |
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
</constant-permission-mapper> | |
<x500-attribute-principal-decoder name="x500-decoder" attribute-name="CN" maximum-segments="1"/> | |
<constant-realm-mapper name="local" realm-name="local"/> | |
<constant-realm-mapper name="key-store-realm" realm-name="key-store-realm"/> | |
<simple-role-decoder name="groups-to-roles" attribute="groups"/> | |
<constant-role-mapper name="super-user-mapper"> | |
<role name="SuperUser"/> | |
</constant-role-mapper> | |
<constant-role-mapper name="users"> | |
<role name="Users"/> | |
</constant-role-mapper> | |
</mappers> | |
<http> | |
<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="DIGEST"> | |
<mechanism-realm realm-name="ManagementRealm"/> | |
</mechanism> | |
</mechanism-configuration> | |
</http-authentication-factory> | |
<http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="BASIC"> | |
<mechanism-realm realm-name="Application Realm"/> | |
</mechanism> | |
<mechanism mechanism-name="FORM"/> | |
</mechanism-configuration> | |
</http-authentication-factory> | |
<http-authentication-factory name="client-cert" http-server-mechanism-factory="global" security-domain="client-cert-domain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="CLIENT_CERT" realm-mapper="key-store-realm"/> | |
<mechanism mechanism-name="FORM"/> | |
</mechanism-configuration> | |
</http-authentication-factory> | |
<http-authentication-factory name="client-cert-basic" http-server-mechanism-factory="global" security-domain="client-cert-domain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="CLIENT_CERT" realm-mapper="key-store-realm"/> | |
<mechanism mechanism-name="BASIC"/> | |
</mechanism-configuration> | |
</http-authentication-factory> | |
<provider-http-server-mechanism-factory name="global"/> | |
</http> | |
<sasl> | |
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
<mechanism mechanism-name="DIGEST-MD5"> | |
<mechanism-realm realm-name="ManagementRealm"/> | |
</mechanism> | |
</mechanism-configuration> | |
</sasl-authentication-factory> | |
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
<mechanism mechanism-name="DIGEST-MD5"> | |
<mechanism-realm realm-name="ApplicationRealm"/> | |
</mechanism> | |
</mechanism-configuration> | |
</sasl-authentication-factory> | |
<sasl-authentication-factory name="client-cert-digest" sasl-server-factory="configured" security-domain="client-cert-domain"> | |
<mechanism-configuration> | |
<mechanism mechanism-name="EXTERNAL" realm-mapper="key-store-realm"/> | |
</mechanism-configuration> | |
</sasl-authentication-factory> | |
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron"> | |
<properties> | |
<property name="wildfly.sasl.local-user.default-user" value="$local"/> | |
</properties> | |
<filters> | |
<filter> | |
<pattern-filter value="EXTERNAL"/> | |
</filter> | |
</filters> | |
</configurable-sasl-server-factory> | |
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global"> | |
<filters> | |
<filter provider-name="WildFlyElytron"/> | |
</filters> | |
</mechanism-provider-filtering-sasl-server-factory> | |
<provider-sasl-server-factory name="global"/> | |
</sasl> | |
<tls> | |
<key-stores> | |
<key-store name="localhost" type="jks"> | |
<file relative-to="elytron.project.jks" path="localhost.keystore"/> | |
<credential-reference clear-text="Elytron"/> | |
</key-store> | |
<key-store name="beetles" type="jks"> | |
<file relative-to="elytron.project.jks" path="beetles.keystore"/> | |
<credential-reference clear-text="Elytron"/> | |
</key-store> | |
<key-store name="ca" type="jks"> | |
<file relative-to="elytron.project.jks" path="ca.truststore"/> | |
<credential-reference clear-text="Elytron"/> | |
</key-store> | |
</key-stores> | |
<key-managers> | |
<key-manager name="localhost-manager" algorithm="SunX509" key-store="localhost"> | |
<credential-reference clear-text="Elytron"/> | |
</key-manager> | |
</key-managers> | |
<trust-managers> | |
<trust-manager name="ca-manager" algorithm="SunX509" key-store="ca"/> | |
</trust-managers> | |
<server-ssl-contexts> | |
<server-ssl-context name="localhost" security-domain="client-cert-domain" want-client-auth="true" need-client-auth="true" authentication-optional="false" key-manager="localhost-manager" trust-manager="ca-manager"/> | |
</server-ssl-contexts> | |
</tls> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:security:3.0"> | |
<security-domains> | |
<security-domain name="other" cache-type="default"> | |
<authentication> | |
<login-module code="Remoting" flag="optional"> | |
<module-option name="password-stacking" value="useFirstPass"/> | |
</login-module> | |
<login-module code="RealmDirect" flag="required"> | |
<module-option name="password-stacking" value="useFirstPass"/> | |
</login-module> | |
</authentication> | |
</security-domain> | |
<security-domain name="jboss-web-policy" cache-type="default"> | |
<authorization> | |
<policy-module code="Delegating" flag="required"/> | |
</authorization> | |
</security-domain> | |
<security-domain name="jboss-ejb-policy" cache-type="default"> | |
<authorization> | |
<policy-module code="Delegating" flag="required"/> | |
</authorization> | |
</security-domain> | |
<security-domain name="jaspitest" cache-type="default"> | |
<authentication-jaspi> | |
<login-module-stack name="dummy"> | |
<login-module code="Dummy" flag="optional"/> | |
</login-module-stack> | |
<auth-module code="Dummy"/> | |
</authentication-jaspi> | |
</security-domain> | |
</security-domains> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:transactions:3.1"> | |
<core-environment> | |
<process-id> | |
<uuid/> | |
</process-id> | |
</core-environment> | |
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> | |
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:undertow:4.0"> | |
<buffer-cache name="default"/> | |
<server name="default-server"> | |
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/> | |
<https-listener name="https" socket-binding="https" ssl-context="localhost" enable-http2="true"/> | |
<host name="default-host" alias="localhost"> | |
<location name="/" handler="welcome-content"/> | |
<filter-ref name="server-header"/> | |
<filter-ref name="x-powered-by-header"/> | |
</host> | |
</server> | |
<servlet-container name="default"> | |
<jsp-config/> | |
<websockets/> | |
</servlet-container> | |
<handlers> | |
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> | |
</handlers> | |
<filters> | |
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/> | |
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/> | |
</filters> | |
<application-security-domains> | |
<application-security-domain name="other" http-authentication-factory="client-cert" override-deployment-config="true"/> | |
</application-security-domains> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:webservices:2.0"> | |
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host> | |
<endpoint-config name="Standard-Endpoint-Config"/> | |
<endpoint-config name="Recording-Endpoint-Config"> | |
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM"> | |
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/> | |
</pre-handler-chain> | |
</endpoint-config> | |
<client-config name="Standard-Client-Config"/> | |
</subsystem> | |
<subsystem xmlns="urn:jboss:domain:weld:4.0"/> | |
</profile> | |
<interfaces> | |
<interface name="management"> | |
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/> | |
</interface> | |
<interface name="public"> | |
<inet-address value="${jboss.bind.address:127.0.0.1}"/> | |
</interface> | |
</interfaces> | |
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> | |
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> | |
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> | |
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> | |
<socket-binding name="http" port="${jboss.http.port:8080}"/> | |
<socket-binding name="https" port="${jboss.https.port:8443}"/> | |
<socket-binding name="txn-recovery-environment" port="4712"/> | |
<socket-binding name="txn-status-manager" port="4713"/> | |
<outbound-socket-binding name="mail-smtp"> | |
<remote-destination host="localhost" port="25"/> | |
</outbound-socket-binding> | |
</socket-binding-group> | |
</server> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment