KEYCLOAK-17502 Galleon based server build

This commit is contained in:
Peter Skopek 2021-02-05 20:23:49 +01:00 committed by Stian Thorgersen
parent 6bb7a8894d
commit 1c8087baaf
124 changed files with 10439 additions and 600 deletions

View file

@ -29,16 +29,6 @@
<name>Keycloak Adapter Overlay Distribution</name>
<description/>
<repositories>
<repository>
<id>jboss</id>
<url>https://repository.jboss.org/nexus/content/groups/public/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>

View file

@ -32,6 +32,7 @@
<modules>
<module>adapter-feature-pack</module>
<module>server-feature-pack-dependencies</module>
<module>server-feature-pack</module>
</modules>
</project>

View file

@ -0,0 +1,417 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.keycloak</groupId>
<artifactId>feature-packs-parent</artifactId>
<version>14.0.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-server-feature-pack-dependencies</artifactId>
<name>Keycloak Feature Pack: Server Dependencies</name>
<packaging>pom</packaging>
<dependencies>
<dependency>
<groupId>com.github.ua-parser</groupId>
<artifactId>uap-java</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>owasp-java-html-sanitizer</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-jboss-marshalling</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.marshalling</groupId>
<artifactId>jboss-marshalling</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.marshalling</groupId>
<artifactId>jboss-marshalling-river</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-policy-common</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-common</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-js-adapter</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-kerberos-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-infinispan</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-map</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core-public</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-sssd-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-adduser</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-extensions</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-themes</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-server-subsystem</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-cli-dist</artifactId>
<type>zip</type>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.twitter4j</groupId>
<artifactId>twitter4j-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.aesh</groupId>
<artifactId>aesh</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.openshift</groupId>
<artifactId>openshift-restclient-java</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-util</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-asn1</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</project>

View file

@ -30,374 +30,11 @@
<packaging>pom</packaging>
<dependencies>
<dependency>
<groupId>com.github.ua-parser</groupId>
<artifactId>uap-java</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>owasp-java-html-sanitizer</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-jboss-marshalling</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--
~ KEYCLOAK-18267: org.jboss.marshalling.jboss-marshalling and org.jboss.marshalling.jboss-marshalling-river
~ are needed for proper work of org.infinispan.infinispan-jboss-marshalling with JDK 11
-->
<dependency>
<groupId>org.jboss.marshalling</groupId>
<artifactId>jboss-marshalling</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.jboss.marshalling</groupId>
<artifactId>jboss-marshalling-river</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-policy-common</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-common</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-js-adapter</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-kerberos-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-infinispan</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-core-public</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-sssd-federation</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-adduser</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-extensions</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-themes</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-wildfly-server-subsystem</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-cli-dist</artifactId>
<type>zip</type>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.liquibase</groupId>
<artifactId>liquibase-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.twitter4j</groupId>
<artifactId>twitter4j-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.aesh</groupId>
<artifactId>aesh</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.openshift</groupId>
<artifactId>openshift-restclient-java</artifactId>
</dependency>
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-core</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-util</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-cbor</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-asn1</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
<artifactId>keycloak-server-feature-pack-dependencies</artifactId>
<version>${project.version}</version>
<type>pom</type>
</dependency>
</dependencies>

View file

@ -258,15 +258,6 @@
<properties>
<galleon-adapter-group-id>org.keycloak</galleon-adapter-group-id>
</properties>
<repositories>
<repository>
<id>jboss</id>
<url>https://repository.jboss.org/nexus/content/groups/public/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.wildfly</groupId>

View file

@ -23,7 +23,7 @@
<version>14.0.0-SNAPSHOT</version>
</parent>
<name>Feature Pack Builds</name>
<name>Galleon Feature Pack Builds</name>
<description/>
<modelVersion>4.0.0</modelVersion>
@ -32,5 +32,6 @@
<modules>
<module>adapter-galleon-pack</module>
</modules>
<module>server-galleon-pack</module>
</modules>
</project>

View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
<id>galleon-pack-src</id>
<formats>
<format>zip</format>
</formats>
<includeBaseDirectory>false</includeBaseDirectory>
<fileSets>
<fileSet>
<directory>src/main/resources</directory>
<outputDirectory/>
</fileSet>
</fileSets>
<fileSet>
<directory>target/unpacked-themes/theme</directory>
<outputDirectory>content/themes</outputDirectory>
</fileSet>
<fileSet>
<directory>target/keycloak-client-tools/bin</directory>
<outputDirectory>content/bin</outputDirectory>
</fileSet>
<fileSet>
<directory>src/main/resources/identity/module</directory>
<includes>
<include>**/**</include>
</includes>
<outputDirectory>modules/system/layers/keycloak/org/jboss/as/product/${product.slot}</outputDirectory>
<filtered>true</filtered>
</fileSet>
<fileSet>
<directory>src/main/resources/identity</directory>
<includes>
<include>product.conf</include>
</includes>
<outputDirectory>content/bin</outputDirectory>
<filtered>true</filtered>
</fileSet>
</assembly>

View file

@ -0,0 +1,78 @@
<!--
~ JBoss, Home of Professional Open Source.
~ Copyright 2021, Red Hat, Inc., and individual contributors
~ as indicated by the @author tags. See the copyright.txt file in the
~ distribution for a full listing of individual contributors.
~
~ This is free software; you can redistribute it and/or modify it
~ under the terms of the GNU Lesser General Public License as
~ published by the Free Software Foundation; either version 2.1 of
~ the License, or (at your option) any later version.
~
~ This software is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
~ Lesser General Public License for more details.
~
~ You should have received a copy of the GNU Lesser General Public
~ License along with this software; if not, write to the Free
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-->
<build xmlns="urn:wildfly:feature-pack-build:3.1" producer="org.keycloak:keycloak-server-galleon-pack">
<transitive>
<dependency group-id="org.wildfly" artifact-id="wildfly-ee-galleon-pack">
<name>org.wildfly:wildfly-ee-galleon-pack</name>
<packages inherit="false">
<exclude name="product.conf"/>
<exclude name="welcome-content"/>
</packages>
<default-configs inherit="false"/>
</dependency>
</transitive>
<dependencies>
<dependency group-id="org.wildfly" artifact-id="wildfly-galleon-pack">
<name>org.wildfly:wildfly-galleon-pack</name>
<packages inherit="false">
<include name="docs.examples"/>
<exclude name="product.conf"/>
<exclude name="welcome-content"/>
</packages>
<default-configs inherit="false"/>
</dependency>
</dependencies>
<default-packages>
<package name="modules.all"/>
<package name="docs.licenses"/>
<package name="docs-examples"/>
<package name="root"/>
<package name="welcome-content-keycloak"/>
</default-packages>
<package-schemas>
<group name="org.keycloak"/>
</package-schemas>
<config name="standalone.xml" model="standalone"/>
<config name="standalone-ha.xml" model="standalone"/>
<config name="domain.xml" model="domain"/>
<config name="host.xml" model="host"/>
<config name="host-master.xml" model="host"/>
<config name="host-slave.xml" model="host"/>
<plugins>
<plugin artifact="org.wildfly.galleon-plugins:wildfly-galleon-plugins"/>
</plugins>
<generate-feature-specs>
<extensions>
<standalone>
<extension>org.keycloak.keycloak-server-subsystem</extension>
</standalone>
<domain>
<extension>org.keycloak.keycloak-server-subsystem</extension>
</domain>
</extensions>
</generate-feature-specs>
</build>

View file

@ -0,0 +1,434 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ /*
~ * JBoss, Home of Professional Open Source.
~ * Copyright $tody.year Red Hat, Inc., and individual contributors
~ * as indicated by the @author tags.
~ *
~ * Licensed under the Apache License, Version 2.0 (the "License");
~ * you may not use this file except in compliance with the License.
~ * You may obtain a copy of the License at
~ *
~ * http://www.apache.org/licenses/LICENSE-2.0
~ *
~ * Unless required by applicable law or agreed to in writing, software
~ * distributed under the License is distributed on an "AS IS" BASIS,
~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ * See the License for the specific language governing permissions and
~ * limitations under the License.
~ */
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak</groupId>
<artifactId>galleon-feature-packs-parent</artifactId>
<version>14.0.0-SNAPSHOT</version>
</parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-galleon-pack</artifactId>
<name>Keycloak Galleon Feature Pack: Server</name>
<packaging>pom</packaging>
<properties>
<license.directory>${project.build.directory}/resources/content/docs/licenses</license.directory>
</properties>
<dependencies>
<!-- WildFly Core feature pack content -->
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-core-feature-pack-common</artifactId>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-core-feature-pack-ee-8-api</artifactId>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-core-feature-pack-galleon-common</artifactId>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-core-feature-pack-galleon-pruned</artifactId>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.core</groupId>
<artifactId>wildfly-core-galleon-pack</artifactId>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-ee-galleon-pack</artifactId>
<type>zip</type>
</dependency>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-servlet-galleon-pack</artifactId>
<type>zip</type>
</dependency>
<dependency>
<groupId>org.wildfly.galleon-plugins</groupId>
<artifactId>wildfly-galleon-plugins</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wildfly.galleon-plugins</groupId>
<artifactId>wildfly-config-gen</artifactId>
<scope>provided</scope>
</dependency>
<!-- module and copy artifact dependencies -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-feature-pack-dependencies</artifactId>
<version>${project.version}</version>
<type>pom</type>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-registration-cli</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-cli</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<!-- Feature pack generation is vulnerable to leftover files in the target
folder from previous builds, so always clean even if the clean lifecycle is not invoked -->
<artifactId>maven-clean-plugin</artifactId>
<executions>
<execution>
<id>auto-clean</id>
<phase>initialize</phase>
<goals>
<goal>clean</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-resources</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${basedir}/target/resources</outputDirectory>
<resources>
<resource>
<directory>${basedir}/src/main/resources</directory>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>unpack-theme</id>
<phase>process-resources</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-themes</artifactId>
<outputDirectory>target/resources/packages/themes/content/themes</outputDirectory>
<includes>theme/*/**</includes>
<fileMappers>
<org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
<pattern>^\Qtheme/\E</pattern>
<replacement>./</replacement>
</org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
</fileMappers>
</artifactItem>
</artifactItems>
</configuration>
</execution>
<execution>
<id>unpack-cli</id>
<phase>process-resources</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-client-cli-dist</artifactId>
<type>zip</type>
<includes>*/**</includes>
<fileMappers>
<org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
<pattern>^\Qkeycloak-client-tools/\E</pattern>
<replacement>./</replacement>
</org.codehaus.plexus.components.io.filemappers.RegExpFileMapper>
</fileMappers>
<outputDirectory>target/resources/packages/client-cli/content</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
<!-- plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
<recompressZippedFiles>true</recompressZippedFiles>
<finalName>${project.build.finalName}</finalName>
<appendAssemblyId>false</appendAssemblyId>
<outputDirectory>${project.build.directory}</outputDirectory>
<workDirectory>${project.build.directory}/assembly/work</workDirectory>
<tarLongFileMode>gnu</tarLongFileMode>
</configuration>
</execution>
</executions>
</plugin -->
<!-- TODO: do proper Galleon Style Licenses Distribution
plugin>
<groupId>org.wildfly.maven.plugins</groupId>
<artifactId>licenses-plugin</artifactId>
<inherited>false</inherited>
<executions>
<execution>
<id>update-licenses-xml-package</id>
<goals>
<goal>insert-versions</goal>
</goals>
<phase>process-resources</phase>
<configuration>
<sortByGroupIdAndArtifactId>true</sortByGroupIdAndArtifactId>
<licensesConfigFiles>
<licensesConfigFile>${basedir}/target/resources/license/${product.slot}-server-galleon-pack-licenses.xml</licensesConfigFile>
</licensesConfigFiles>
<licensesOutputFile>${license.directory}/keycloak-server-galleon-pack-licenses.xml</licensesOutputFile>
<excludedGroups>org.wildfly.galleon-plugins</excludedGroups>
<excludedArtifacts>wildfly-core-model-test-framework|wildfly-jar-boot|wildfly-core-feature-pack-common|wildfly-core-feature-pack-ee-8-api|wildfly-elytron\z</excludedArtifacts>
<excludedScopes>system</excludedScopes>
</configuration>
</execution>
</executions>
</plugin -->
<plugin>
<groupId>org.wildfly.galleon-plugins</groupId>
<artifactId>wildfly-galleon-maven-plugin</artifactId>
<executions>
<execution>
<id>keycloak-server-galleon-pack-build</id>
<goals>
<goal>build-feature-pack</goal>
</goals>
<phase>prepare-package</phase>
<configuration>
<release-name>Keycloak</release-name>
<fork-embedded>${galleon.fork.embedded}</fork-embedded>
<config-file>keycloak-server-galleon-pack-build.xml</config-file>
<task-properties>
<product.name>${product.name}</product.name>
<product.name.full>${product.name.full}</product.name.full>
<product.slot>${product.slot}</product.slot>
<product.wildfly.console.slot>${product.wildfly.console.slot}</product.wildfly.console.slot>
<product.version>${project.version}</product.version>
<client-cli.src.dir>${project.basedir}</client-cli.src.dir>
</task-properties>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>community</id>
<activation>
<property>
<name>!product</name>
</property>
</activation>
<properties>
<feature.parent>org.wildfly:wildfly-galleon-pack</feature.parent>
</properties>
<dependencies>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-galleon-pack</artifactId>
<type>zip</type>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</profile>
<profile>
<id>product</id>
<activation>
<property>
<name>product</name>
</property>
</activation>
<properties>
<feature.parent>org.jboss.eap:wildfly-galleon-pack</feature.parent>
</properties>
<dependencies>
<dependency>
<groupId>org.jboss.eap</groupId>
<artifactId>wildfly-galleon-pack</artifactId>
<version>${eap.version}</version>
<type>zip</type>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</profile>
<profile>
<id>enforce</id>
<activation>
<property>
<name>!skip-enforce</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>ban-transitive-deps</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<banTransitiveDependencies>
<excludes>
<!-- Ignore jdk jars because they are system scope -->
<exclude>com.sun:tools</exclude>
<exclude>sun.jdk:jconsole</exclude>
<!-- Ignore the shared resource poms as those we want their
transitives. Those poms ban transitives at their level -->
<exclude>org.keycloak:keycloak-server-feature-pack-dependencies</exclude>
<exclude>org.wildfly.core:wildfly-core-feature-pack-common</exclude>
<exclude>org.wildfly.core:wildfly-core-feature-pack-ee-8-api</exclude>
<exclude>org.keycloak:keycloak-client-registration-cli</exclude>
<exclude>org.keycloak:keycloak-admin-cli</exclude>
</excludes>
</banTransitiveDependencies>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>enforce-product</id>
<activation>
<property>
<name>enforce-product</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.jboss.maven.plugins.enforcer.rules</groupId>
<artifactId>version-enforcer-rule</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>ban-non-product-deps</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<rule implementation="org.jboss.maven.plugins.enforcer.rules.version.BanVersionDependenciesRule">
<versionPattern>^((?!redhat).)*$</versionPattern>
</rule>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View file

@ -0,0 +1,24 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" name="domain.xml" model="domain">
<!-- domain.server-group features are excluded from every domain group below
simply to preserve the order of the profiles specified here.
Not excluding the server groups will work but profiles full and full-ha
will appear in the resulting config before ha because the server groups that are
introduced into the config by the first domain group and overriden to reference
full and full-ha below will make those profiles installed before ha.
-->
<feature-group name="domain-keycloak-standalone">
<exclude spec="domain.server-group"/>
</feature-group>
<feature-group name="domain-keycloak-clustered">
<exclude spec="domain.server-group"/>
</feature-group>
<feature-group name="domain-load-balancer">
<exclude spec="domain.server-group"/>
<exclude feature-id="domain.interface:interface=unsecure"/>
</feature-group>
<feature-group name="domain-server-groups-keycloak"/>
</config>

View file

@ -0,0 +1,5 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" name="host-master.xml" model="host">
<feature-group name="host-master"/>
</config>

View file

@ -0,0 +1,5 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" name="host-slave.xml" model="host">
<feature-group name="host-slave"/>
</config>

View file

@ -0,0 +1,5 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" name="host.xml" model="host">
<feature-group name="host"/>
</config>

View file

@ -0,0 +1,7 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" model="standalone">
<packages>
<package name="misc.standalone"/>
</packages>
</config>

View file

@ -0,0 +1,5 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" name="standalone-ha.xml" model="standalone">
<feature-group name="standalone-ha"/>
</config>

View file

@ -0,0 +1,5 @@
<?xml version="1.0" ?>
<config xmlns="urn:jboss:galleon:config:1.0" name="standalone.xml" model="standalone">
<feature-group name="standalone"/>
</config>

View file

@ -0,0 +1,79 @@
@echo off
rem -------------------------------------------------------------------------
rem Add User script for Windows
rem -------------------------------------------------------------------------
rem
rem A simple utility for adding new users to the properties file used
rem for domain management authentication out of the box.
rem $Id$
@if not "%ECHO%" == "" echo %ECHO%
@if "%OS%" == "Windows_NT" setlocal
if "%OS%" == "Windows_NT" (
set "DIRNAME=%~dp0%"
) else (
set DIRNAME=.\
)
pushd "%DIRNAME%.."
set "RESOLVED_JBOSS_HOME=%CD%"
popd
if "x%JBOSS_HOME%" == "x" (
set "JBOSS_HOME=%RESOLVED_JBOSS_HOME%"
)
pushd "%JBOSS_HOME%"
set "SANITIZED_JBOSS_HOME=%CD%"
popd
if /i "%RESOLVED_JBOSS_HOME%" NEQ "%SANITIZED_JBOSS_HOME%" (
echo.
echo WARNING: The JBOSS_HOME ^("%SANITIZED_JBOSS_HOME%"^) that this script uses points to a different installation than the one that this script resides in ^("%RESOLVED_JBOSS_HOME%"^). Unpredictable results may occur.
echo.
echo JBOSS_HOME: "%JBOSS_HOME%"
echo.
)
rem Setup JBoss specific properties
if "x%JAVA_HOME%" == "x" (
set JAVA=java
echo JAVA_HOME is not set. Unexpected results may occur.
echo Set JAVA_HOME to the directory of your local JDK to avoid this message.
) else (
set "JAVA=%JAVA_HOME%\bin\java"
)
rem set default modular jvm parameters
setlocal EnableDelayedExpansion
call "!DIRNAME!common.bat" :setDefaultModularJvmOptions "!JAVA_OPTS!"
set "JAVA_OPTS=!JAVA_OPTS! !DEFAULT_MODULAR_JVM_OPTIONS!"
setlocal DisableDelayedExpansion
rem Find jboss-modules.jar, or we can't continue
if exist "%JBOSS_HOME%\jboss-modules.jar" (
set "RUNJAR=%JBOSS_HOME%\jboss-modules.jar"
) else (
echo Could not locate "%JBOSS_HOME%\jboss-modules.jar".
echo Please check that you are in the bin directory when running this script.
goto END
)
rem Set default module root paths
if "x%JBOSS_MODULEPATH%" == "x" (
set "JBOSS_MODULEPATH=%JBOSS_HOME%\modules"
)
rem Uncomment to override standalone and domain user location
rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.server.config.user.dir=..\standalone\configuration -Djboss.domain.config.user.dir=..\domain\configuration"
"%JAVA%" %JAVA_OPTS% ^
-jar "%JBOSS_HOME%\jboss-modules.jar" ^
-mp "%JBOSS_MODULEPATH%" ^
org.keycloak.keycloak-wildfly-adduser ^
%*
:END
if "x%NOPAUSE%" == "x" pause

View file

@ -0,0 +1,79 @@
#!/bin/sh
# Add User Utility
#
# A simple utility for adding new users to the properties file used
# for domain management authentication out of the box.
#
DIRNAME=`dirname "$0"`
GREP="grep"
. "$DIRNAME/common.sh"
# OS specific support (must be 'true' or 'false').
cygwin=false;
if [ `uname|grep -i CYGWIN` ]; then
cygwin=true;
fi
# For Cygwin, ensure paths are in UNIX format before anything is touched
if $cygwin ; then
[ -n "$JBOSS_HOME" ] &&
JBOSS_HOME=`cygpath --unix "$JBOSS_HOME"`
[ -n "$JAVA_HOME" ] &&
JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
[ -n "$JAVAC_JAR" ] &&
JAVAC_JAR=`cygpath --unix "$JAVAC_JAR"`
fi
# Setup JBOSS_HOME
RESOLVED_JBOSS_HOME=`cd "$DIRNAME/.."; pwd`
if [ "x$JBOSS_HOME" = "x" ]; then
# get the full path (without any relative bits)
JBOSS_HOME=$RESOLVED_JBOSS_HOME
else
SANITIZED_JBOSS_HOME=`cd "$JBOSS_HOME"; pwd`
if [ "$RESOLVED_JBOSS_HOME" != "$SANITIZED_JBOSS_HOME" ]; then
echo "WARNING: The JBOSS_HOME ($SANITIZED_JBOSS_HOME) that this script uses points to a different installation than the one that this script resides in ($RESOLVED_JBOSS_HOME). Unpredictable results may occur."
echo ""
fi
fi
export JBOSS_HOME
# Setup the JVM
if [ "x$JAVA" = "x" ]; then
if [ "x$JAVA_HOME" != "x" ]; then
JAVA="$JAVA_HOME/bin/java"
else
JAVA="java"
fi
fi
# Set default modular JVM options
setDefaultModularJvmOptions $JAVA_OPTS
JAVA_OPTS="$JAVA_OPTS $DEFAULT_MODULAR_JVM_OPTIONS"
if [ "x$JBOSS_MODULEPATH" = "x" ]; then
JBOSS_MODULEPATH="$JBOSS_HOME/modules"
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin; then
JBOSS_HOME=`cygpath --path --windows "$JBOSS_HOME"`
JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
JBOSS_MODULEPATH=`cygpath --path --windows "$JBOSS_MODULEPATH"`
fi
# Sample JPDA settings for remote socket debugging
#JAVA_OPTS="$JAVA_OPTS -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=y"
# Uncomment to override standalone and domain user location
#JAVA_OPTS="$JAVA_OPTS -Djboss.server.config.user.dir=../standalone/configuration -Djboss.domain.config.user.dir=../domain/configuration"
JAVA_OPTS="$JAVA_OPTS"
eval \"$JAVA\" $JAVA_OPTS \
-jar \""$JBOSS_HOME"/jboss-modules.jar\" \
-mp \""${JBOSS_MODULEPATH}"\" \
org.keycloak.keycloak-wildfly-adduser \
'"$@"'

View file

@ -0,0 +1,44 @@
#!/bin/sh
# Setup for SSSD
SSSD_FILE="/etc/sssd/sssd.conf"
if [ -f "$SSSD_FILE" ];
then
if ! grep -q ^ldap_user_extra_attrs $SSSD_FILE; then
sed -i '/ldap_tls_cacert/a ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber' $SSSD_FILE
fi
if ! grep -q ^services.*ifp.* /etc/sssd/sssd.conf; then
sed -i '/^services/ s/$/, ifp/' $SSSD_FILE
fi
if ! grep -q ^allowed_uids $SSSD_FILE; then
sed -i '/\[ifp\]/a allowed_uids = root' $SSSD_FILE
fi
if ! grep -q ^user_attributes $SSSD_FILE; then
sed -i '/allowed_uids/a user_attributes = +mail, +telephoneNumber, +givenname, +sn' $SSSD_FILE
fi
systemctl restart sssd
else
echo "Please make sure you have $SSSD_FILE into your system! Aborting."
exit 1
fi
# Setup for PAM
PAM_FILE="/etc/pam.d/keycloak"
if [ ! -f "$PAM_FILE" ];
then
cat <<EOF > $PAM_FILE
auth required pam_sss.so
account required pam_sss.so
EOF
else
echo "$PAM_FILE already exists. Skipping it..."
exit 0
fi

View file

@ -0,0 +1,753 @@
embed-host-controller --domain-config=domain.xml
# Early versions of keycloak used "ha" for the clustered profile name.
# Yours maybe be something completely different.
set clusteredProfile=auth-server-clustered
# keycloak-server.json is not normally on this path.
set pathToJson=../domain/configuration/keycloak-server.json
echo
echo *** Begin Migration of /profile=$clusteredProfile ***
echo
# Migrate from 1.8.1 to 1.9.1
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource
echo Adding replicated-cache=work to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC)
echo
end-if
# realmVersions cache deprecated in 2.1.0
#if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
# echo Adding local-cache=realmVersions to keycloak cache container...
# /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
# /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
# echo
#end-if
# Migrate from 1.9.1 to 1.9.2
if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak users cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 1.9.2 to 2.0.0
# NO CHANGES
# Migrate from 2.0.0 to 2.1.0
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
echo Removing deprecated cache 'realmVersions'
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
echo
end-if
# Migrate kecloak-server.json (deprecated in 2.2.0)
if (result == []) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-children-names(child-type=spi)
echo Migrating keycloak-server.json to keycloak-server subsystem...
/profile=$clusteredProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson)
echo
end-if
if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$clusteredProfile/subsystem=keycloak-server/:read-attribute(name=providers)
echo Updating provider to default value
/profile=$clusteredProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
echo
end-if
if (result == keycloak) of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
echo Undefining default theme...
/profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
echo
end-if
if (result == expression "${jboss.server.config.dir}/themes") of /profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
echo Updating theme dir to default value
/profile=$clusteredProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
echo
end-if
set persistenceProvider=jpa
# Migrate from 2.1.0 to 2.2.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
# In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache
try
echo
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1)
echo Added distributed-cache=authorization
catch
end-try
end-if
if (result == update) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
echo Updating connectionsJpa default properties...
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
echo Adding spi=userFederatedStorage...
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:read-resource
echo Adding spi=jta-lookup...
/profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
/profile=$clusteredProfile/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
echo
end-if
# Migrate from 2.2.0 to 2.2.1
# NO CHANGES
# Migrate from 2.2.1 to 2.3.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
echo Adding local-cache=keys to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
echo
end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating eviction and expiration in local-cache=keys...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
echo Adding spi=publicKeyStorage...
/profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/:add
/profile=$clusteredProfile/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
echo
end-if
# Migrate from 2.3.0 to 2.4.0
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource
echo Replacing invalidation-cache=users with local-cache=users
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/:add
echo
end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating eviction in local-cache=users
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource
echo Replacing invalidation-cache=realms with local-cache=realms
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add
echo
end-if
# Migrate from 2.4.0 to 2.5.0
if (result == NONE) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak realms cache...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 2.5.0 to 2.5.1
# NO CHANGES
# Migrate 2.5.1 to 2.5.4
if (result != REPEATABLE_READ) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
echo Changing ejb cache locking to REPEATABLE_READ
/profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
echo Removing Hibernate immutable-entity cache
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
end-if
# Migrate from 2.5.4 to 3.0.0
if (result == jpa) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
echo Removing default provider for eventsStore
/profile=$clusteredProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=realm/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=user/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for userFederatedStorage SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for authorizationPersister SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:read-resource
echo Adding userCache SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/:add
/profile=$clusteredProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
echo Adding realmCache SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/:add
/profile=$clusteredProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
echo
end-if
if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
echo Adding 'default' as default provider for connectionsInfinispan
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
echo
end-if
# Migrate from 3.0.0 to 3.1.0
# NO CHANGES
# Migrate from 3.1.0 to 3.2.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
echo Adding distributed-cache=authenticationSessions to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
echo Adding distributed-cache=actionTokens to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
echo Replacing distributed-cache=authorization with local-cache=authorization
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 3.2.0 to 3.2.1
# NO CHANGES
# Migrate from 3.2.1 to 3.3.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=core-management/:read-resource
try
echo Trying to add core-management extension
/extension=org.wildfly.extension.core-management/:add
echo
catch
echo Wasn't able to add core-management extension, it should be already added by migrate-domain-standalone.cli
echo
end-try
echo Adding subsystem core-management
/profile=$clusteredProfile/subsystem=core-management/:add
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-resource
try
echo Trying to add elytron extension
/extension=org.wildfly.extension.elytron/:add
echo
catch
echo Wasn't able to add elytron extension, it should be already added by migrate-domain-standalone.cli
echo
end-try
echo Adding subsystem elytron
/profile=$clusteredProfile/subsystem=elytron/:add
/profile=$clusteredProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
/profile=$clusteredProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
/profile=$clusteredProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
/profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
/profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
/profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
/profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
/profile=$clusteredProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
/profile=$clusteredProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add
/profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
/profile=$clusteredProfile/subsystem=elytron/provider-sasl-server-factory=global/:add
/profile=$clusteredProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
/profile=$clusteredProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
/profile=$clusteredProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
/profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
/profile=$clusteredProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
/profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
/profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
echo
end-if
if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode)
echo Setting SYNC mode for web cache-container
/profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
echo
end-if
if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode)
echo Setting SYNC mode for ejb cache-container
/profile=$clusteredProfile/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
echo
end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
echo Setting cluster attribute to ejb in jgroups subsystem
/profile=$clusteredProfile/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
echo
end-if
if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Unsetting socket-binding from udp FD_SOCK protocol
# it has to be done via remove and add, because socket-binding is not writable attribute
/profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove
/profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:read-resource
echo Replacing tcp FD protocol with FD_ALL
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD/:remove
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add
echo
end-if
if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Unsetting socket-binding from tcp FD_SOCK protocol
# it has to be done via remove and add, because socket-binding is not writable attribute
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
echo Adding http-invoker to default-host
/profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
echo Enabling http2 for default http-listener
/profile=$clusteredProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource
echo Adding https-listener
/profile=$clusteredProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
echo
end-if
if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
/socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
echo
end-if
# Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses...
/profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
/profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
/profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
/profile=$clusteredProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jdr/:read-resource
echo Removing jdr subsystem and extension
/profile=$clusteredProfile/subsystem=jdr/:remove
echo
try
echo Trying to remove jdr extension
/extension=org.jboss.as.jdr/:remove
echo
catch
echo Wasn't able to remove jdr extension, Should be removed by migrate-domain-standalone.cli
echo
end-try
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jsf/:read-resource
echo Removing jsf subsystem and extension
/profile=$clusteredProfile/subsystem=jsf/:remove
echo
try
echo Trying to remove jsf extension
/extension=org.jboss.as.jsf/:remove
echo
catch
echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-standalone.cli
echo
end-try
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:read-resource
echo Adding distributed-cache=offlineClientSessions to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:read-resource
echo Adding distributed-cache=clientSessions to keycloak cache container...
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
echo Adding spi=x509cert-lookup...
/profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
/profile=$clusteredProfile/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
echo
end-if
# Migrate from 4.2.0 to 4.3.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:read-resource
echo Adding spi=hostname...
/profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
/profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
echo
end-if
# Migrate from 4.3.0 to 4.4.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/permission-set=login-permission/:read-resource
echo Adding permission-set=login-permission to elytron
/profile=$clusteredProfile/subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
/profile=$clusteredProfile/subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
/profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
echo
end-if
if (result == org.hibernate.infinispan) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
echo Update hibernate cache module
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:read-attribute(name=default-cache)
echo Remove default cache from hibernate cache
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate:undefine-attribute(name=default-cache)
echo
end-if
if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:read-attribute(name=mode)
echo Switching mode for timestamps cache from ASYNC to SYNC
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:write-attribute(name=mode, value=SYNC)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
echo Removing eviction from hibernate entity cache and replacing with object-memory
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/distributed-cache=local-query/eviction=EVICTION:read-resource
echo Removing eviction from hibernate local-query cache and replacing with object-memory
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
echo Removing eviction from keycloak realms cache and replacing with object-memory
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
echo Removing eviction from keycloak users cache and replacing with object-memory
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
echo Removing eviction from keycloak authorization cache and replacing with object-memory
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
echo Removing eviction from keycloak keys cache and replacing with object-memory
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
echo Changing JNDI reference in connectionsInfinispan SPI
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
/profile=$clusteredProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FRAG2:read-resource
echo Upgrade jgroups protocol from FRAG2 to FRAG3 for tcp stack
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FRAG2:remove
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FRAG3:add()
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FRAG2:read-resource
echo Upgrade jgroups protocol from FRAG2 to FRAG3 for udp stack
/profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FRAG2:remove
/profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FRAG3:add()
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=remoting/configuration=endpoint:read-resource
echo Remove endpoint from remoting configuration
/profile=$clusteredProfile/subsystem=remoting/configuration=endpoint:remove
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/socket-binding-group=$clusteredProfile-sockets/socket-binding=jgroups-mping:read-attribute(name=port)
/profile=$clusteredProfile/socket-binding-group=$clusteredProfile-sockets/socket-binding=jgroups-mping:undefine-attribute(name=port)
end-if
if (outcome == success) of /socket-binding-group=$clusteredProfile-sockets/socket-binding=modcluster:read-attribute(name=port)
/profile=$clusteredProfile/socket-binding-group=$clusteredProfile-sockets/socket-binding=modcluster:undefine-attribute(name=port)
end-if
# Migrate from 4.5.0 to 4.6.0
if (outcome == success) of /profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
echo Removing application-http-authentication from elytron subsystem
/profile=$clusteredProfile/subsystem=elytron/http-authentication-factory=application-http-authentication:remove
echo
end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
echo Setting node-identifier attribute of core-environment element in transactions subsystem
/profile=$clusteredProfile/subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
echo
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value)
try
/profile=$clusteredProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove
echo Remove port_range property from UDP transport type of udp stack
catch
echo
end-try
end-if
if (outcome == success) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value)
try
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove
echo Remove port_range property from TCP transport type of tcp stack
catch
echo
end-try
end-if
# Migrate from 4.8.3 to 5.0.0
if (outcome == failed) of /profile=$clusteredProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
echo Adding io.jaegertracing.Configuration logger
/profile=$clusteredProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
echo
end-if
# Migrate from 5.0.0 to 6.0.0
if (result == NON_XA) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
echo Removing NON_XA transaction mode from infinispan/hibernate/entity
/profile=$clusteredProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ExampleDS datasource
/profile=$clusteredProfile/subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to KeycloakDS datasource
/profile=$clusteredProfile/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=ejb3/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ejb3 subsystem
/profile=$clusteredProfile/subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=transactions/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to transactions subsystem
/profile=$clusteredProfile/subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=undertow/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to undertow subsystem
/profile=$clusteredProfile/subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$clusteredProfile/subsystem=webservices/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to webservices subsystem
/profile=$clusteredProfile/subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
# Migrate from 6.0.1 to 7.0.0
if (outcome == success) of /profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
/profile=$clusteredProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=routing:read-resource
echo Adding distributed cache routing to web cache container to infinispan subsystem
/profile=$clusteredProfile/subsystem=infinispan/cache-container=web/distributed-cache=routing/:add
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso:read-resource
echo Adding replicated cache sso to web cache container to infinispan subsystem
/profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso/:add
/profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
/profile=$clusteredProfile/subsystem=infinispan/cache-container=web/replicated-cache=sso/component=transaction/:add(mode=BATCH)
echo
end-if
if (outcome == failed) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource
echo Adding jgroups-tcp-fd socket binding to ha-sockets binding group
/socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:add(interface=private,port=57600)
echo
end-if
if (outcome == failed) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource
echo Adding jgroups-udp-fd socket binding to ha-sockets binding group
/socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:add(interface=private,port=54200)
echo
end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Adding socket-binding for FD_SOCK protocol for tcp stack in jgroups subsystem
/profile=$clusteredProfile/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
echo
end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Adding socket-binding for FD_SOCK protocol for udp stack in jgroups subsystem
/profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-udp-fd)
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
# Migrate from 7.0.0 to 8.0.0
if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /profile=$clusteredProfile/subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
echo Changing thread pool keepalive of ejb3 subsystem
/profile=$clusteredProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
/profile=$clusteredProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
echo Adding default hostname provider
/profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
end-if
if (result == request) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
echo Switching from request to default hostname provider
/profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
end-if
if (result != fixed) of /profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
try
/profile=$clusteredProfile/subsystem=keycloak-server/spi=hostname/provider=fixed:remove
echo Removed config for unused fixed hostname provider
catch
end-try
end-if
# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
if (result != org.keycloak.keycloak-model-infinispan) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
echo Setting class loader for keycloak cache-container in auth-server-clustered profile so JBoss Marshalling works properly with Infinispan 10.x
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
echo
end-if
# Migrate from 12.0.0 to 13.0.0
## Add ability to make use of automatically generated self-signed certificate with Elytron,
## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:read-resource
echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
/profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
/profile=$clusteredProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.domain.config.dir)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/key-manager=applicationKM:read-resource
echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/profile=$clusteredProfile/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
/profile=$clusteredProfile/subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
echo
end-if
if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/server-ssl-context=applicationSSC:read-resource
echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/profile=$clusteredProfile/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
if (result == 0) of /profile=$clusteredProfile/subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
/profile=$clusteredProfile/subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
if (result == 0) of /profile=$clusteredProfile/subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
/profile=$clusteredProfile/subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Set value of JPA default-datasource from empty string to 'undefined'
if (outcome == success) && (result == "") of /profile=$clusteredProfile/subsystem=jpa:read-attribute(name=default-datasource)
echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
/profile=$clusteredProfile/subsystem=jpa:undefine-attribute(name=default-datasource)
echo
end-if
echo *** End Migration of /profile=$clusteredProfile ***

View file

@ -0,0 +1,654 @@
embed-host-controller --domain-config=domain.xml
# Early versions of keycloak used "default" for the standalone profile name.
# Yours maybe be something completely different.
set standaloneProfile=auth-server-standalone
# keycloak-server.json is not normally on this path.
set pathToJson=../domain/configuration/keycloak-server.json
echo *** Begin Migration of /profile=$standaloneProfile ***
echo
# Migrate from 1.8.1 to 1.9.1
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=work/:read-resource
echo Adding local-cache=work to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=work/:add(indexing=NONE,start=LAZY)
echo
end-if
# realmVersions cache deprecated in 2.1.0
#if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
# echo Adding local-cache=realmVersions to keycloak cache container...
# /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
# /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
# echo
#end-if
# Migrate from 1.9.1 to 1.9.2
if (result == NONE) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak users cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 1.9.2 to 1.9.8
# NO CHANGES
# Migrate from 1.9.8 to 2.0.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:read-resource
echo Adding local-cache=authorization to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add(indexing=NONE,start=LAZY)
echo
end-if
if (result == undefined) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating authorization cache container..
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=100)
echo
end-if
# Migrate from 2.0.0 to 2.1.0
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
echo Removing deprecated cache 'realmVersions'
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
echo
end-if
# Migrate kecloak-server.json (deprecated in 2.2.0)
if (result == []) of /profile=$standaloneProfile/subsystem=keycloak-server/:read-children-names(child-type=spi)
echo Migrating keycloak-server.json to keycloak-server subsystem...
/profile=$standaloneProfile/subsystem=keycloak-server/:migrate-json(file=$pathToJson)
echo
end-if
if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /profile=$standaloneProfile/subsystem=keycloak-server/:read-attribute(name=providers)
echo Updating provider to default value
/profile=$standaloneProfile/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
echo
end-if
if (result == keycloak) of /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
echo Undefining default theme...
/profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
echo
end-if
if (result == expression "${jboss.server.config.dir}/themes") of /profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
echo Updating theme dir to default value
/profile=$standaloneProfile/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
echo
end-if
set persistenceProvider=jpa
# Migrate from 2.1.0 to 2.2.0
if (result == update) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
echo Updating connectionsJpa default properties...
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
echo Adding spi=userFederatedStorage...
/profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=jta-lookup/:read-resource
echo Adding spi=jta-lookup...
/profile=$standaloneProfile/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
/profile=$standaloneProfile/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
echo
end-if
# Migrate from 2.2.0 to 2.2.1
# NO CHANGES
# Migrate from 2.2.1 to 2.3.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
echo Adding local-cache=keys to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
echo
end-if
if (result == undefined) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating eviction and expiration in local-cache=keys...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
echo Adding spi=publicKeyStorage...
/profile=$standaloneProfile/subsystem=keycloak-server/spi=publicKeyStorage/:add
/profile=$standaloneProfile/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
echo
end-if
# Migrate from 2.3.0 to 2.4.0
# NO CHANGES
# Migrate from 2.4.0 to 2.5.0
if (result == NONE) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak realms cache...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 2.5.0 to 2.5.1
# NO CHANGES
# Migrate 2.5.1 to 2.5.4
if (result != REPEATABLE_READ) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
echo Changing ejb cache locking to REPEATABLE_READ
/profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
echo Removing Hibernate immutable-entity cache
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
end-if
# Migrate from 2.5.4 to 3.0.0
if (result == jpa) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
echo Removing default provider for eventsStore
/profile=$standaloneProfile/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=realm/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=user/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for userFederatedStorage SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=userFederatedStorage/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for authorizationPersister SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=authorizationPersister/:remove
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/:read-resource
echo Adding userCache SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/:add
/profile=$standaloneProfile/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/:read-resource
echo Adding realmCache SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/:add
/profile=$standaloneProfile/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
echo
end-if
if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
echo Adding 'default' as default provider for connectionsInfinispan
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
echo
end-if
# Migrate from 3.0.0 to 3.1.0
# NO CHANGES
# Migrate from 3.1.0 to 3.2.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource
echo Adding local-cache=authenticationSessions to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
echo Adding local-cache=actionTokens to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
if (result == 100L) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=max-entries)
echo Updating eviction in local-cache=authorization...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 3.2.0 to 3.2.1
# NO CHANGES
# Migrate from 3.2.1 to 3.3.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=core-management/:read-resource
try
echo Trying to add core-management extension
/extension=org.wildfly.extension.core-management/:add
echo
catch
echo Wasn't able to add core-management extension, it should be already added by migrate-domain-standalone.cli
echo
end-try
echo Adding subsystem core-management
/profile=$standaloneProfile/subsystem=core-management/:add
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/:read-resource
try
echo Trying to add elytron extension
/extension=org.wildfly.extension.elytron/:add
echo
catch
echo Wasn't able to add elytron extension, it should be already added by migrate-domain-standalone.cli
echo
end-try
echo Adding subsystem elytron
/profile=$standaloneProfile/subsystem=elytron/:add
/profile=$standaloneProfile/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
/profile=$standaloneProfile/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
/profile=$standaloneProfile/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
/profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
/profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
/profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
/profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
/profile=$standaloneProfile/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
/profile=$standaloneProfile/subsystem=elytron/provider-http-server-mechanism-factory=global/:add
/profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
/profile=$standaloneProfile/subsystem=elytron/provider-sasl-server-factory=global/:add
/profile=$standaloneProfile/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
/profile=$standaloneProfile/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
/profile=$standaloneProfile/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
/profile=$standaloneProfile/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
/profile=$standaloneProfile/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
/profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
/profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=persistent:read-resource
echo Removing local-cache persistent from web cache-container
/profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=persistent:remove
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent:read-resource
echo Removing local-cache persistent from ejb cache-container
/profile=$standaloneProfile/subsystem=infinispan/cache-container=ejb/local-cache=persistent:remove
echo
end-if
if (result == local-query) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/:read-attribute(name=default-cache)
echo Removing default-cache from hibernate cache-container
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/:undefine-attribute(name=default-cache)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
echo Adding http-invoker to default-host
/profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
echo Enabling http2 for default http-listener
/profile=$standaloneProfile/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/https-listener=https/:read-resource
echo Adding https-listener
/profile=$standaloneProfile/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
echo
end-if
if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
/socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
echo
end-if
# Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses...
/profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
/profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
/profile=$standaloneProfile/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
/profile=$standaloneProfile/subsystem=undertow/configuration=filter/response-header=server-header/:remove
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=jdr/:read-resource
echo Removing jdr subsystem and extension
/profile=$standaloneProfile/subsystem=jdr/:remove
echo
try
echo Trying to remove jdr extension
/extension=org.jboss.as.jdr/:remove
echo
catch
echo Wasn't able to remove jdr extension, it should be removed by migrate-domain-standalone.cli
echo
end-try
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=jsf/:read-resource
echo Removing jsf subsystem and extension
/profile=$standaloneProfile/subsystem=jsf/:remove
echo
try
echo Trying to remove jsf extension
/extension=org.jboss.as.jsf/:remove
echo
catch
echo Wasn't able to remove jsf extension, Should be removed by migrate-domain-standalone.cli
echo
end-try
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:read-resource
echo Adding local-cache=clientSessions to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:read-resource
echo Adding local-cache=offlineClientSessions to keycloak cache container...
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
echo Adding spi=x509cert-lookup...
/profile=$standaloneProfile/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
/profile=$standaloneProfile/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
echo
end-if
# Migrate from 4.2.0 to 4.3.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:read-resource
echo Adding spi=hostname...
/profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
/profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
echo
end-if
# Migrate from 4.3.0 to 4.4.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/permission-set=login-permission/:read-resource
echo Adding permission-set=login-permission to elytron
/profile=$standaloneProfile/subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
/profile=$standaloneProfile/subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
/profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
echo
end-if
if (result == org.hibernate.infinispan) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
echo Update hibernate cache module
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
echo Removing eviction from hibernate entity cache and replacing with object-memory
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:read-resource
echo Removing eviction from hibernate local-query cache and replacing with object-memory
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
echo Removing eviction from keycloak realms cache and replacing with object-memory
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
echo Removing eviction from keycloak users cache and replacing with object-memory
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
echo Removing eviction from keycloak authorization cache and replacing with object-memory
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
echo Removing eviction from keycloak keys cache and replacing with object-memory
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
echo Changing JNDI reference in connectionsInfinispan SPI
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
/profile=$standaloneProfile/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
echo
end-if
# Migrate from 4.5.0 to 4.6.0
if (outcome == success) of /profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
echo Removing application-http-authentication from elytron subsystem
/profile=$standaloneProfile/subsystem=elytron/http-authentication-factory=application-http-authentication:remove
echo
end-if
if (result == undefined) of /profile=$standaloneProfile/subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
echo Setting node-identifier attribute of core-environment element in transactions subsystem
/profile=$standaloneProfile/subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
echo
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value)
try
/profile=$standaloneProfile/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove
echo Remove port_range property from UDP transport type of udp stack
catch
echo
end-try
end-if
if (outcome == success) of /profile=$standaloneProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value)
try
/profile=$standaloneProfile/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove
echo Remove port_range property from TCP transport type of tcp stack
catch
echo
end-try
end-if
# Migrate from 4.8.3 to 5.0.0
if (outcome == failed) of /profile=$standaloneProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
echo Adding io.jaegertracing.Configuration logger
/profile=$standaloneProfile/subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
echo
end-if
# Migrate from 5.0.0 to 6.0.0
if (result == NON_XA) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
echo Removing NON_XA transaction mode from infinispan/hibernate/entity
/profile=$standaloneProfile/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ExampleDS datasource
/profile=$standaloneProfile/subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to KeycloakDS datasource
/profile=$standaloneProfile/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=ejb3/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ejb3 subsystem
/profile=$standaloneProfile/subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=transactions/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to transactions subsystem
/profile=$standaloneProfile/subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=undertow/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to undertow subsystem
/profile=$standaloneProfile/subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /profile=$standaloneProfile/subsystem=webservices/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to webservices subsystem
/profile=$standaloneProfile/subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
# Migrate from 6.0.1 to 7.0.0
if (outcome == success) of /profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
/profile=$standaloneProfile/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=routing:read-resource
echo Adding local cache routing to web cache container to infinispan subsystem
/profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=routing/:add
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso:read-resource
echo Adding local cache sso to web cache container to infinispan subsystem
/profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso/:add
/profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
/profile=$standaloneProfile/subsystem=infinispan/cache-container=web/local-cache=sso/component=transaction/:add(mode=BATCH)
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
# Migrate from 7.0.0 to 8.0.0
if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /profile=$standaloneProfile/subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
echo Changing thread pool keepalive of ejb3 subsystem
/profile=$standaloneProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
/profile=$standaloneProfile/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
echo Adding default hostname provider
/profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
end-if
if (result == request) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
echo Switching from request to default hostname provider
/profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
end-if
if (result != fixed) of /profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
try
/profile=$standaloneProfile/subsystem=keycloak-server/spi=hostname/provider=fixed:remove
echo Removed config for unused fixed hostname provider
catch
end-try
end-if
# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
if (result != org.keycloak.keycloak-model-infinispan) of /profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x
/profile=$standaloneProfile/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
echo
end-if
# Migrate from 12.0.0 to 13.0.0
## Add ability to make use of automatically generated self-signed certificate with Elytron,
## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:read-resource
echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
/profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
/profile=$standaloneProfile/subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.domain.config.dir)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/key-manager=applicationKM:read-resource
echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/profile=$standaloneProfile/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
/profile=$standaloneProfile/subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
echo
end-if
if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/server-ssl-context=applicationSSC:read-resource
echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/profile=$standaloneProfile/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
if (result == 0) of /profile=$standaloneProfile/subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
/profile=$standaloneProfile/subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
if (result == 0) of /profile=$standaloneProfile/subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
/profile=$standaloneProfile/subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Set value of JPA default-datasource from empty string to 'undefined'
if (outcome == success) && (result == "") of /profile=$standaloneProfile/subsystem=jpa:read-attribute(name=default-datasource)
echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
/profile=$standaloneProfile/subsystem=jpa:undefine-attribute(name=default-datasource)
echo
end-if
echo *** End Migration of /profile=$standaloneProfile ***

View file

@ -0,0 +1,891 @@
echo
echo *** WARNING ***
echo
echo ** If the following embed-server command fails, manual intervention is needed.
echo ** In such case, remove any <extension> and <subsystem> declarations referring
echo ** to the removed smallrye modules from the standalone-ha.xml file and rerun this script.
echo ** For details, see Migration Changes section in the Upgrading guide.
echo ** We apologize for this inconvenience.
echo
embed-server --server-config=standalone-ha.xml
echo *** Begin Migration ***
echo
# Migrate from 1.8.1 to 1.9.1
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:read-resource
echo Adding replicated-cache=work to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/:add(mode=SYNC)
echo
end-if
# realmVersions cache deprecated in 2.1.0
#if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
# echo Adding local-cache=realmVersions to keycloak cache container...
# /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
# /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
# echo
#end-if
# Migrate from 1.9.1 to 1.9.2
if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak users cache container...
/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 1.9.2 to 2.0.0
# NO CHANGES
# Migrate from 2.0.0 to 2.1.0
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
echo Removing deprecated cache 'realmVersions'
/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
echo
end-if
# Migrate kecloak-server.json (deprecated in 2.2.0)
if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type=spi)
echo Migrating keycloak-server.json to server cofig xml...
/subsystem=keycloak-server/:migrate-json
echo
end-if
set persistenceProvider=jpa
if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers)
echo Updating provider to default value
/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
echo
end-if
if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
echo Undefining default theme...
/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
echo
end-if
if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
echo Updating theme dir to default value
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
echo
end-if
# Migrate from 2.1.0 to 2.2.0
if (outcome == failed) of /extension=org.jboss.as.deployment-scanner/:read-resource
echo Adding deployment-scanner extension...
/extension=org.jboss.as.deployment-scanner/:add(module=org.jboss.as.deployment-scanner)
echo
end-if
if (outcome == failed) of /subsystem=deployment-scanner/:read-resource
echo Adding deployment-scanner...
/subsystem=deployment-scanner/:add
echo
end-if
if (outcome == failed) of /subsystem=deployment-scanner/scanner=default/:read-resource
echo Adding scanner=default
/subsystem=deployment-scanner/scanner=default/:add(path=deployments,relative-to=jboss.server.base.dir,runtime-failure-causes-rollback=${jboss.deployment.scanner.rollback.on.failure:false},scan-interval=5000)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
# In migration from 3.0.0 to 3.2.0 there is authorization distributed-cache replaced with local-cache
try
echo
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:add(mode=SYNC,owners=1)
echo Added distributed-cache=authorization
catch
end-try
end-if
if (result == update) of /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
echo Updating connectionsJpa default properties...
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
echo Adding spi=userFederatedStorage...
/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=jta-lookup/:read-resource
echo Adding spi=jta-lookup...
/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
echo
end-if
# Migrate from 2.2.0 to 2.2.1
# NO CHANGES
# Migrate from 2.2.1 to 2.3.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
echo Adding local-cache=keys to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
echo
end-if
if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating eviction and expiration in local-cache=keys...
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
echo Adding spi=publicKeyStorage...
/subsystem=keycloak-server/spi=publicKeyStorage/:add
/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
echo
end-if
# Migrate from 2.3.0 to 2.4.0
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:read-resource
echo Replacing invalidation-cache=users with local-cache=users
/subsystem=infinispan/cache-container=keycloak/invalidation-cache=users/:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=users/:add
echo
end-if
if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating eviction in local-cache=users
/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:read-resource
echo Replacing invalidation-cache=realms with local-cache=realms
/subsystem=infinispan/cache-container=keycloak/invalidation-cache=realms/:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/:add
echo
end-if
# Migrate from 2.4.0 to 2.5.0
if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak realms cache...
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 2.5.0 to 2.5.1
# NO CHANGES
# Migrate 2.5.1 to 2.5.4
if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
echo Changing ejb cache locking to REPEATABLE_READ
/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
echo Removing Hibernate immutable-entity cache
/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
end-if
# Migrate from 2.5.4 to 3.0.0
if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
echo Removing default provider for eventsStore
/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/subsystem=keycloak-server/spi=realm/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/subsystem=keycloak-server/spi=user/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for userFederatedStorage SPI
/subsystem=keycloak-server/spi=userFederatedStorage/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for authorizationPersister SPI
/subsystem=keycloak-server/spi=authorizationPersister/:remove
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource
echo Adding userCache SPI
/subsystem=keycloak-server/spi=userCache/:add
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource
echo Adding realmCache SPI
/subsystem=keycloak-server/spi=realmCache/:add
/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
echo
end-if
if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
echo Adding 'default' as default provider for connectionsInfinispan
/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
echo
end-if
# Migrate from 3.0.0 to 3.2.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:read-resource
echo Adding distributed-cache=authenticationSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
echo Adding distributed-cache=actionTokens to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:read-resource
echo Replacing distributed-cache=authorization with local-cache=authorization
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization/:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 3.2.0 to 3.2.1
# NO CHANGES
# Migrate from 3.2.1 to 3.3.0
if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource
echo Adding keystore to ApplicationRealm...
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost)
echo
end-if
if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource
echo Adding elytron extension...
/extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron)
echo
end-if
if (outcome == failed) of /subsystem=elytron/:read-resource
echo Adding elytron subsystem
/subsystem=elytron:add
/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
/subsystem=elytron/identity-realm=local/:add(identity="$local")
/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
/subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}])
/subsystem=elytron/provider-http-server-mechanism-factory=global/:add
/subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
/subsystem=elytron/provider-sasl-server-factory=global/:add
/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
/subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
echo
end-if
if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
echo
end-if
if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
echo
end-if
if (result == ASYNC) of /subsystem=infinispan/cache-container=web/distributed-cache=dist:read-attribute(name=mode)
echo Setting SYNC mode for web cache-container
/subsystem=infinispan/cache-container=web/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
echo
end-if
if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-cache=dist:read-attribute(name=mode)
echo Setting SYNC mode for ejb cache-container
/subsystem=infinispan/cache-container=ejb/distributed-cache=dist:write-attribute(name=mode,value=SYNC)
echo
end-if
if (result == undefined) of /subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
echo Setting cluster attribute to ejb in jgroups subsystem
/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
echo
end-if
if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Unsetting socket-binding from udp FD_SOCK protocol
# it has to be done via remove and add, because socket-binding is not writable attribute
/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:remove
/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:add
echo
end-if
if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FD/:read-resource
echo Replacing tcp FD protocol with FD_ALL
/subsystem=jgroups/stack=tcp/protocol=FD/:remove
/subsystem=jgroups/stack=tcp/protocol=FD_ALL/:add
echo
end-if
if (result != undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Unsetting socket-binding from tcp FD_SOCK protocol
# it has to be done via remove and add, because socket-binding is not writable attribute
/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:remove
/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:add
echo
end-if
if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
echo Adding http-invoker to default-host
/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
echo
end-if
if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
echo Enabling http2 for default http-listener
/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
echo
end-if
if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource
echo Adding https-listener
/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
echo
end-if
if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource
echo Removing socket-binding jgroups-tcp-fd
/socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:remove
echo
end-if
if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource
echo Removing socket-binding jgroups-udp-fd
/socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:remove
echo
end-if
if (result == 224.0.1.105) of /socket-binding-group=standard-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
/socket-binding-group=standard-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
echo
end-if
# Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses...
/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
/subsystem=undertow/configuration=filter/response-header=server-header/:remove
echo
end-if
if (outcome == success) of /subsystem=jdr/:read-resource
echo Removing jdr subsystem and extension
/subsystem=jdr/:remove
/extension=org.jboss.as.jdr/:remove
echo
end-if
if (outcome == success) of /subsystem=jsf/:read-resource
echo Removing jsf subsystem and extension
/subsystem=jsf/:remove
/extension=org.jboss.as.jsf/:remove
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:read-resource
echo Adding distributed-cache=clientSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:read-resource
echo Adding distributed-cache=offlineClientSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/:add(mode=SYNC,owners=1)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
echo Adding spi=x509cert-lookup...
/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
echo
end-if
# Migrate from 4.2.0 to 4.3.0
if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/:read-resource
echo Adding spi=hostname...
/subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
echo
end-if
# Migrate from 4.3.0 to 4.4.0
if (outcome == failed) of /subsystem=elytron/permission-set=login-permission/:read-resource
echo Adding permission-set=login-permission to elytron
/subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
/subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
/subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
echo
end-if
if (result == org.hibernate.infinispan) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
echo Update hibernate cache module
/subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=default-cache)
echo Remove default cache from hibernate cache
/subsystem=infinispan/cache-container=hibernate:undefine-attribute(name=default-cache)
echo
end-if
if (result == ASYNC) of /subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:read-attribute(name=mode)
echo Switching mode for timestamps cache from ASYNC to SYNC
/subsystem=infinispan/cache-container=hibernate/replicated-cache=timestamps:write-attribute(name=mode, value=SYNC)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
echo Removing eviction from hibernate entity cache and replacing with object-memory
/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/distributed-cache=local-query/eviction=EVICTION:read-resource
echo Removing eviction from hibernate local-query cache and replacing with object-memory
/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
echo Removing eviction from keycloak realms cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
echo Removing eviction from keycloak users cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
echo Removing eviction from keycloak authorization cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
echo Removing eviction from keycloak keys cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
echo
end-if
if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=FRAG2:read-resource
echo Upgrade jgroups protocol from FRAG2 to FRAG3 for tcp stack
/subsystem=jgroups/stack=tcp/protocol=FRAG2:remove
/subsystem=jgroups/stack=tcp/protocol=FRAG3:add()
echo
end-if
if (outcome == success) of /subsystem=jgroups/stack=udp/protocol=FRAG2:read-resource
echo Upgrade jgroups protocol from FRAG2 to FRAG3 for udp stack
/subsystem=jgroups/stack=udp/protocol=FRAG2:remove
/subsystem=jgroups/stack=udp/protocol=FRAG3:add()
echo
end-if
if (outcome == success) of /subsystem=remoting/configuration=endpoint:read-resource
echo Remove endpoint from remoting configuration
/subsystem=remoting/configuration=endpoint:remove
echo
end-if
if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-attribute(name=port)
/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:undefine-attribute(name=port)
end-if
if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=modcluster:read-attribute(name=port)
/socket-binding-group=standard-sockets/socket-binding=modcluster:undefine-attribute(name=port)
end-if
if (outcome == success) of /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
echo Changing JNDI reference in connectionsInfinispan SPI
/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
echo
end-if
# Migrate from 4.4.0 to 4.5.0
if (outcome == failed) of /subsystem=core-management/:read-resource
echo Adding core-management extension
/extension=org.wildfly.extension.core-management/:add
echo Adding subsystem core-management
/subsystem=core-management/:add
echo
end-if
# Migrate from 4.5.0 to 4.6.0
if (outcome == success) of /subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
echo Removing application-http-authentication from elytron subsystem
/subsystem=elytron/http-authentication-factory=application-http-authentication:remove
echo
end-if
if (result == undefined) of /subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
echo Setting node-identifier attribute of core-environment element in transactions subsystem
/subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
echo
end-if
if (outcome == success) of /subsystem=jgroups/stack=udp/transport=UDP/property=port_range:read-attribute(name=value)
try
/subsystem=jgroups/stack=udp/transport=UDP/property=port_range:remove
echo Remove port_range property from UDP transport type of udp stack
catch
echo
end-try
end-if
if (outcome == success) of /subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:read-attribute(name=value)
try
/subsystem=jgroups/stack=tcp/transport=TCP/property=port_range:remove
echo Remove port_range property from TCP transport type of tcp stack
catch
echo
end-try
end-if
# Migrate from 4.8.3 to 5.0.0
if (outcome == failed) of /subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
echo Adding io.jaegertracing.Configuration logger
/subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
echo
end-if
# Migrate from 5.0.0 to 6.0.0
if (result == NON_XA) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
echo Removing NON_XA transaction mode from infinispan/hibernate/entity
/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
echo
end-if
if (result == false) of /subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ExampleDS datasource
/subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to KeycloakDS datasource
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=ejb3/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ejb3 subsystem
/subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=transactions/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to transactions subsystem
/subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=undertow/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to undertow subsystem
/subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=webservices/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to webservices subsystem
/subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (outcome == failed) of /extension=org.jboss.as.weld/:read-resource
echo Adding weld extension
/extension=org.jboss.as.weld/:add
echo
end-if
if (outcome == failed) of /subsystem=weld/:read-resource
echo Adding weld subsystem
/subsystem=weld/:add
echo
end-if
## KEYCLOAK-16723 / KEYCLOAK-16907:
##
## Loading of MicroProfile SmallRye config, health, and metrics extensions & subsystems got removed
## as part of upgrading to Wildfly 22. See [WFLY-14203], [WFLY-14151], and [WFLY-14108] for details
# Migrate from 6.0.1 to 7.0.0
if (outcome == success) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=web/distributed-cache=routing:read-resource
echo Adding distributed cache routing to web cache container to infinispan subsystem
/subsystem=infinispan/cache-container=web/distributed-cache=routing/:add
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=web/replicated-cache=sso:read-resource
echo Adding replicated cache sso to web cache container to infinispan subsystem
/subsystem=infinispan/cache-container=web/replicated-cache=sso/:add
/subsystem=infinispan/cache-container=web/replicated-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
/subsystem=infinispan/cache-container=web/replicated-cache=sso/component=transaction/:add(mode=BATCH)
echo
end-if
if (outcome == failed) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource
echo Adding jgroups-tcp-fd socket binding to socket binding group
/socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:add(interface=private,port=57600)
echo
end-if
if (outcome == failed) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource
echo Adding jgroups-udp-fd socket binding to socket binding group
/socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:add(interface=private,port=54200)
echo
end-if
if (result == undefined) of /subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Adding socket-binding for FD_SOCK protocol for tcp stack in jgroups subsystem
/subsystem=jgroups/stack=tcp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
echo
end-if
if (result == undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Adding socket-binding for FD_SOCK protocol for udp stack in jgroups subsystem
/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:write-attribute(name=socket-binding,value=jgroups-udp-fd)
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
# Migrate from 7.0.0 to 8.0.0
if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
echo Changing thread pool keepalive of ejb3 subsystem
/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
echo
end-if
if (result == UP) of /subsystem=microprofile-health-smallrye:read-attribute(name=empty-liveness-checks-status)
echo Adding empty-liveness-checks-status attribute to microprofile-health-smallrye subsystem
/subsystem=microprofile-health-smallrye:write-attribute(name=empty-liveness-checks-status, value=${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP})
echo
end-if
if (result == UP) of /subsystem=microprofile-health-smallrye:read-attribute(name=empty-readiness-checks-status)
echo Adding empty-readiness-checks-status attribute to microprofile-health-smallrye subsystem
/subsystem=microprofile-health-smallrye:write-attribute(name=empty-readiness-checks-status, value=${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP})
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
echo Adding default hostname provider
/subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
end-if
if (result == request) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
echo Switching from request to default hostname provider
/subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
end-if
if (result != fixed) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
try
/subsystem=keycloak-server/spi=hostname/provider=fixed:remove
echo Removed config for unused fixed hostname provider
catch
end-try
end-if
# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
if (result != org.keycloak.keycloak-model-infinispan) of /subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x
/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
echo
end-if
# Migrate from 11.0.0 to 12.0.0
if (result != expression "${jboss.mail.server.host:localhost}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=host)
echo Adding host expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=host, value=expression "${jboss.mail.server.host:localhost}")
echo
end-if
if (result != expression "${jboss.mail.server.port:25}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=port)
echo Adding port expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=port, value=expression "${jboss.mail.server.port:25}")
echo
end-if
# Migrate from 12.0.0 to 13.0.0
## KEYCLOAK-16723 / KEYCLOAK-16907:
##
## Based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] remove MicroProfile SmallRye config, health, and metrics if present
if (outcome == success) of /subsystem=microprofile-config-smallrye/:read-resource
echo Removing microprofile-config-smallrye subsystem...
/subsystem=microprofile-config-smallrye/:remove
echo
end-if
if (outcome == success) of /extension=org.wildfly.extension.microprofile.config-smallrye/:read-resource
echo Removing microprofile.config-smallrye extension...
/extension=org.wildfly.extension.microprofile.config-smallrye/:remove
echo
end-if
if (outcome == success) of /subsystem=microprofile-health-smallrye/:read-resource
echo Removing microprofile-health-smallrye subsystem...
/subsystem=microprofile-health-smallrye/:remove
echo
end-if
if (outcome == success) of /extension=org.wildfly.extension.microprofile.health-smallrye/:read-resource
echo Removing microprofile.health-smallrye extension...
/extension=org.wildfly.extension.microprofile.health-smallrye/:remove
echo
end-if
if (outcome == success) of /subsystem=microprofile-metrics-smallrye/:read-resource
echo Removing microprofile-metrics-smallrye subsystem...
/subsystem=microprofile-metrics-smallrye/:remove
echo
end-if
if (outcome == success) of /extension=org.wildfly.extension.microprofile.metrics-smallrye/:read-resource
echo Removing microprofile.metrics-smallrye extension...
/extension=org.wildfly.extension.microprofile.metrics-smallrye/:remove
echo
end-if
## Yet based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] load
## org.wildfly.extension.health/org.wildfly.extension.metrics extensions & subsystems instead
if (outcome == failed) of /extension=org.wildfly.extension.health:read-resource
echo Adding WildFly extension for health...
/extension=org.wildfly.extension.health:add(module=org.wildfly.extension.health)
echo
end-if
if (outcome == failed) of /subsystem=health:read-resource
echo Adding Wildfly subsystem for health...
/subsystem=health:add(security-enabled=false)
echo
end-if
if (outcome == failed) of /extension=org.wildfly.extension.metrics:read-resource
echo Adding Wildfly extension for base metrics...
/extension=org.wildfly.extension.metrics:add(module=org.wildfly.extension.metrics)
echo
end-if
if (outcome == failed) of /subsystem=metrics:read-resource
echo Adding Wildfly subsystem for base metrics...
/subsystem=metrics:add(exposed-subsystems=[*],security-enabled=false)
echo
end-if
if (result == "Keycloak") of :read-attribute(name=product-name)
echo Adding base metrics subsystem prefix to Keycloak...
/subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:wildfly})
echo
else
echo Adding base metrics subsystem prefix to RH-SSO...
/subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:jboss})
echo
end-if
## Add ability to make use of automatically generated self-signed certificate with Elytron,
## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
if (outcome == failed) of /subsystem=elytron/key-store=applicationKS:read-resource
echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
/subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
/subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.server.config.dir)
echo
end-if
if (outcome == failed) of /subsystem=elytron/key-manager=applicationKM:read-resource
echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
/subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
echo
end-if
if (outcome == failed) of /subsystem=elytron/server-ssl-context=applicationSSC:read-resource
echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
if (result == 0) of /subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
/subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
if (result == 0) of /subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
/subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Set value of JPA default-datasource from empty string to 'undefined'
if (outcome == success) && (result == "") of /subsystem=jpa:read-attribute(name=default-datasource)
echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
/subsystem=jpa:undefine-attribute(name=default-datasource)
echo
end-if
echo *** End Migration ***

View file

@ -0,0 +1,744 @@
echo
echo *** WARNING ***
echo
echo ** If the following embed-server command fails, manual intervention is needed.
echo ** In such case, remove any <extension> and <subsystem> declarations referring
echo ** to the removed smallrye modules from the standalone.xml file and rerun this script.
echo ** For details, see Migration Changes section in the Upgrading guide.
echo ** We apologize for this inconvenience.
echo
embed-server --server-config=standalone.xml
echo *** Begin Migration ***
echo
# Migrate from 1.8.1 to 1.9.1
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=work/:read-resource
echo Adding local-cache=work to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=work/:add(indexing=NONE,start=LAZY)
echo
end-if
# realmVersions cache deprecated in 2.1.0
#if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
# echo Adding local-cache=realmVersions to keycloak cache container...
# /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:add(indexing=NONE,start=LAZY)
# /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/component=transaction/:write-attribute(name=mode,value=BATCH)
# echo
#end-if
# Migrate from 1.9.1 to 1.9.2
if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak users cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=users/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 1.9.2 to 1.9.8
# NO CHANGES
# Migrate from 1.9.8 to 2.0.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:read-resource
echo Adding local-cache=authorization to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/:add(indexing=NONE,start=LAZY)
echo
end-if
if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating authorization cache container..
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=100)
echo
end-if
# Migrate from 2.0.0 to 2.1.0
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:read-resource
echo Removing deprecated cache 'realmVersions'
/subsystem=infinispan/cache-container=keycloak/local-cache=realmVersions/:remove
echo
end-if
# Migrate kecloak-server.json (deprecated in 2.2.0)
if (result == []) of /subsystem=keycloak-server/:read-children-names(child-type=spi)
echo Migrating keycloak-server.json to server cofig xml...
/subsystem=keycloak-server/:migrate-json
echo
end-if
if (result == [expression "classpath:${jboss.server.config.dir}/providers/*"]) of /subsystem=keycloak-server/:read-attribute(name=providers)
echo Updating provider to default value
/subsystem=keycloak-server/:write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*])
echo
end-if
if (result == keycloak) of /subsystem=keycloak-server/theme=defaults:read-attribute(name=default)
echo Undefining default theme...
/subsystem=keycloak-server/theme=defaults:undefine-attribute(name=default)
echo
end-if
if (result == expression "${jboss.server.config.dir}/themes") of /subsystem=keycloak-server/theme=defaults:read-attribute(name=dir)
echo Updating theme dir to default value
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=dir,value=${jboss.home.dir}/themes)
echo
end-if
set persistenceProvider=jpa
# Migrate from 2.1.0 to 2.2.0
if (outcome == failed) of /extension=org.jboss.as.deployment-scanner/:read-resource
echo Adding deployment-scanner extension...
/extension=org.jboss.as.deployment-scanner/:add(module=org.jboss.as.deployment-scanner)
echo
end-if
if (outcome == failed) of /subsystem=deployment-scanner/:read-resource
echo Adding deployment-scanner...
/subsystem=deployment-scanner/:add
echo
end-if
if (outcome == failed) of /subsystem=deployment-scanner/scanner=default/:read-resource
echo Adding scanner=default
/subsystem=deployment-scanner/scanner=default/:add(path=deployments,relative-to=jboss.server.base.dir,runtime-failure-causes-rollback=${jboss.deployment.scanner.rollback.on.failure:false},scan-interval=5000)
echo
end-if
if (result == update) of /subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-get(name=properties,key=databaseSchema)
echo Updating connectionsJpa default properties...
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-remove(name=properties,key=databaseSchema)
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=initializeEmpty,value=true)
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationStrategy,value=update)
/subsystem=keycloak-server/spi=connectionsJpa/provider=default/:map-put(name=properties,key=migrationExport,value=${jboss.home.dir}/keycloak-database-update.sql)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource
echo Adding spi=userFederatedStorage...
/subsystem=keycloak-server/spi=userFederatedStorage/:add(default-provider=$persistenceProvider)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=jta-lookup/:read-resource
echo Adding spi=jta-lookup...
/subsystem=keycloak-server/spi=jta-lookup/:add(default-provider=${keycloak.jta.lookup.provider:jboss})
/subsystem=keycloak-server/spi=jta-lookup/provider=jboss/:add(enabled=true)
echo
end-if
# Migrate from 2.2.0 to 2.2.1
# NO CHANGES
# Migrate from 2.2.1 to 2.3.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/:read-resource
echo Adding local-cache=keys to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/:add(indexing=NONE,start=LAZY)
echo
end-if
if (result == undefined) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:read-attribute(name=strategy,include-defaults=false)
echo Updating eviction and expiration in local-cache=keys...
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=eviction/:write-attribute(name=max-entries,value=1000)
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/component=expiration/:write-attribute(name=max-idle,value=3600000)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=publicKeyStorage/:read-resource
echo Adding spi=publicKeyStorage...
/subsystem=keycloak-server/spi=publicKeyStorage/:add
/subsystem=keycloak-server/spi=publicKeyStorage/provider=infinispan/:add(properties={minTimeBetweenRequests => "10"},enabled=true)
echo
end-if
# Migrate from 2.3.0 to 2.4.0
# NO CHANGES
# Migrate from 2.4.0 to 2.5.0
if (result == NONE) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:read-attribute(name=strategy)
echo Adding eviction strategy to keycloak realms cache...
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=strategy,value=LRU)
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 2.5.0 to 2.5.1
# NO CHANGES
# Migrate 2.5.1 to 2.5.4
if (result != REPEATABLE_READ) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:read-attribute(name=isolation)
echo Changing ejb cache locking to REPEATABLE_READ
/subsystem=infinispan/cache-container=ejb/local-cache=persistent/component=locking/:write-attribute(name=isolation,value=REPEATABLE_READ)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:read-resource
echo Removing Hibernate immutable-entity cache
/subsystem=infinispan/cache-container=hibernate/local-cache=immutable-entity/:remove
end-if
# Migrate from 2.5.4 to 3.0.0
if (result == jpa) of /subsystem=keycloak-server/spi=eventsStore/:read-attribute(name=default-provider,include-defaults=false)
echo Removing default provider for eventsStore
/subsystem=keycloak-server/spi=eventsStore/:undefine-attribute(name=default-provider)
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=realm/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/subsystem=keycloak-server/spi=realm/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=user/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for user SPI
/subsystem=keycloak-server/spi=user/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=userFederatedStorage/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for userFederatedStorage SPI
/subsystem=keycloak-server/spi=userFederatedStorage/:remove
echo
end-if
if ((outcome == success) && (result.default-provider == jpa) && (result.provider == undefined)) of /subsystem=keycloak-server/spi=authorizationPersister/:read-resource(recursive=false,include-defaults=false)
echo Removing declaration for authorizationPersister SPI
/subsystem=keycloak-server/spi=authorizationPersister/:remove
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=userCache/:read-resource
echo Adding userCache SPI
/subsystem=keycloak-server/spi=userCache/:add
/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=true)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=realmCache/:read-resource
echo Adding realmCache SPI
/subsystem=keycloak-server/spi=realmCache/:add
/subsystem=keycloak-server/spi=realmCache/provider=default/:add(enabled=true)
echo
end-if
if ((result.default-provider == undefined) && (result.provider.default.enabled == true)) of /subsystem=keycloak-server/spi=connectionsInfinispan/:read-resource(recursive=true,include-defaults=false)
echo Adding 'default' as default provider for connectionsInfinispan
/subsystem=keycloak-server/spi=connectionsInfinispan/:write-attribute(name=default-provider,value=default)
echo
end-if
# Migrate from 3.0.0 to 3.1.0
# NO CHANGES
# Migrate from 3.1.0 to 3.2.0
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:read-resource
echo Adding local-cache=authenticationSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=authenticationSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
echo Adding local-cache=actionTokens to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
echo
end-if
if (result == 100L) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:read-attribute(name=max-entries)
echo Updating eviction in local-cache=authorization...
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/component=eviction/:write-attribute(name=max-entries,value=10000)
echo
end-if
# Migrate from 3.2.0 to 3.2.1
# NO CHANGES
# Migrate from 3.2.1 to 3.3.0
if (outcome == failed) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource
echo Adding keystore to ApplicationRealm...
/core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path=application.keystore,keystore-relative-to=jboss.server.config.dir,keystore-password=password,alias=server,key-password=password,generate-self-signed-certificate-host=localhost)
echo
end-if
if (outcome == failed) of /extension=org.wildfly.extension.elytron/:read-resource
echo Adding elytron extension...
/extension=org.wildfly.extension.elytron/:add(module=org.wildfly.extension.elytron)
echo
end-if
if (outcome == failed) of /subsystem=elytron/:read-resource
echo Adding elytron subsystem
/subsystem=elytron:add
/subsystem=elytron/provider-loader=elytron/:add(module=org.wildfly.security.elytron)
/subsystem=elytron/provider-loader=openssl/:add(module=org.wildfly.openssl)
/subsystem=elytron/aggregate-providers=combined-providers/:add(providers=[elytron,openssl])
/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
/subsystem=elytron/identity-realm=local/:add(identity="$local")
/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
/subsystem=elytron/security-domain=ApplicationDomain/:add(default-realm=ApplicationRealm,permission-mapper=default-permission-mapper,realms=[{realm=ApplicationRealm,role-decoder=groups-to-roles},{realm=local}])
/subsystem=elytron/security-domain=ManagementDomain/:add(default-realm=ManagementRealm,permission-mapper=default-permission-mapper,realms=[{realm=ManagementRealm,role-decoder=groups-to-roles},{realm=local,role-mapper=super-user-mapper}])
/subsystem=elytron/provider-http-server-mechanism-factory=global/:add
/subsystem=elytron/http-authentication-factory=management-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=DIGEST,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
/subsystem=elytron/http-authentication-factory=application-http-authentication/:add(http-server-mechanism-factory=global,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=Application Realm}]},{mechanism-name=FORM}])
/subsystem=elytron/provider-sasl-server-factory=global/:add
/subsystem=elytron/mechanism-provider-filtering-sasl-server-factory=elytron/:add(sasl-server-factory=global,filters=[{provider-name=WildFlyElytron}])
/subsystem=elytron/configurable-sasl-server-factory=configured/:add(sasl-server-factory=elytron,properties={wildfly.sasl.local-user.default-user => "$local"})
/subsystem=elytron/sasl-authentication-factory=management-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ManagementDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ManagementRealm}]}])
/subsystem=elytron/sasl-authentication-factory=application-sasl-authentication/:add(sasl-server-factory=configured,security-domain=ApplicationDomain,mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local},{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=ApplicationRealm}]}])
/subsystem=elytron/:write-attribute(name=final-providers,value=combined-providers)
/subsystem=elytron/:write-attribute(name=disallowed-providers,value=[OracleUcrypto])
echo
end-if
if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Adding channel-creation-options READ_TIMEOUT to ejb3 remote
/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:add(value="${prop.remoting-connector.read.timeout:20}",type=xnio)
echo
end-if
if (outcome == failed) of /subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:read-resource
echo Adding channel-creation-options MAX_OUTBOUND_MESSAGES to ejb3 remote
/subsystem=ejb3/service=remote/channel-creation-options=MAX_OUTBOUND_MESSAGES/:add(value=1234,type=remoting)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=web/local-cache=persistent:read-resource
echo Removing local-cache persistent from web cache-container
/subsystem=infinispan/cache-container=web/local-cache=persistent:remove
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=ejb/local-cache=persistent:read-resource
echo Removing local-cache persistent from ejb cache-container
/subsystem=infinispan/cache-container=ejb/local-cache=persistent:remove
echo
end-if
if (result == local-query) of /subsystem=infinispan/cache-container=hibernate/:read-attribute(name=default-cache)
echo Removing default-cache from hibernate cache-container
/subsystem=infinispan/cache-container=hibernate/:undefine-attribute(name=default-cache)
echo
end-if
if (outcome == failed) of /subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:read-resource
echo Adding http-invoker to default-host
/subsystem=undertow/server=default-server/host=default-host/setting=http-invoker/:add(security-realm=ApplicationRealm)
echo
end-if
if (result == false) of /subsystem=undertow/server=default-server/http-listener=default/:read-attribute(name=enable-http2)
echo Enabling http2 for default http-listener
/subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=enable-http2,value=true)
echo
end-if
if (outcome == failed) of /subsystem=undertow/server=default-server/https-listener=https/:read-resource
echo Adding https-listener
/subsystem=undertow/server=default-server/https-listener=https/:add(socket-binding=https,security-realm=ApplicationRealm,enable-http2=true)
echo
end-if
# Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses...
/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:remove
/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-powered-by-header/:remove
/subsystem=undertow/configuration=filter/response-header=x-powered-by-header/:remove
/subsystem=undertow/configuration=filter/response-header=server-header/:remove
echo
end-if
if (outcome == success) of /subsystem=jdr/:read-resource
echo Removing jdr subsystem and extension
/subsystem=jdr/:remove
/extension=org.jboss.as.jdr/:remove
echo
end-if
if (outcome == success) of /subsystem=jsf/:read-resource
echo Removing jsf subsystem and extension
/subsystem=jsf/:remove
/extension=org.jboss.as.jsf/:remove
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:read-resource
echo Adding local-cache=offlineClientSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=offlineClientSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:read-resource
echo Adding local-cache=clientSessions to keycloak cache container...
/subsystem=infinispan/cache-container=keycloak/local-cache=clientSessions/:add(indexing=NONE,start=LAZY)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=x509cert-lookup/:read-resource
echo Adding spi=x509cert-lookup...
/subsystem=keycloak-server/spi=x509cert-lookup/:add(default-provider=${keycloak.x509cert.lookup.provider:default})
/subsystem=keycloak-server/spi=x509cert-lookup/provider=default/:add(enabled=true)
echo
end-if
# Migrate from 4.2.0 to 4.3.0
if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/:read-resource
echo Adding spi=hostname...
/subsystem=keycloak-server/spi=hostname/:add(default-provider=request)
/subsystem=keycloak-server/spi=hostname/provider=fixed/:add(properties={hostname => "localhost",httpPort => "-1",httpsPort => "-1"},enabled=true)
echo
end-if
# Migrate from 4.3.0 to 4.4.0
if (outcome == failed) of /subsystem=elytron/permission-set=login-permission/:read-resource
echo Adding permission-set=login-permission to elytron
/subsystem=elytron/permission-set=login-permission:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}])
/subsystem=elytron/permission-set=default-permissions/:add(permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:undefine-attribute(name=permission-mappings)
/subsystem=elytron/simple-permission-mapper=default-permission-mapper:write-attribute(name=permission-mappings,value=[{permission-sets=[{permission-set=login-permission},{permission-set=default-permissions}],match-all=true},{permission-sets=[{permission-set=default-permissions}],principals=[anonymous]}])
echo
end-if
if (result == org.hibernate.infinispan) of /subsystem=infinispan/cache-container=hibernate:read-attribute(name=module)
echo Update hibernate cache module
/subsystem=infinispan/cache-container=hibernate:write-attribute(name=module, value=org.infinispan.hibernate-cache)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:read-resource
echo Removing eviction from hibernate entity cache and replacing with object-memory
/subsystem=infinispan/cache-container=hibernate/local-cache=entity/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=hibernate/local-cache=entity/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:read-resource
echo Removing eviction from hibernate local-query cache and replacing with object-memory
/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=hibernate/local-cache=local-query/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:read-resource
echo Removing eviction from keycloak realms cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=realms/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:read-resource
echo Removing eviction from keycloak users cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=users/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=users/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:read-resource
echo Removing eviction from keycloak authorization cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=authorization/memory=object:add(size=10000)
echo
end-if
if (outcome == success) of /subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:read-resource
echo Removing eviction from keycloak keys cache and replacing with object-memory
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:remove
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/memory=object:add(size=1000)
echo
end-if
if (outcome == success) of /subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:read-resource
echo Changing JNDI reference in connectionsInfinispan SPI
/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:undefine-attribute(name=properties)
/subsystem=keycloak-server/spi=connectionsInfinispan/provider=default:write-attribute(name=properties,value={cacheContainer=java:jboss/infinispan/container/keycloak})
echo
end-if
# Migrate from 4.4.0 to 4.5.0
if (outcome == failed) of /subsystem=core-management/:read-resource
echo Adding core-management extension
/extension=org.wildfly.extension.core-management/:add
echo Adding subsystem core-management
/subsystem=core-management/:add
echo
end-if
# Migrate from 4.5.0 to 4.6.0
if (outcome == success) of /subsystem=elytron/http-authentication-factory=application-http-authentication/:read-resource
echo Removing application-http-authentication from elytron subsystem
/subsystem=elytron/http-authentication-factory=application-http-authentication:remove
echo
end-if
if (result == undefined) of /subsystem=transactions/:read-attribute(name=node-identifier,include-defaults=false)
echo Setting node-identifier attribute of core-environment element in transactions subsystem
/subsystem=transactions/:write-attribute(name=node-identifier,value=expression "${jboss.tx.node.id:1}")
echo
end-if
# Migrate from 4.8.3 to 5.0.0
if (outcome == failed) of /subsystem=logging/logger=io.jaegertracing.Configuration/:read-resource
echo Adding io.jaegertracing.Configuration logger
/subsystem=logging/logger=io.jaegertracing.Configuration/:add(category=io.jaegertracing.Configuration,level=WARN)
echo
end-if
# Migrate from 5.0.0 to 6.0.0
if (result == NON_XA) of /subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:read-attribute(name=mode)
echo Removing NON_XA transaction mode from infinispan/hibernate/entity
/subsystem=infinispan/cache-container=hibernate/local-cache=entity/component=transaction/:undefine-attribute(name=mode)
echo
end-if
if (result == false) of /subsystem=datasources/data-source=ExampleDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ExampleDS datasource
/subsystem=datasources/data-source=ExampleDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=datasources/data-source=KeycloakDS/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to KeycloakDS datasource
/subsystem=datasources/data-source=KeycloakDS/:write-attribute(name=statistics-enabled,value=${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=ejb3/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to ejb3 subsystem
/subsystem=ejb3/:write-attribute(name=statistics-enabled,value=${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=transactions/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to transactions subsystem
/subsystem=transactions/:write-attribute(name=statistics-enabled,value=${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=undertow/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to undertow subsystem
/subsystem=undertow/:write-attribute(name=statistics-enabled,value=${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (result == false) of /subsystem=webservices/:read-attribute(name=statistics-enabled)
echo Adding statistics-enabled expression to webservices subsystem
/subsystem=webservices/:write-attribute(name=statistics-enabled,value=${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}})
echo
end-if
if (outcome == failed) of /extension=org.jboss.as.weld/:read-resource
echo Adding weld extension
/extension=org.jboss.as.weld/:add
echo
end-if
if (outcome == failed) of /subsystem=weld/:read-resource
echo Adding weld subsystem
/subsystem=weld/:add
echo
end-if
## KEYCLOAK-16723 / KEYCLOAK-16907:
##
## Loading of MicroProfile SmallRye config, health, and metrics extensions & subsystems got removed
## as part of upgrading to Wildfly 22. See [WFLY-14203], [WFLY-14151], and [WFLY-14108] for details
# Migrate from 6.0.1 to 7.0.0
if (outcome == success) of /subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:read-resource
echo Removing READ_TIMEOUT option from remote service from ejb3 subsystem
/subsystem=ejb3/service=remote/channel-creation-options=READ_TIMEOUT/:remove
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache=routing:read-resource
echo Adding local cache routing to web cache container to infinispan subsystem
/subsystem=infinispan/cache-container=web/local-cache=routing/:add
echo
end-if
if (outcome == failed) of /subsystem=infinispan/cache-container=web/local-cache=sso:read-resource
echo Adding local cache sso to web cache container to infinispan subsystem
/subsystem=infinispan/cache-container=web/local-cache=sso/:add
/subsystem=infinispan/cache-container=web/local-cache=sso/component=locking/:add(isolation=REPEATABLE_READ)
/subsystem=infinispan/cache-container=web/local-cache=sso/component=transaction/:add(mode=BATCH)
echo
end-if
if (result == "true") of /subsystem=keycloak-server/spi=truststore/provider=file:map-get(name=properties, key=disabled)
echo Disabling Truststore Provider
/subsystem=keycloak-server/spi=truststore/provider=file:write-attribute(name=enabled, value=false)
echo Removing deprecated option
/subsystem=keycloak-server/spi=truststore/provider=file:map-remove(name=properties, key=disabled)
echo
end-if
# Migrate from 7.0.0 to 8.0.0
if ((result.time == 100L) && (result.unit == MILLISECONDS)) of /subsystem=ejb3/thread-pool=default:read-attribute(name=keepalive-time)
echo Changing thread pool keepalive of ejb3 subsystem
/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.time, value=60)
/subsystem=ejb3/thread-pool=default:write-attribute(name=keepalive-time.unit,value=SECONDS)
echo
end-if
if (outcome == failed) of /subsystem=keycloak-server/spi=hostname/provider=default/:read-resource
echo Adding default hostname provider
/subsystem=keycloak-server/spi=hostname/provider=default/:add(properties={frontendUrl => "${keycloak.frontendUrl:}",forceBackendUrlToFrontendUrl => "false"},enabled=true)
end-if
if (result == request) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
echo Switching from request to default hostname provider
/subsystem=keycloak-server/spi=hostname/:write-attribute(name=default-provider,value=default)
end-if
if (result != fixed) of /subsystem=keycloak-server/spi=hostname/:read-attribute(name=default-provider)
try
/subsystem=keycloak-server/spi=hostname/provider=fixed:remove
echo Removed config for unused fixed hostname provider
catch
end-try
end-if
# Migrate from 10.0.2 to 11.0.0 (migration changes for infinispan update from 9.4.18.Final to 10.1.8.Final)
if (result != org.keycloak.keycloak-model-infinispan) of /subsystem=infinispan/cache-container=keycloak:read-attribute(name=module)
echo Setting class loader for keycloak cache-container so JBoss Marshalling works properly with Infinispan 10.x
/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module,value=org.keycloak.keycloak-model-infinispan)
echo
end-if
# Migrate from 11.0.0 to 12.0.0
if (result != expression "${jboss.mail.server.host:localhost}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=host)
echo Adding host expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=host, value=expression "${jboss.mail.server.host:localhost}")
echo
end-if
if (result != expression "${jboss.mail.server.port:25}") of /socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:read-attribute(name=port)
echo Adding port expression to the SMTP configuration of a remote destination outbound socket binding in the mail subsystem
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=mail-smtp:write-attribute(name=port, value=expression "${jboss.mail.server.port:25}")
echo
end-if
# Migrate from 12.0.0 to 13.0.0
## KEYCLOAK-16723 / KEYCLOAK-16907:
##
## Based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] remove MicroProfile SmallRye config, health, and metrics if present
if (outcome == success) of /subsystem=microprofile-config-smallrye/:read-resource
echo Removing microprofile-config-smallrye subsystem...
/subsystem=microprofile-config-smallrye/:remove
echo
end-if
if (outcome == success) of /extension=org.wildfly.extension.microprofile.config-smallrye/:read-resource
echo Removing microprofile.config-smallrye extension...
/extension=org.wildfly.extension.microprofile.config-smallrye/:remove
echo
end-if
if (outcome == success) of /subsystem=microprofile-health-smallrye/:read-resource
echo Removing microprofile-health-smallrye subsystem...
/subsystem=microprofile-health-smallrye/:remove
echo
end-if
if (outcome == success) of /extension=org.wildfly.extension.microprofile.health-smallrye/:read-resource
echo Removing microprofile.health-smallrye extension...
/extension=org.wildfly.extension.microprofile.health-smallrye/:remove
echo
end-if
if (outcome == success) of /subsystem=microprofile-metrics-smallrye/:read-resource
echo Removing microprofile-metrics-smallrye subsystem...
/subsystem=microprofile-metrics-smallrye/:remove
echo
end-if
if (outcome == success) of /extension=org.wildfly.extension.microprofile.metrics-smallrye/:read-resource
echo Removing microprofile.metrics-smallrye extension...
/extension=org.wildfly.extension.microprofile.metrics-smallrye/:remove
echo
end-if
## Yet based on [WFLY-14203], [WFLY-14151], and [WFLY-14108] load
## org.wildfly.extension.health/org.wildfly.extension.metrics extensions & subsystems instead
if (outcome == failed) of /extension=org.wildfly.extension.health:read-resource
echo Adding WildFly extension for health...
/extension=org.wildfly.extension.health:add(module=org.wildfly.extension.health)
echo
end-if
if (outcome == failed) of /subsystem=health:read-resource
echo Adding Wildfly subsystem for health...
/subsystem=health:add(security-enabled=false)
echo
end-if
if (outcome == failed) of /extension=org.wildfly.extension.metrics:read-resource
echo Adding Wildfly extension for base metrics...
/extension=org.wildfly.extension.metrics:add(module=org.wildfly.extension.metrics)
echo
end-if
if (outcome == failed) of /subsystem=metrics:read-resource
echo Adding Wildfly subsystem for base metrics...
/subsystem=metrics:add(exposed-subsystems=[*],security-enabled=false)
echo
end-if
if (result == "Keycloak") of :read-attribute(name=product-name)
echo Adding base metrics subsystem prefix to Keycloak...
/subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:wildfly})
echo
else
echo Adding base metrics subsystem prefix to RH-SSO...
/subsystem=metrics:write-attribute(name=prefix,value=${wildfly.metrics.prefix:jboss})
echo
end-if
## Add ability to make use of automatically generated self-signed certificate with Elytron,
## introduced by WFCORE-5095 in Wildfly Core 14.0.0.Final
if (outcome == failed) of /subsystem=elytron/key-store=applicationKS:read-resource
echo Adding key store for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},type=JKS)
/subsystem=elytron/key-store=applicationKS:write-attribute(name=path,value=application.keystore)
/subsystem=elytron/key-store=applicationKS:write-attribute(name=relative-to,value=jboss.server.config.dir)
echo
end-if
if (outcome == failed) of /subsystem=elytron/key-manager=applicationKM:read-resource
echo Adding key manager for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, credential-reference={clear-text=password})
/subsystem=elytron/key-manager=applicationKM:write-attribute(name=generate-self-signed-certificate-host,value=localhost)
echo
end-if
if (outcome == failed) of /subsystem=elytron/server-ssl-context=applicationSSC:read-resource
echo Adding SSL context for the feature of auto-generation of self-signed certificate to Elytron subsystem...
/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-executor-service' from INT to LONG
if (result == 0) of /subsystem=ee/managed-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed executor service to default value (0 miliseconds)
/subsystem=ee/managed-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Convert type of 'hung-task-termination-period' attribute for 'managed-scheduled-executor-service' from INT to LONG
if (result == 0) of /subsystem=ee/managed-scheduled-executor-service=default:read-attribute(name=hung-task-termination-period)
echo Setting period for automatic termination of hung tasks for managed scheduled executor service to default value (0 miliseconds)
/subsystem=ee/managed-scheduled-executor-service=default:write-attribute(name=hung-task-termination-period,value=0L)
echo
end-if
## Set value of JPA default-datasource from empty string to 'undefined'
if (outcome == success) && (result == "") of /subsystem=jpa:read-attribute(name=default-datasource)
echo Setting value of to default-datasource attribute in JPA subsystem to 'undefined'
/subsystem=jpa:undefine-attribute(name=default-datasource)
echo
end-if
echo *** End Migration ***

View file

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View file

@ -0,0 +1,22 @@
table {
border-collapse: collapse;
}
table, th, td {
border: 1px solid navy;
}
th {
text-align: left;
background-color: #BCC6CC;
}
th, td {
padding: 2px;
text-align: left;
}
tr:nth-child(even) {
background-color: #f2f2f2;
}

View file

@ -0,0 +1,71 @@
<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="html" encoding="utf-8" standalone="no" media-type="text/html" />
<xsl:param name="version"/>
<xsl:param name="product.release.name"/>
<xsl:variable name="lowercase" select="'abcdefghijklmnopqrstuvwxyz '" />
<xsl:variable name="uppercase" select="'ABCDEFGHIJKLMNOPQRSTUVWXYZ!'" />
<xsl:template match="/">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="stylesheet" type="text/css" href="licenses.css"/>
</head>
<body>
<h2><xsl:value-of select="$product.release.name"/><xsl:text> </xsl:text><xsl:value-of select="substring-before($version, '-')"/> - Servlet Feature Pack</h2>
<p>The following material has been provided for informational purposes only, and should not be relied upon or construed as a legal opinion or legal advice.</p>
<!-- Read matching templates -->
<table>
<tr>
<th>Package Group</th>
<th>Package Artifact</th>
<th>Package Version</th>
<th>Remote Licenses</th>
<th>Local Licenses</th>
</tr>
<xsl:for-each select="licenseSummary/dependencies/dependency">
<xsl:sort select="concat(groupId, '.', artifactId)"/>
<tr>
<td><xsl:value-of select="groupId"/></td>
<td><xsl:value-of select="artifactId"/></td>
<td><xsl:value-of select="version"/></td>
<td>
<xsl:for-each select="licenses/license">
<a href="{./url}"><xsl:value-of select="name"/></a><br/>
</xsl:for-each>
</td>
<td>
<xsl:for-each select="licenses/license">
<xsl:variable name="filename">
<xsl:call-template name="remap-local-filename">
<xsl:with-param name="name" select="name" />
</xsl:call-template>
</xsl:variable>
<a href="{$filename}"><xsl:value-of select="$filename"/></a><br/>
</xsl:for-each>
</td>
</tr>
</xsl:for-each>
</table>
</body>
</html>
</xsl:template>
<xsl:template name="remap-local-filename">
<xsl:param name="name"/>
<xsl:choose>
<xsl:when test="$name = 'GNU General Public License v2.0 only'">
<xsl:text>gnu general public license v2.0 only.html</xsl:text>
</xsl:when>
<xsl:when test="$name = ''">
<xsl:text>.html</xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="concat(translate($name, $uppercase, $lowercase), '.txt')"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>

View file

@ -0,0 +1,47 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="domain-keycloak-clustered" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="domain-interfaces">
<exclude feature-id="domain.interface:interface=unsecure"/>
</feature-group>
<feature spec="domain.socket-binding-group">
<param name="socket-binding-group" value="ha-sockets"/>
<param name="default-interface" value="public" />
<feature-group name="domain-sockets"/>
<feature-group name="domain-ha-sockets"/>
<feature-group name="domain-mail-sockets"/>
<feature-group name="domain-transactions-sockets"/>
<feature-group name="domain-server-groups"/>
</feature>
<feature spec="profile">
<param name="profile" value="auth-server-clustered"/>
<feature-group name="domain-ha-profile">
<exclude spec="subsystem.sar"/>
<exclude spec="subsystem.jdr"/>
<exclude spec="subsystem.jsf"/>
<exclude spec="subsystem.pojo"/>
<exclude spec="subsystem.webservices"/>
<exclude spec="subsystem.batch-jberet"/>
<exclude spec="subsystem.distributable-web"/>
<exclude spec="subsystem.discovery"/>
<exclude spec="subsystem.ee-security"/>
<exclude spec="subsystem.resource-adapters"/>
<exclude spec="subsystem.singleton"/>
<exclude spec="subsystem.weld"/>
</feature-group>
<feature-group name="keycloak-server-subsystem"/>
<feature-group name="datasources">
<feature-group name="keycloak-datasource"/>
</feature-group>
<feature-group name="infinispan-dist-keycloak"/>
</feature>
<feature spec="domain.system-property">
<param name="system-property" value="java.net.preferIPv4Stack"/>
<param name="value" value="true"/>
</feature>
<feature-group name="access-control"/>
</feature-group-spec>

View file

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="domain-keycloak-standalone" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="domain-interfaces">
<exclude feature-id="domain.interface:interface=unsecure"/>
</feature-group>
<feature spec="domain.interface">
<param name="interface" value="private"/>
<param name="inet-address" value="${jboss.bind.address.private:127.0.0.1}"/>
</feature>
<feature spec="domain.socket-binding-group">
<param name="socket-binding-group" value="standard-sockets" />
<param name="default-interface" value="public" />
<feature-group name="domain-sockets"/>
<feature-group name="domain-transactions-sockets"/>
<feature-group name="domain-mail-sockets"/>
</feature>
<feature spec="profile">
<param name="profile" value="auth-server-standalone"/>
<feature-group name="domain-profile">
<exclude spec="subsystem.sar"/>
<exclude spec="subsystem.jdr"/>
<exclude spec="subsystem.jsf"/>
<exclude spec="subsystem.pojo"/>
<exclude spec="subsystem.webservices"/>
<exclude spec="subsystem.batch-jberet"/>
<exclude spec="subsystem.distributable-web"/>
<exclude spec="subsystem.discovery"/>
<exclude spec="subsystem.ee-security"/>
<exclude spec="subsystem.resource-adapters"/>
<exclude spec="subsystem.weld"/>
</feature-group>
<feature-group name="keycloak-server-subsystem"/>
<feature-group name="datasources">
<feature-group name="keycloak-datasource"/>
</feature-group>
<feature-group name="infinispan-local"/>
</feature>
<feature spec="domain.system-property">
<param name="system-property" value="java.net.preferIPv4Stack"/>
<param name="value" value="true"/>
</feature>
<feature-group name="access-control"/>
</feature-group-spec>

View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="domain-server-groups-keycloak" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="domain.server-group">
<param name="server-group" value="auth-server-group"/>
<param name="profile" value="auth-server-standalone" />
<param name="socket-binding-group" value="standard-sockets" />
<param name="socket-binding-default-interface" value="public"/>
<feature spec="domain.server-group.jvm">
<param name="jvm" value="default"/>
<param name="heap-size" value="64m"/>
<param name="max-heap-size" value="512m"/>
</feature>
</feature>
<feature spec="domain.server-group">
<param name="server-group" value="auth-server-group"/>
<param name="profile" value="auth-server-clustered" />
<param name="socket-binding-group" value="ha-sockets" />
<param name="socket-binding-default-interface" value="public"/>
<feature spec="domain.server-group.jvm">
<param name="jvm" value="default"/>
<param name="heap-size" value="64m"/>
<param name="max-heap-size" value="512m"/>
</feature>
</feature>
<feature spec="domain.server-group">
<param name="server-group" value="load-balancer-group"/>
<param name="profile" value="load-balancer" />
<param name="socket-binding-group" value="load-balancer-sockets" />
<param name="socket-binding-default-interface" value="public"/>
<feature spec="domain.server-group.jvm">
<param name="jvm" value="default"/>
<param name="heap-size" value="64m"/>
<param name="max-heap-size" value="512m"/>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="host-master" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="servlet-host-master">
<exclude spec="host.server-config"/>
</feature-group>
<feature spec="host">
<param name="host" value="master"/>
<feature spec="host.interface">
<param name="interface" value="public"/>
<param name="inet-address" value="${jboss.bind.address:127.0.0.1}"/>
</feature>
<feature spec="host.jvm">
<param name="jvm" value="default"/>
<param name="jvm-options" value="[&quot;-server&quot;,&quot;-XX:MetaspaceSize=96m&quot;,&quot;-XX:MaxMetaspaceSize=256m&quot;]"/>
</feature>
<feature spec="host.server-config">
<param name="server-config" value="load-balancer"/>
<param name="group" value="load-balancer-group"/>
<feature spec="host.server-config.jvm">
<param name="jvm" value="default"/>
</feature>
</feature>
<feature spec="host.server-config">
<param name="server-config" value="server-one"/>
<param name="group" value="auth-server-group"/>
<param name="auto-start" value="true"/>
<param name="socket-binding-port-offset" value="150"/>
<feature spec="host.server-config.jvm">
<param name="jvm" value="default"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="host-slave" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="servlet-host-slave">
<exclude feature-id="host.interface:host=slave,interface=unsecure"/>
<exclude feature-id="host.interface:host=slave,interface=private"/>
<exclude spec="host.server-config"/>
</feature-group>
<feature spec="host">
<param name="host" value="slave"/>
<feature spec="host.interface">
<param name="interface" value="public"/>
<param name="inet-address" value="${jboss.bind.address:127.0.0.1}"/>
</feature>
<feature spec="host.jvm">
<param name="jvm" value="default"/>
<param name="jvm-options" value="[&quot;-server&quot;,&quot;-XX:MetaspaceSize=96m&quot;,&quot;-XX:MaxMetaspaceSize=256m&quot;]"/>
</feature>
<feature spec="host.server-config">
<param name="server-config" value="server-two"/>
<param name="group" value="auth-server-group"/>
<param name="auto-start" value="true"/>
<param name="socket-binding-port-offset" value="250"/>
<feature spec="host.server-config.jvm">
<param name="jvm" value="default"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="host" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="servlet-host">
<exclude feature-id="host.interface:host=master,interface=unsecure"/>
<exclude feature-id="host.interface:host=master,interface=private"/>
<exclude spec="host.server-config"/>
</feature-group>
<feature spec="host">
<param name="host" value="master"/>
<feature spec="host.interface">
<param name="interface" value="public"/>
<param name="inet-address" value="${jboss.bind.address:127.0.0.1}"/>
</feature>
<feature spec="host.jvm">
<param name="jvm" value="default"/>
<param name="jvm-options" value="[&quot;-server&quot;,&quot;-XX:MetaspaceSize=96m&quot;,&quot;-XX:MaxMetaspaceSize=256m&quot;]"/>
</feature>
<feature spec="host.server-config">
<param name="server-config" value="load-balancer"/>
<param name="group" value="load-balancer-group"/>
<feature spec="host.server-config.jvm">
<param name="jvm" value="default"/>
</feature>
</feature>
<feature spec="host.server-config">
<param name="server-config" value="server-one"/>
<param name="group" value="auth-server-group"/>
<param name="auto-start" value="true"/>
<param name="socket-binding-port-offset" value="150"/>
<feature spec="host.server-config.jvm">
<param name="jvm" value="default"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-dist-ejb" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="ejb"/>
<param name="modules" value="[org.wildfly.clustering.ejb.infinispan]"/>
<param name="default-cache" value="dist"/>
<param name="aliases" value="[sfsb]"/>
<feature spec="subsystem.infinispan.cache-container.transport.jgroups">
<param name="lock-timeout" value="60000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="dist"/>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.component.locking">
<param name="isolation" value="REPEATABLE_READ"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.store.file">
<unset param="relative-to"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-dist-hibernate" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="hibernate"/>
<param name="modules" value="[org.infinispan.hibernate-cache]"/>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="local-query"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
<param name="max-idle" value="100000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.transport.jgroups">
<param name="lock-timeout" value="60000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.replicated-cache">
<param name="replicated-cache" value="timestamps"/>
<param name="mode" value="ASYNC"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.invalidation-cache">
<param name="invalidation-cache" value="entity"/>
<feature spec="subsystem.infinispan.cache-container.invalidation-cache.component.transaction">
<param name="mode" value="NON_XA"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.invalidation-cache.component.expiration">
<param name="max-idle" value="100000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.invalidation-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-dist-keycloak" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="keycloak"/>
<param name="modules" value="[org.keycloak.keycloak-model-infinispan]"/>
<feature spec="subsystem.infinispan.cache-container.transport.jgroups">
<param name="lock-timeout" value="60000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="realms"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="users"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="sessions"/>
<param name="owners" value="1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="authenticationSessions"/>
<param name="owners" value="1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="offlineSessions"/>
<param name="owners" value="1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="clientSessions"/>
<param name="owners" value="1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="offlineClientSessions"/>
<param name="owners" value="1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="loginFailures"/>
<param name="owners" value="1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="authorization"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.replicated-cache">
<param name="replicated-cache" value="work"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="keys"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="1000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
<param name="max-idle" value="3600000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="actionTokens"/>
<param name="owners" value="2"/>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.memory.heap">
<param name="size" value="-1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.component.expiration">
<param name="max-idle" value="-1"/>
<param name="interval" value="300000"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-dist-server" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="server"/>
<param name="modules" value="[org.wildfly.clustering.server]"/>
<param name="default-cache" value="default"/>
<param name="aliases" value="[singleton, cluster]"/>
<feature spec="subsystem.infinispan.cache-container.transport.jgroups">
<param name="lock-timeout" value="60000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.replicated-cache">
<param name="replicated-cache" value="default"/>
<feature spec="subsystem.infinispan.cache-container.replicated-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-dist-web" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="web"/>
<param name="modules" value="[org.wildfly.clustering.web.infinispan]"/>
<param name="default-cache" value="dist"/>
<feature spec="subsystem.infinispan.cache-container.transport.jgroups">
<param name="transport" value="jgroups"/>
<param name="lock-timeout" value="60000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="dist"/>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.component.locking">
<param name="isolation" value="REPEATABLE_READ"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache.store.file">
<unset param="relative-to"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.replicated-cache">
<param name="replicated-cache" value="sso"/>
<feature spec="subsystem.infinispan.cache-container.replicated-cache.component.locking">
<param name="isolation" value="REPEATABLE_READ"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.replicated-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.distributed-cache">
<param name="distributed-cache" value="routing"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-dist" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="infinispan-dist-keycloak"/>
<feature-group name="infinispan-dist-server"/>
<feature-group name="infinispan-dist-web"/>
<feature-group name="infinispan-dist-ejb"/>
<feature-group name="infinispan-dist-hibernate"/>
</feature-group-spec>

View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-local-ejb" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="ejb"/>
<param name="modules" value="[org.wildfly.clustering.ejb.infinispan]"/>
<param name="aliases" value="[sfsb]"/>
<param name="default-cache" value="passivation"/>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="passivation"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.locking">
<param name="isolation" value="REPEATABLE_READ"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.store.file">
<param name="passivation" value="true"/>
<param name="purge" value="false"/>
<unset param="relative-to"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-local-hibernate" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="hibernate"/>
<param name="modules" value="[org.infinispan.hibernate-cache]"/>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="entity"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
<param name="max-idle" value="100000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="local-query"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
<param name="max-idle" value="100000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="timestamps"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-local-keycloak" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="keycloak"/>
<param name="modules" value="[org.keycloak.keycloak-model-infinispan]"/>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="realms"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="users"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="sessions"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="authenticationSessions"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="offlineSessions"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="clientSessions"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="offlineClientSessions"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="loginFailures"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="work"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="authorization"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="10000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="keys"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="1000"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
<param name="max-idle" value="3600000"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="actionTokens"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.memory.heap">
<param name="size" value="-1"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.expiration">
<param name="max-idle" value="-1"/>
<param name="interval" value="300000"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-local-server" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="server"/>
<param name="modules" value="[org.wildfly.clustering.server]"/>
<param name="default-cache" value="default"/>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="default"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-local-web" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.infinispan">
<feature spec="subsystem.infinispan.cache-container">
<param name="cache-container" value="web"/>
<param name="modules" value="[org.wildfly.clustering.web.infinispan]"/>
<param name="default-cache" value="passivation"/>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="passivation"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.locking">
<param name="isolation" value="REPEATABLE_READ"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.store.file">
<param name="passivation" value="true"/>
<param name="purge" value="false"/>
<unset param="relative-to"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="sso"/>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.locking">
<param name="isolation" value="REPEATABLE_READ"/>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache.component.transaction">
<param name="mode" value="BATCH"/>
</feature>
</feature>
<feature spec="subsystem.infinispan.cache-container.local-cache">
<param name="local-cache" value="routing"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="infinispan-local" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature-group name="infinispan-local-keycloak"/>
<feature-group name="infinispan-local-server"/>
<feature-group name="infinispan-local-web"/>
<feature-group name="infinispan-local-ejb"/>
<feature-group name="infinispan-local-hibernate"/>
</feature-group-spec>

View file

@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="keycloak-datasource" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.datasources">
<feature spec="subsystem.datasources.data-source">
<param name="data-source" value="KeycloakDS"/>
<param name="enabled" value="true"/>
<param name="use-java-context" value="true"/>
<param name="jndi-name" value="java:jboss/datasources/KeycloakDS"/>
<param name="data-source" value="KeycloakDS"/>
<param name="connection-url" value="&quot;jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE&quot;"/>
<param name="driver-name" value="h2"/>
<param name="user-name" value="sa"/>
<param name="password" value="sa"/>
<param name="statistics-enabled" value="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}" />
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,124 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2021 Red Hat, Inc.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
IMPORTANT NOTE: Content of this file is based on wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
!!! Both of them need to be in sync !!!
-->
<feature-group-spec name="keycloak-server-subsystem" xmlns="urn:jboss:galleon:feature-group:1.0">
<feature spec="subsystem.keycloak-server">
<param name="web-context" value="auth"/>
<param name="providers" value="[classpath:${jboss.home.dir}/providers/*]"/>
<param name="master-realm-name" value="master"/>
<param name="scheduled-task-interval" value="900"/>
<feature spec="subsystem.keycloak-server.theme">
<param name="theme" value="defaults"/>
<param name="staticMaxAge" value="2592000"/>
<param name="cacheThemes" value="true"/>
<param name="cacheTemplates" value="true"/>
<param name="dir" value="${jboss.home.dir}/themes"/>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="eventsStore"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="jpa"/>
<param name="enabled" value="true"/>
<param name="properties" value="{exclude-events=&quot;[\&quot;REFRESH_TOKEN\&quot;]&quot;}"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="userCache"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="userSessionPersister"/>
<param name="default-provider" value="jpa"/>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="timer"/>
<param name="default-provider" value="basic"/>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="connectionsHttpClient"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="connectionsJpa"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
<param name="properties" value="{[dataSource=&quot;java:jboss/datasources/KeycloakDS&quot;,initializeEmpty=&quot;true&quot;,migrationStrategy=&quot;update&quot;,migrationExport=&quot;${jboss.home.dir}/keycloak-database-update.sql&quot;]}"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="realmCache"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="connectionsInfinispan"/>
<param name="default-provider" value="default"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
<param name="properties" value="{cacheContainer=&quot;java:jboss/infinispan/container/keycloak&quot;}"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="jta-lookup"/>
<param name="default-provider" value="${keycloak.jta.lookup.provider:jboss}"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="jboss"/>
<param name="enabled" value="true"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="publicKeyStorage"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="infinispan"/>
<param name="enabled" value="true"/>
<param name="properties" value="{minTimeBetweenRequests=&quot;10&quot;}"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="x509cert-lookup"/>
<param name="default-provider" value="${keycloak.x509cert.lookup.provider:default}"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
</feature>
</feature>
<feature spec="subsystem.keycloak-server.spi">
<param name="spi" value="hostname"/>
<param name="default-provider" value="default"/>
<feature spec="subsystem.keycloak-server.spi.provider">
<param name="provider" value="default"/>
<param name="enabled" value="true"/>
<param name="properties" value="{[frontendUrl=&quot;${keycloak.frontendUrl:}&quot;,forceBackendUrlToFrontendUrl=&quot;false&quot;]}"/>
</feature>
</feature>
</feature>
</feature-group-spec>

View file

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="standalone-ha" xmlns="urn:jboss:galleon:feature-group:1.0">
<origin name="org.wildfly:wildfly-ee-galleon-pack">
<feature-group name="standalone-ha">
<exclude spec="subsystem.sar"/>
<exclude spec="subsystem.jdr"/>
<exclude spec="subsystem.jsf"/>
<exclude spec="subsystem.pojo"/>
<exclude spec="subsystem.webservices"/>
<exclude spec="subsystem.batch-jberet"/>
<exclude spec="subsystem.distributable-web"/>
<exclude spec="subsystem.discovery"/>
<exclude spec="subsystem.ee-security"/>
<exclude spec="subsystem.resource-adapters"/>
<exclude spec="subsystem.infinispan"/>
<exclude spec="subsystem.singleton"/>
</feature-group>
<feature-group name="deployment-scanner"/>
<feature-group name="ee">
<feature spec="subsystem.ee">
<feature spec="subsystem.ee.context-service">
<param name="context-service" value="default"/>
<param name="jndi-name" value="java:jboss/ee/concurrency/context/default"/>
<param name="use-transaction-setup-provider" value="true"/>
</feature>
</feature>
</feature-group>
<feature-group name="ejb3"/>
<feature-group name="health"/>
<feature-group name="io"/>
<feature-group name="jaxrs"/>
<feature-group name="jca"/>
<feature-group name="logging"/>
<feature-group name="jgroups"/>
</origin>
<feature-group name="keycloak-server-subsystem"/>
<feature-group name="datasources">
<feature-group name="keycloak-datasource"/>
</feature-group>
<feature-group name="infinispan-dist"/>
</feature-group-spec>

View file

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<feature-group-spec name="standalone" xmlns="urn:jboss:galleon:feature-group:1.0">
<origin name="org.wildfly:wildfly-ee-galleon-pack">
<feature-group name="standalone">
<exclude spec="subsystem.sar"/>
<exclude spec="subsystem.jdr"/>
<exclude spec="subsystem.jsf"/>
<exclude spec="subsystem.pojo"/>
<exclude spec="subsystem.webservices"/>
<exclude spec="subsystem.batch-jberet"/>
<exclude spec="subsystem.distributable-web"/>
<exclude spec="subsystem.discovery"/>
<exclude spec="subsystem.ee-security"/>
<exclude spec="subsystem.resource-adapters"/>
<exclude spec="subsystem.infinispan"/>
</feature-group>
<feature-group name="deployment-scanner"/>
<feature-group name="ee">
<feature spec="subsystem.ee">
<feature spec="subsystem.ee.context-service">
<param name="context-service" value="default"/>
<param name="jndi-name" value="java:jboss/ee/concurrency/context/default"/>
<param name="use-transaction-setup-provider" value="true"/>
</feature>
</feature>
</feature-group>
<feature-group name="ejb3"/>
<feature-group name="health"/>
<feature-group name="io"/>
<feature-group name="jaxrs"/>
<feature-group name="jca"/>
<feature-group name="logging"/>
</origin>
<feature-group name="keycloak-server-subsystem"/>
<feature-group name="datasources">
<feature-group name="keycloak-datasource"/>
</feature-group>
<feature-group name="infinispan-local"/>
</feature-group-spec>

View file

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2021 Red Hat, Inc.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<layer-spec xmlns="urn:jboss:galleon:layer-spec:1.0" name="keycloak">
<feature spec="subsystem.keycloak-server"/>
</layer-spec>

View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.fasterxml.jackson.dataformat.jackson-dataformat-cbor">
<resources>
<artifact name="${com.fasterxml.jackson.dataformat:jackson-dataformat-cbor}"/>
</resources>
<dependencies>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
</dependencies>
</module>

View file

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.github.ua-parser">
<resources>
<artifact name="${com.github.ua-parser:uap-java}"/>
</resources>
<dependencies>
<module name="org.yaml.snakeyaml"/>
</dependencies>
</module>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.google.zxing.core">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${com.google.zxing:core}"/>
</resources>
<dependencies>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.google.zxing.javase">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${com.google.zxing:javase}"/>
</resources>
<dependencies>
<module name="com.google.zxing.core"/>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2018 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.googlecode.owasp-java-html-sanitizer">
<resources>
<artifact name="${com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer}"/>
</resources>
<dependencies>
<module name="com.google.guava"/>
</dependencies>
</module>

View file

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ * Copyright 2018 Red Hat, Inc. and/or its affiliates
~ * and other contributors as indicated by the @author tags.
~ *
~ * Licensed under the Apache License, Version 2.0 (the "License");
~ * you may not use this file except in compliance with the License.
~ * You may obtain a copy of the License at
~ *
~ * http://www.apache.org/licenses/LICENSE-2.0
~ *
~ * Unless required by applicable law or agreed to in writing, software
~ * distributed under the License is distributed on an "AS IS" BASIS,
~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ * See the License for the specific language governing permissions and
~ * limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.openshift.openshift-restclient-java">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${com.openshift:openshift-restclient-java}"/>
</resources>
<dependencies>
<module name="com.squareup.okhttp3"/>
<module name="org.apache.commons.lang"/>
<module name="org.jboss.dmr"/>
<module name="org.apache.log4j"/>
<module name="org.slf4j"/>
</dependencies>
</module>

View file

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.webauthn4j.webauthn4j-core">
<resources>
<artifact name="${com.webauthn4j:webauthn4j-core}"/>
</resources>
<dependencies>
<module name="org.slf4j"/>
<module name="org.apache.kerby.kerby-asn1"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.dataformat.jackson-dataformat-cbor"/>
<module name="com.webauthn4j.webauthn4j-util"/>
</dependencies>
</module>

View file

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="com.webauthn4j.webauthn4j-util">
<resources>
<artifact name="${com.webauthn4j:webauthn4j-util}"/>
</resources>
<dependencies>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.dataformat.jackson-dataformat-cbor"/>
</dependencies>
</module>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.apache.commons.lang">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${commons-lang:commons-lang}"/>
</resources>
<dependencies>
</dependencies>
</module>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.apache.commons.lang3">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.apache.commons:commons-lang3}"/>
</resources>
<dependencies>
</dependencies>
</module>

View file

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.apache.kerby.kerby-asn1">
<resources>
<artifact name="${org.apache.kerby:kerby-asn1}"/>
</resources>
</module>

View file

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.freemarker">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.freemarker:freemarker}"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.apache.log4j"/>
</dependencies>
</module>

View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2020 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
-->
<module xmlns="urn:jboss:module:1.3" name="org.infinispan.jboss-marshalling">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.infinispan:infinispan-jboss-marshalling}"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="com.github.ben-manes.caffeine"/>
<module name="org.infinispan"/>
<module name="org.infinispan.commons"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.marshalling"/>
<module name="org.jboss.marshalling.river"/>
</dependencies>
</module>

View file

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2021 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
-->
<module name="org.jboss.marshalling" xmlns="urn:jboss:module:1.9">
<resources>
<artifact name="${org.jboss.marshalling:jboss-marshalling}"/>
</resources>
<dependencies>
<module name="jdk.unsupported"/>
<module name="org.jboss.modules"/>
<module name="org.jboss.marshalling.river" services="import"/>
</dependencies>
</module>

View file

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2021 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
-->
<module name="org.jboss.marshalling.river" xmlns="urn:jboss:module:1.9">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.jboss.marshalling:jboss-marshalling-river}"/>
</resources>
<dependencies>
<module name="jdk.unsupported"/>
<module name="org.jboss.marshalling"/>
</dependencies>
</module>

View file

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
~
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-authz-policy-common">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-authz-policy-common}"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.ws.rs.api"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-services"/>
</dependencies>
</module>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-common">
<resources>
<artifact name="${org.keycloak:keycloak-common}"/>
</resources>
<dependencies>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.activation.api"/>
<module name="org.jboss.logging"/>
<module name="sun.jdk" optional="true" />
</dependencies>
</module>

View file

@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-core">
<resources>
<artifact name="${org.keycloak:keycloak-core}"/>
</resources>
<dependencies>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.bouncycastle" />
<module name="org.jboss.logging"/>
<module name="javax.api"/>
<module name="javax.activation.api"/>
<module name="sun.jdk" optional="true" />
</dependencies>
</module>

View file

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-js-adapter">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-js-adapter}"/>
</resources>
</module>

View file

@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-kerberos-federation">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-kerberos-federation}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="javax.ws.rs.api"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="org.jboss.logging"/>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-ldap-federation">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-ldap-federation}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-kerberos-federation"/>
<module name="javax.ws.rs.api"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="org.jboss.logging"/>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-infinispan">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-model-infinispan}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-wildfly-extensions" export="true" services="import"/>
<module name="org.infinispan"/>
<module name="org.infinispan.commons"/>
<module name="org.infinispan.persistence.remote"/>
<module name="org.infinispan.client.hotrod"/>
<module name="org.infinispan.jboss-marshalling"/>
<module name="org.jgroups"/>
<module name="org.jboss.logging"/>
<module name="org.wildfly.clustering.marshalling.api"/>
<module name="io.netty"/>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-jpa">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-model-jpa}"/>
</resources>
<dependencies>
<module name="javax.transaction.api"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="javax.persistence.api"/>
<module name="org.jboss.logging"/>
<module name="org.liquibase"/>
<module name="org.javassist"/>
<module name="org.hibernate" services="import"/>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
</dependencies>
</module>

View file

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2021 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-map">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-model-map}"/>
</resources>
<dependencies>
<module name="javax.transaction.api"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.jboss.logging"/>
<module name="org.javassist"/>
<module name="javax.api"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.datatype.jackson-datatype-jdk8"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
</dependencies>
</module>

View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-saml-core-public">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-saml-core-public}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.apache.santuario.xmlsec">
<imports>
<exclude path="javax/*"/>
</imports>
</module>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-saml-core">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-saml-core}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-saml-core-public"/>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.apache.santuario.xmlsec">
<imports>
<exclude path="javax/*"/>
</imports>
</module>
<module name="javax.api"/>
<module name="javax.xml.bind.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,44 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-server-spi-private">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-server-spi-private}"/>
</resources>
<dependencies>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.ws.rs.api"/>
<module name="org.apache.httpcomponents"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="javax.transaction.api"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.google.guava"/>
<module name="com.github.ua-parser" export="true"/>
</dependencies>
</module>

View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-server-spi">
<resources>
<artifact name="${org.keycloak:keycloak-server-spi}"/>
</resources>
<dependencies>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.ws.rs.api"/>
<module name="org.apache.httpcomponents"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="javax.transaction.api"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
</dependencies>
</module>

View file

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem.dependencies">
<resources>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-services" export="true"/>
<module name="org.jboss.msc"/>
<module name="org.infinispan" export="true"/>
</dependencies>
</module>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-server-subsystem">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="."/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-wildfly-server-subsystem" services="export" export="true"/>
</dependencies>
</module>

View file

@ -0,0 +1,27 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.keycloak.keycloak-server-subsystem.dependencies"/>
</dependencies>
<exclude-subsystems>
<subsystem name="webservices"/>
<subsystem name="weld"/>
</exclude-subsystems>
</deployment>
</jboss-deployment-structure>

View file

@ -0,0 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>auth</module-name>
<servlet>
<servlet-name>Keycloak REST Interface</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>org.keycloak.services.resources.KeycloakApplication</param-value>
</init-param>
<init-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<context-param>
<param-name>resteasy.disable.html.sanitizer</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.keycloak.provider.wildfly.WildflyLifecycleListener</listener-class>
</listener>
<filter>
<filter-name>Client Connection Filter</filter-name>
<filter-class>org.keycloak.provider.wildfly.WildFlyRequestFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>Client Connection Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>Keycloak REST Interface</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<resource-env-ref>
<resource-env-ref-name>infinispan/Keycloak</resource-env-ref-name>
<resource-env-ref-type>org.infinispan.manager.EmbeddedCacheManager</resource-env-ref-type>
<lookup-name>java:jboss/infinispan/container/keycloak</lookup-name>
</resource-env-ref>
</web-app>

View file

@ -0,0 +1,81 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-services">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-services}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common" services="import"/>
<module name="org.keycloak.keycloak-core" services="import"/>
<module name="org.keycloak.keycloak-js-adapter" services="import"/>
<module name="org.keycloak.keycloak-kerberos-federation" services="import"/>
<module name="org.keycloak.keycloak-ldap-federation" services="import"/>
<module name="org.keycloak.keycloak-sssd-federation" optional="true" services="import"/>
<module name="org.keycloak.keycloak-server-spi" services="import"/>
<module name="org.keycloak.keycloak-server-spi-private" services="import"/>
<module name="org.keycloak.keycloak-model-jpa" services="import"/>
<module name="org.keycloak.keycloak-model-map" services="import"/>
<module name="org.keycloak.keycloak-model-infinispan" services="import"/>
<module name="org.keycloak.keycloak-saml-core-public" services="import"/>
<module name="org.keycloak.keycloak-saml-core" services="import"/>
<module name="org.keycloak.keycloak-services" export="true" services="import"/>
<module name="org.keycloak.keycloak-wildfly-extensions" export="true" services="import"/>
<!-- Authorization -->
<module name="org.keycloak.keycloak-authz-policy-common" services="import"/>
<!-- Openshift Client Storage -->
<module name="com.openshift.openshift-restclient-java" services="import"/>
<module name="com.googlecode.owasp-java-html-sanitizer"/>
<module name="com.google.guava"/>
<module name="org.freemarker"/>
<module name="javax.ws.rs.api"/>
<module name="javax.mail.api"/>
<module name="javax.xml.soap.api"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="org.jboss.resteasy.resteasy-multipart-provider"/>
<module name="org.jboss.dmr"/>
<module name="javax.servlet.api"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="com.fasterxml.jackson.datatype.jackson-datatype-jdk8"/>
<module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
<module name="com.google.zxing.core"/>
<module name="com.google.zxing.javase"/>
<module name="org.jboss.logging"/>
<module name="org.bouncycastle" />
<module name="javax.api"/>
<module name="javax.activation.api"/>
<module name="javax.json.api"/>
<module name="org.apache.commons.io"/>
<module name="org.apache.httpcomponents"/>
<module name="org.twitter4j"/>
<module name="javax.transaction.api"/>
<module name="sun.jdk"/>
<module name="com.webauthn4j.webauthn4j-core"/>
<module name="com.webauthn4j.webauthn4j-util"/>
<module name="javax.persistence.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-sssd-federation">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-sssd-federation}"/>
<resource-root path="/usr/share/java/jna.jar"/>
</resources>
<dependencies>
<module name="org.jboss.logging"/>
<module name="org.keycloak.keycloak-core" />
<module name="org.keycloak.keycloak-server-spi" />
<module name="org.keycloak.keycloak-server-spi-private"/>
</dependencies>
</module>

View file

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.6" name="org.keycloak.keycloak-wildfly-adduser">
<main-class name="org.keycloak.wildfly.adduser.AddUser"/>
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-wildfly-adduser}"/>
</resources>
<dependencies>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi" services="import"/>
<module name="org.keycloak.keycloak-server-spi-private" services="import"/>
<module name="org.keycloak.keycloak-services" services="import"/>
<module name="org.aesh"/>
<module name="org.jboss.as.domain-management"/>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-annotations"/>
</dependencies>
</module>

View file

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-extensions">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.keycloak:keycloak-wildfly-extensions}"/>
</resources>
<dependencies>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="javax.servlet.api"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-services"/>
<module name="org.jboss.dmr"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.modules"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="org.wildfly.security.elytron"/>
</dependencies>
</module>

View file

@ -0,0 +1,55 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-wildfly-server-subsystem">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="."/>
<artifact name="${org.keycloak:keycloak-wildfly-server-subsystem}"/>
</resources>
<dependencies>
<module name="com.fasterxml.jackson.core.jackson-core"/>
<module name="com.fasterxml.jackson.core.jackson-databind"/>
<module name="javax.api"/>
<module name="org.jboss.staxmapper"/>
<module name="org.jboss.as.controller"/>
<module name="org.jboss.as.ee"/>
<module name="org.jboss.as.server"/>
<module name="org.jboss.modules"/>
<module name="org.jboss.msc"/>
<module name="org.jboss.logging"/>
<module name="org.jboss.vfs"/>
<module name="org.jboss.as.web-common" optional="true"/>
<module name="org.jboss.as.web" optional="true"/>
<module name="org.jboss.as.version" optional="true"/>
<module name="org.keycloak.keycloak-services"/>
<module name="org.keycloak.keycloak-server-spi-private"/>
<module name="org.keycloak.keycloak-wildfly-adapter" optional="true"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-server-spi"/>
<module name="org.keycloak.keycloak-authz-policy-common"/>
<module name="org.jboss.metadata.common"/>
<module name="org.jboss.metadata.web"/>
</dependencies>
</module>

View file

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.liquibase">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.liquibase:liquibase-core}"/>
</resources>
<dependencies>
<module name="org.apache.commons.logging"/>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.twitter4j">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<artifact name="${org.twitter4j:twitter4j-core}"/>
</resources>
<dependencies>
<module name="javax.api"/>
</dependencies>
</module>

View file

@ -0,0 +1,6 @@
<?xml version="1.0" ?>
<!-- actual content of this package comes from artifact=org.keycloak:keycloak-client-cli-dist:zip
See pom.xml execution/id: unpack-cli.
-->
<package-spec xmlns="urn:jboss:galleon:package:2.0" name="client-cli">
</package-spec>

View file

@ -0,0 +1,2 @@
<?xml version="1.0" ?>
<package-spec xmlns="urn:jboss:galleon:package:2.0" name="docs-examples"/>

View file

@ -0,0 +1 @@
// placeholder file: content copied by tasks.xml from src/main/resources/packages/identity/pm/wildfly/resources/bin/product.conf

View file

@ -0,0 +1 @@
// placeholder file: content copied by tasks.xml from src/main/resources/packages/identity/pm/wildfly/resources/modules/system/layers/keycloak/org/jboss/as/product/keycloak/module.xml

View file

@ -0,0 +1,4 @@
<?xml version="1.0" ?>
<package-spec xmlns="urn:jboss:galleon:package:2.0" name="identity">
</package-spec>

View file

@ -0,0 +1,3 @@
JBoss-Product-Release-Name: ${product.name.full}
JBoss-Product-Release-Version: ${product.version}
JBoss-Product-Console-Slot: ${product.wildfly.console.slot}

View file

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<module xmlns="urn:jboss:module:1.3" name="org.jboss.as.product" slot="${product.slot}">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="dir"/>
</resources>
</module>

Some files were not shown because too many files have changed in this diff Show more