KEYCLOAK-4477 Update to WildFly 11
This commit is contained in:
parent
6d8a3f7a8b
commit
2e83eda172
23 changed files with 156 additions and 1074 deletions
|
@ -97,13 +97,6 @@
|
||||||
</properties>
|
</properties>
|
||||||
</profile>
|
</profile>
|
||||||
|
|
||||||
<profile>
|
|
||||||
<id>wf11</id>
|
|
||||||
<properties>
|
|
||||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
|
||||||
</properties>
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
<profile>
|
<profile>
|
||||||
<id>product</id>
|
<id>product</id>
|
||||||
<activation>
|
<activation>
|
||||||
|
|
|
@ -128,7 +128,6 @@
|
||||||
<properties>
|
<properties>
|
||||||
<build-tools.version>${wildfly.build-tools.version}</build-tools.version>
|
<build-tools.version>${wildfly.build-tools.version}</build-tools.version>
|
||||||
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
|
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
|
||||||
<configDir>src/main/resources/configuration</configDir>
|
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
@ -140,52 +139,6 @@
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</profile>
|
</profile>
|
||||||
|
|
||||||
<!-- Temporary profile to test with WildFly 11 -->
|
|
||||||
<profile>
|
|
||||||
<id>wf11</id>
|
|
||||||
|
|
||||||
<properties>
|
|
||||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
|
||||||
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
|
|
||||||
<configDir>src/main/resources-wf11/configuration</configDir>
|
|
||||||
</properties>
|
|
||||||
|
|
||||||
<dependencies>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.wildfly</groupId>
|
|
||||||
<artifactId>wildfly-feature-pack</artifactId>
|
|
||||||
<version>${wildfly11.version}</version>
|
|
||||||
<type>zip</type>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
|
||||||
|
|
||||||
<build>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<artifactId>maven-resources-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>copy-configuration-wf11</id>
|
|
||||||
<phase>validate</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>copy-resources</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<outputDirectory>target/resources/configuration</outputDirectory>
|
|
||||||
<resources>
|
|
||||||
<resource>
|
|
||||||
<directory>src/main/resources-wf11/configuration</directory>
|
|
||||||
<filtering>true</filtering>
|
|
||||||
</resource>
|
|
||||||
</resources>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
<profile>
|
<profile>
|
||||||
<id>product</id>
|
<id>product</id>
|
||||||
<activation>
|
<activation>
|
||||||
|
@ -197,7 +150,6 @@
|
||||||
<properties>
|
<properties>
|
||||||
<build-tools.version>${eap.build-tools.version}</build-tools.version>
|
<build-tools.version>${eap.build-tools.version}</build-tools.version>
|
||||||
<feature.parent>org.jboss.eap:wildfly-feature-pack</feature.parent>
|
<feature.parent>org.jboss.eap:wildfly-feature-pack</feature.parent>
|
||||||
<configDir>src/main/resources-wf11/configuration</configDir>
|
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
@ -208,32 +160,6 @@
|
||||||
<type>zip</type>
|
<type>zip</type>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<artifactId>maven-resources-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>copy-configuration-wf11</id>
|
|
||||||
<phase>validate</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>copy-resources</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<outputDirectory>target/resources/configuration</outputDirectory>
|
|
||||||
<resources>
|
|
||||||
<resource>
|
|
||||||
<directory>src/main/resources-wf11/configuration</directory>
|
|
||||||
<filtering>true</filtering>
|
|
||||||
</resource>
|
|
||||||
</resources>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
</profile>
|
</profile>
|
||||||
</profiles>
|
</profiles>
|
||||||
|
|
||||||
|
|
|
@ -1,79 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
<config>
|
|
||||||
<subsystems name="auth-server-standalone">
|
|
||||||
<subsystem>logging.xml</subsystem>
|
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
|
||||||
<subsystem>core-management.xml</subsystem>
|
|
||||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
|
||||||
<subsystem>ee.xml</subsystem>
|
|
||||||
<subsystem>ejb3.xml</subsystem>
|
|
||||||
<subsystem>io.xml</subsystem>
|
|
||||||
<subsystem>keycloak-infinispan.xml</subsystem>
|
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
|
||||||
<subsystem>jca.xml</subsystem>
|
|
||||||
<subsystem>jdr.xml</subsystem>
|
|
||||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
|
||||||
<subsystem>jpa.xml</subsystem>
|
|
||||||
<subsystem>jsf.xml</subsystem>
|
|
||||||
<subsystem>mail.xml</subsystem>
|
|
||||||
<subsystem>naming.xml</subsystem>
|
|
||||||
<subsystem>remoting.xml</subsystem>
|
|
||||||
<subsystem>request-controller.xml</subsystem>
|
|
||||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
|
||||||
<subsystem>security.xml</subsystem>
|
|
||||||
<subsystem>security-manager.xml</subsystem>
|
|
||||||
<subsystem>transactions.xml</subsystem>
|
|
||||||
<subsystem>undertow.xml</subsystem>
|
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
<subsystems name="auth-server-clustered">
|
|
||||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
|
||||||
<subsystem>logging.xml</subsystem>
|
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
|
||||||
<subsystem>core-management.xml</subsystem>
|
|
||||||
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
|
|
||||||
<subsystem>ee.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
|
||||||
<subsystem>io.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
|
||||||
<subsystem>jca.xml</subsystem>
|
|
||||||
<subsystem>jdr.xml</subsystem>
|
|
||||||
<subsystem>jgroups.xml</subsystem>
|
|
||||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
|
||||||
<subsystem>jpa.xml</subsystem>
|
|
||||||
<subsystem>jsf.xml</subsystem>
|
|
||||||
<subsystem>mail.xml</subsystem>
|
|
||||||
<subsystem>mod_cluster.xml</subsystem>
|
|
||||||
<subsystem>naming.xml</subsystem>
|
|
||||||
<subsystem>remoting.xml</subsystem>
|
|
||||||
<subsystem>request-controller.xml</subsystem>
|
|
||||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
|
||||||
<subsystem>security.xml</subsystem>
|
|
||||||
<subsystem>security-manager.xml</subsystem>
|
|
||||||
<subsystem>transactions.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
<subsystems name="load-balancer">
|
|
||||||
<subsystem>logging.xml</subsystem>
|
|
||||||
<subsystem>io.xml</subsystem>
|
|
||||||
<subsystem>undertow-load-balancer.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
</config>
|
|
|
@ -1,110 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<domain xmlns="urn:jboss:domain:5.0">
|
|
||||||
|
|
||||||
<extensions>
|
|
||||||
<?EXTENSIONS?>
|
|
||||||
</extensions>
|
|
||||||
|
|
||||||
<system-properties>
|
|
||||||
<!-- IPv4 is not required, but setting this helps avoid unintended use of IPv6 -->
|
|
||||||
<property name="java.net.preferIPv4Stack" value="true"/>
|
|
||||||
</system-properties>
|
|
||||||
|
|
||||||
<management>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
|
|
||||||
<profiles>
|
|
||||||
<!-- Non clustered authentication server profile -->
|
|
||||||
<profile name="auth-server-standalone">
|
|
||||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
|
||||||
</profile>
|
|
||||||
<!--
|
|
||||||
Clustering authentication server setup.
|
|
||||||
|
|
||||||
You must configure a remote shared external database like PostgreSQL or MySql if you want this to be
|
|
||||||
able to work on multiple machines.
|
|
||||||
-->
|
|
||||||
<profile name="auth-server-clustered">
|
|
||||||
<?SUBSYSTEMS socket-binding-group="ha-sockets"?>
|
|
||||||
</profile>
|
|
||||||
<!--
|
|
||||||
This is a profile for the built-in Underto Loadbalancer
|
|
||||||
It should be removed in production systems and replaced with a better software or hardware based one
|
|
||||||
-->
|
|
||||||
<profile name="load-balancer">
|
|
||||||
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Named interfaces that can be referenced elsewhere in the configuration. The configuration
|
|
||||||
for how to associate these logical names with an actual network interface can either
|
|
||||||
be specified here or can be declared on a per-host basis in the equivalent element in host.xml.
|
|
||||||
|
|
||||||
These default configurations require the binding specification to be done in host.xml.
|
|
||||||
-->
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management"/>
|
|
||||||
<interface name="public"/>
|
|
||||||
<?INTERFACES?>
|
|
||||||
</interfaces>
|
|
||||||
|
|
||||||
<socket-binding-groups>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public">
|
|
||||||
<?SOCKET-BINDINGS?>
|
|
||||||
</socket-binding-group>
|
|
||||||
<socket-binding-group name="ha-sockets" default-interface="public">
|
|
||||||
<?SOCKET-BINDINGS?>
|
|
||||||
</socket-binding-group>
|
|
||||||
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
|
|
||||||
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
|
||||||
<!-- Needed for server groups using the 'load-balancer' profile -->
|
|
||||||
<?SOCKET-BINDINGS?>
|
|
||||||
</socket-binding-group>
|
|
||||||
</socket-binding-groups>
|
|
||||||
|
|
||||||
<server-groups>
|
|
||||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="ha-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
|
|
||||||
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
|
|
||||||
<server-group name="load-balancer-group" profile="load-balancer">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="load-balancer-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
</server-groups>
|
|
||||||
|
|
||||||
</domain>
|
|
|
@ -1,135 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
|
|
||||||
is also started by this host controller file. The other instance must be started
|
|
||||||
via host-slave.xml
|
|
||||||
-->
|
|
||||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
|
||||||
<extensions>
|
|
||||||
<?EXTENSIONS?>
|
|
||||||
</extensions>
|
|
||||||
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true" />
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
|
|
||||||
<?INTERFACES?>
|
|
||||||
|
|
||||||
</interfaces>
|
|
||||||
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
<option value="-XX:MetaspaceSize=96m"/>
|
|
||||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
|
|
||||||
<servers>
|
|
||||||
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
|
|
||||||
<server name="load-balancer" group="load-balancer-group">
|
|
||||||
</server>
|
|
||||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
|
||||||
<!-- Remote JPDA debugging for a specific server
|
|
||||||
<jvm name="default">
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
-->
|
|
||||||
<!-- server-two avoids port conflicts by incrementing the ports in
|
|
||||||
the default socket-group declared in the server-group -->
|
|
||||||
<socket-bindings port-offset="150"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
|
|
||||||
<profile>
|
|
||||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
</host>
|
|
|
@ -1,124 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:5.0">
|
|
||||||
<extensions>
|
|
||||||
<?EXTENSIONS?>
|
|
||||||
</extensions>
|
|
||||||
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<server-identities>
|
|
||||||
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
|
|
||||||
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
|
|
||||||
</server-identities>
|
|
||||||
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:3456}"/>
|
|
||||||
</native-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
|
|
||||||
<domain-controller>
|
|
||||||
<remote username="$local" security-realm="ManagementRealm">
|
|
||||||
<discovery-options>
|
|
||||||
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
|
|
||||||
</discovery-options>
|
|
||||||
</remote>
|
|
||||||
</domain-controller>
|
|
||||||
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
|
|
||||||
<?INTERFACES?>
|
|
||||||
|
|
||||||
</interfaces>
|
|
||||||
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
<option value="-XX:MetaspaceSize=96m"/>
|
|
||||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
|
|
||||||
<servers>
|
|
||||||
<server name="server-two" group="auth-server-group" auto-start="true">
|
|
||||||
<!-- server-two avoids port conflicts by incrementing the ports in
|
|
||||||
the default socket-group declared in the server-group -->
|
|
||||||
<socket-bindings port-offset="250"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
|
|
||||||
<profile>
|
|
||||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,137 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
|
|
||||||
is also started by this host controller file. The other instance must be started
|
|
||||||
via host-slave.xml
|
|
||||||
-->
|
|
||||||
|
|
||||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
|
||||||
<extensions>
|
|
||||||
<?EXTENSIONS?>
|
|
||||||
</extensions>
|
|
||||||
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true" />
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
<!-- Alternative remote domain controller configuration with a host and port -->
|
|
||||||
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
|
|
||||||
</domain-controller>
|
|
||||||
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
|
|
||||||
<?INTERFACES?>
|
|
||||||
|
|
||||||
</interfaces>
|
|
||||||
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
<option value="-XX:MetaspaceSize=96m"/>
|
|
||||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
|
|
||||||
<servers>
|
|
||||||
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
|
|
||||||
<server name="load-balancer" group="load-balancer-group">
|
|
||||||
</server>
|
|
||||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
|
||||||
<!-- Remote JPDA debugging for a specific server
|
|
||||||
<jvm name="default">
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
-->
|
|
||||||
<!-- server-two avoids port conflicts by incrementing the ports in
|
|
||||||
the default socket-group declared in the server-group -->
|
|
||||||
<socket-bindings port-offset="150"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
|
|
||||||
<profile>
|
|
||||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,26 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
|
||||||
<config>
|
|
||||||
<subsystems>
|
|
||||||
<subsystem>core-management.xml</subsystem>
|
|
||||||
<subsystem>jmx.xml</subsystem>
|
|
||||||
<subsystem supplement="host">elytron.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
</config>
|
|
|
@ -1,49 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
|
||||||
<config>
|
|
||||||
<subsystems>
|
|
||||||
<subsystem>logging.xml</subsystem>
|
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
|
||||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
|
||||||
<subsystem>deployment-scanner.xml</subsystem>
|
|
||||||
<subsystem>ee.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
|
||||||
<subsystem>io.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
|
||||||
<subsystem>jca.xml</subsystem>
|
|
||||||
<subsystem>jdr.xml</subsystem>
|
|
||||||
<subsystem supplement="default">jgroups.xml</subsystem>
|
|
||||||
<subsystem>jmx.xml</subsystem>
|
|
||||||
<subsystem>jpa.xml</subsystem>
|
|
||||||
<subsystem>jsf.xml</subsystem>
|
|
||||||
<subsystem>mail.xml</subsystem>
|
|
||||||
<subsystem supplement="default">mod_cluster.xml</subsystem>
|
|
||||||
<subsystem>naming.xml</subsystem>
|
|
||||||
<subsystem>remoting.xml</subsystem>
|
|
||||||
<subsystem>request-controller.xml</subsystem>
|
|
||||||
<subsystem>security-manager.xml</subsystem>
|
|
||||||
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
|
||||||
<subsystem>security.xml</subsystem>
|
|
||||||
<subsystem>transactions.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
</config>
|
|
|
@ -1,47 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
|
||||||
<config>
|
|
||||||
<subsystems>
|
|
||||||
<subsystem>logging.xml</subsystem>
|
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
|
||||||
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
|
|
||||||
<subsystem>deployment-scanner.xml</subsystem>
|
|
||||||
<subsystem>ee.xml</subsystem>
|
|
||||||
<subsystem>ejb3.xml</subsystem>
|
|
||||||
<subsystem>io.xml</subsystem>
|
|
||||||
<subsystem>keycloak-infinispan2.xml</subsystem>
|
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
|
||||||
<subsystem>jca.xml</subsystem>
|
|
||||||
<subsystem>jdr.xml</subsystem>
|
|
||||||
<subsystem>jmx.xml</subsystem>
|
|
||||||
<subsystem>jpa.xml</subsystem>
|
|
||||||
<subsystem>jsf.xml</subsystem>
|
|
||||||
<subsystem>mail.xml</subsystem>
|
|
||||||
<subsystem>naming.xml</subsystem>
|
|
||||||
<subsystem>remoting.xml</subsystem>
|
|
||||||
<subsystem>request-controller.xml</subsystem>
|
|
||||||
<subsystem>security-manager.xml</subsystem>
|
|
||||||
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
|
||||||
<subsystem>security.xml</subsystem>
|
|
||||||
<subsystem>transactions.xml</subsystem>
|
|
||||||
<subsystem>undertow.xml</subsystem>
|
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
</config>
|
|
|
@ -1,90 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:5.0">
|
|
||||||
|
|
||||||
<extensions>
|
|
||||||
<?EXTENSIONS?>
|
|
||||||
</extensions>
|
|
||||||
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true" />
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
|
|
||||||
<profile>
|
|
||||||
|
|
||||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
|
||||||
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
|
|
||||||
<?INTERFACES?>
|
|
||||||
|
|
||||||
</interfaces>
|
|
||||||
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
|
|
||||||
<?SOCKET-BINDINGS?>
|
|
||||||
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -15,71 +15,65 @@
|
||||||
~ See the License for the specific language governing permissions and
|
~ See the License for the specific language governing permissions and
|
||||||
~ limitations under the License.
|
~ limitations under the License.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
|
||||||
<config>
|
<config>
|
||||||
<subsystems name="load-balancer">
|
<subsystems name="auth-server-standalone">
|
||||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
<subsystem>logging.xml</subsystem>
|
||||||
<subsystem>logging.xml</subsystem>
|
<subsystem>bean-validation.xml</subsystem>
|
||||||
<subsystem>io.xml</subsystem>
|
<subsystem>core-management.xml</subsystem>
|
||||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
||||||
<subsystem>naming.xml</subsystem>
|
<subsystem>ee.xml</subsystem>
|
||||||
<subsystem>remoting.xml</subsystem>
|
<subsystem>ejb3.xml</subsystem>
|
||||||
<subsystem>request-controller.xml</subsystem>
|
<subsystem>io.xml</subsystem>
|
||||||
<subsystem>security.xml</subsystem>
|
<subsystem>keycloak-infinispan.xml</subsystem>
|
||||||
<subsystem>security-manager.xml</subsystem>
|
<subsystem>jaxrs.xml</subsystem>
|
||||||
</subsystems>
|
<subsystem>jca.xml</subsystem>
|
||||||
<subsystems name="auth-server-standalone">
|
<subsystem>jdr.xml</subsystem>
|
||||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
<subsystem supplement="domain">jmx.xml</subsystem>
|
||||||
<subsystem>logging.xml</subsystem>
|
<subsystem>jpa.xml</subsystem>
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
<subsystem>jsf.xml</subsystem>
|
||||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
<subsystem>mail.xml</subsystem>
|
||||||
<subsystem>ee.xml</subsystem>
|
<subsystem>naming.xml</subsystem>
|
||||||
<subsystem>ejb3.xml</subsystem>
|
<subsystem>remoting.xml</subsystem>
|
||||||
<subsystem>io.xml</subsystem>
|
<subsystem>request-controller.xml</subsystem>
|
||||||
<subsystem>keycloak-infinispan.xml</subsystem>
|
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
<subsystem>security.xml</subsystem>
|
||||||
<subsystem>jca.xml</subsystem>
|
<subsystem>security-manager.xml</subsystem>
|
||||||
<subsystem>jdr.xml</subsystem>
|
<subsystem>transactions.xml</subsystem>
|
||||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
<subsystem>undertow.xml</subsystem>
|
||||||
<subsystem>jpa.xml</subsystem>
|
<subsystem>keycloak-server.xml</subsystem>
|
||||||
<subsystem>jsf.xml</subsystem>
|
</subsystems>
|
||||||
<subsystem>mail.xml</subsystem>
|
<subsystems name="auth-server-clustered">
|
||||||
<subsystem>naming.xml</subsystem>
|
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||||
<subsystem>remoting.xml</subsystem>
|
<subsystem>logging.xml</subsystem>
|
||||||
<subsystem>request-controller.xml</subsystem>
|
<subsystem>bean-validation.xml</subsystem>
|
||||||
<subsystem>security.xml</subsystem>
|
<subsystem>core-management.xml</subsystem>
|
||||||
<subsystem>security-manager.xml</subsystem>
|
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
|
||||||
<subsystem>transactions.xml</subsystem>
|
<subsystem>ee.xml</subsystem>
|
||||||
<subsystem>undertow.xml</subsystem>
|
<subsystem supplement="ha">ejb3.xml</subsystem>
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
<subsystem>io.xml</subsystem>
|
||||||
</subsystems>
|
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
||||||
|
<subsystem>jaxrs.xml</subsystem>
|
||||||
<subsystems name="auth-server-clustered">
|
<subsystem>jca.xml</subsystem>
|
||||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
<subsystem>jdr.xml</subsystem>
|
||||||
<subsystem>logging.xml</subsystem>
|
<subsystem>jgroups.xml</subsystem>
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
<subsystem supplement="domain">jmx.xml</subsystem>
|
||||||
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
|
<subsystem>jpa.xml</subsystem>
|
||||||
<subsystem>ee.xml</subsystem>
|
<subsystem>jsf.xml</subsystem>
|
||||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
<subsystem>mail.xml</subsystem>
|
||||||
<subsystem>io.xml</subsystem>
|
<subsystem>mod_cluster.xml</subsystem>
|
||||||
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
<subsystem>naming.xml</subsystem>
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
<subsystem>remoting.xml</subsystem>
|
||||||
<subsystem>jca.xml</subsystem>
|
<subsystem>request-controller.xml</subsystem>
|
||||||
<subsystem>jdr.xml</subsystem>
|
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||||
<subsystem>jgroups.xml</subsystem>
|
<subsystem>security.xml</subsystem>
|
||||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
<subsystem>security-manager.xml</subsystem>
|
||||||
<subsystem>jpa.xml</subsystem>
|
<subsystem>transactions.xml</subsystem>
|
||||||
<subsystem>jsf.xml</subsystem>
|
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||||
<subsystem>mail.xml</subsystem>
|
<subsystem>keycloak-server.xml</subsystem>
|
||||||
<subsystem>mod_cluster.xml</subsystem>
|
</subsystems>
|
||||||
<subsystem>naming.xml</subsystem>
|
<subsystems name="load-balancer">
|
||||||
<subsystem>remoting.xml</subsystem>
|
<subsystem>logging.xml</subsystem>
|
||||||
<subsystem>request-controller.xml</subsystem>
|
<subsystem>io.xml</subsystem>
|
||||||
<subsystem>security.xml</subsystem>
|
<subsystem>undertow-load-balancer.xml</subsystem>
|
||||||
<subsystem>security-manager.xml</subsystem>
|
</subsystems>
|
||||||
<subsystem>transactions.xml</subsystem>
|
|
||||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
|
||||||
</subsystems>
|
|
||||||
</config>
|
</config>
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
~ limitations under the License.
|
~ limitations under the License.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<domain xmlns="urn:jboss:domain:4.0">
|
<domain xmlns="urn:jboss:domain:5.0">
|
||||||
|
|
||||||
<extensions>
|
<extensions>
|
||||||
<?EXTENSIONS?>
|
<?EXTENSIONS?>
|
||||||
|
@ -60,31 +60,6 @@
|
||||||
-->
|
-->
|
||||||
<profile name="load-balancer">
|
<profile name="load-balancer">
|
||||||
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
|
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="lb-handler"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<reverse-proxy name="lb-handler">
|
|
||||||
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
|
|
||||||
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
|
|
||||||
</reverse-proxy>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
</profile>
|
||||||
</profiles>
|
</profiles>
|
||||||
|
|
||||||
|
@ -96,12 +71,8 @@
|
||||||
These default configurations require the binding specification to be done in host.xml.
|
These default configurations require the binding specification to be done in host.xml.
|
||||||
-->
|
-->
|
||||||
<interfaces>
|
<interfaces>
|
||||||
<interface name="management">
|
<interface name="management"/>
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
<interface name="public"/>
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<?INTERFACES?>
|
<?INTERFACES?>
|
||||||
</interfaces>
|
</interfaces>
|
||||||
|
|
||||||
|
@ -114,20 +85,19 @@
|
||||||
</socket-binding-group>
|
</socket-binding-group>
|
||||||
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
|
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||||
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
<!-- Needed for server groups using the 'load-balancer' profile -->
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<outbound-socket-binding name="remote-host1">
|
|
||||||
<remote-destination host="localhost" port="8159"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
<outbound-socket-binding name="remote-host2">
|
|
||||||
<remote-destination host="localhost" port="8259"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
<?SOCKET-BINDINGS?>
|
<?SOCKET-BINDINGS?>
|
||||||
</socket-binding-group>
|
</socket-binding-group>
|
||||||
</socket-binding-groups>
|
</socket-binding-groups>
|
||||||
|
|
||||||
<server-groups>
|
<server-groups>
|
||||||
|
<server-group name="auth-server-group" profile="auth-server-clustered">
|
||||||
|
<jvm name="default">
|
||||||
|
<heap size="64m" max-size="512m"/>
|
||||||
|
</jvm>
|
||||||
|
<socket-binding-group ref="ha-sockets"/>
|
||||||
|
</server-group>
|
||||||
|
|
||||||
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
|
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||||
<server-group name="load-balancer-group" profile="load-balancer">
|
<server-group name="load-balancer-group" profile="load-balancer">
|
||||||
<jvm name="default">
|
<jvm name="default">
|
||||||
|
@ -135,12 +105,6 @@
|
||||||
</jvm>
|
</jvm>
|
||||||
<socket-binding-group ref="load-balancer-sockets"/>
|
<socket-binding-group ref="load-balancer-sockets"/>
|
||||||
</server-group>
|
</server-group>
|
||||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="ha-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
</server-groups>
|
</server-groups>
|
||||||
|
|
||||||
</domain>
|
</domain>
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
is also started by this host controller file. The other instance must be started
|
is also started by this host controller file. The other instance must be started
|
||||||
via host-slave.xml
|
via host-slave.xml
|
||||||
-->
|
-->
|
||||||
<host name="master" xmlns="urn:jboss:domain:4.0">
|
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||||
<extensions>
|
<extensions>
|
||||||
<?EXTENSIONS?>
|
<?EXTENSIONS?>
|
||||||
</extensions>
|
</extensions>
|
||||||
|
@ -39,6 +39,11 @@
|
||||||
</authorization>
|
</authorization>
|
||||||
</security-realm>
|
</security-realm>
|
||||||
<security-realm name="ApplicationRealm">
|
<security-realm name="ApplicationRealm">
|
||||||
|
<server-identities>
|
||||||
|
<ssl>
|
||||||
|
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||||
|
</ssl>
|
||||||
|
</server-identities>
|
||||||
<authentication>
|
<authentication>
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||||
|
@ -53,8 +58,8 @@
|
||||||
<json-formatter name="json-formatter"/>
|
<json-formatter name="json-formatter"/>
|
||||||
</formatters>
|
</formatters>
|
||||||
<handlers>
|
<handlers>
|
||||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||||
</handlers>
|
</handlers>
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||||
<handlers>
|
<handlers>
|
||||||
|
@ -71,7 +76,8 @@
|
||||||
<native-interface security-realm="ManagementRealm">
|
<native-interface security-realm="ManagementRealm">
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||||
</native-interface>
|
</native-interface>
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
<http-interface security-realm="ManagementRealm">
|
||||||
|
<http-upgrade enabled="true" />
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||||
</http-interface>
|
</http-interface>
|
||||||
</management-interfaces>
|
</management-interfaces>
|
||||||
|
@ -98,6 +104,8 @@
|
||||||
<heap size="64m" max-size="256m"/>
|
<heap size="64m" max-size="256m"/>
|
||||||
<jvm-options>
|
<jvm-options>
|
||||||
<option value="-server"/>
|
<option value="-server"/>
|
||||||
|
<option value="-XX:MetaspaceSize=96m"/>
|
||||||
|
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||||
</jvm-options>
|
</jvm-options>
|
||||||
</jvm>
|
</jvm>
|
||||||
</jvms>
|
</jvms>
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
~ limitations under the License.
|
~ limitations under the License.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:4.0">
|
<host xmlns="urn:jboss:domain:5.0">
|
||||||
<extensions>
|
<extensions>
|
||||||
<?EXTENSIONS?>
|
<?EXTENSIONS?>
|
||||||
</extensions>
|
</extensions>
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
<security-realm name="ManagementRealm">
|
<security-realm name="ManagementRealm">
|
||||||
<server-identities>
|
<server-identities>
|
||||||
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
|
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
|
||||||
<secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/>
|
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
|
||||||
</server-identities>
|
</server-identities>
|
||||||
|
|
||||||
<authentication>
|
<authentication>
|
||||||
|
@ -39,6 +39,11 @@
|
||||||
</authorization>
|
</authorization>
|
||||||
</security-realm>
|
</security-realm>
|
||||||
<security-realm name="ApplicationRealm">
|
<security-realm name="ApplicationRealm">
|
||||||
|
<server-identities>
|
||||||
|
<ssl>
|
||||||
|
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||||
|
</ssl>
|
||||||
|
</server-identities>
|
||||||
<authentication>
|
<authentication>
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||||
|
@ -53,8 +58,8 @@
|
||||||
<json-formatter name="json-formatter"/>
|
<json-formatter name="json-formatter"/>
|
||||||
</formatters>
|
</formatters>
|
||||||
<handlers>
|
<handlers>
|
||||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||||
</handlers>
|
</handlers>
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||||
<handlers>
|
<handlers>
|
||||||
|
@ -75,7 +80,7 @@
|
||||||
</management>
|
</management>
|
||||||
|
|
||||||
<domain-controller>
|
<domain-controller>
|
||||||
<remote security-realm="ManagementRealm">
|
<remote username="$local" security-realm="ManagementRealm">
|
||||||
<discovery-options>
|
<discovery-options>
|
||||||
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
|
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
|
||||||
</discovery-options>
|
</discovery-options>
|
||||||
|
@ -99,6 +104,8 @@
|
||||||
<heap size="64m" max-size="256m"/>
|
<heap size="64m" max-size="256m"/>
|
||||||
<jvm-options>
|
<jvm-options>
|
||||||
<option value="-server"/>
|
<option value="-server"/>
|
||||||
|
<option value="-XX:MetaspaceSize=96m"/>
|
||||||
|
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||||
</jvm-options>
|
</jvm-options>
|
||||||
</jvm>
|
</jvm>
|
||||||
</jvms>
|
</jvms>
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
via host-slave.xml
|
via host-slave.xml
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<host name="master" xmlns="urn:jboss:domain:4.0">
|
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||||
<extensions>
|
<extensions>
|
||||||
<?EXTENSIONS?>
|
<?EXTENSIONS?>
|
||||||
</extensions>
|
</extensions>
|
||||||
|
@ -40,6 +40,11 @@
|
||||||
</authorization>
|
</authorization>
|
||||||
</security-realm>
|
</security-realm>
|
||||||
<security-realm name="ApplicationRealm">
|
<security-realm name="ApplicationRealm">
|
||||||
|
<server-identities>
|
||||||
|
<ssl>
|
||||||
|
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||||
|
</ssl>
|
||||||
|
</server-identities>
|
||||||
<authentication>
|
<authentication>
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||||
|
@ -54,8 +59,8 @@
|
||||||
<json-formatter name="json-formatter"/>
|
<json-formatter name="json-formatter"/>
|
||||||
</formatters>
|
</formatters>
|
||||||
<handlers>
|
<handlers>
|
||||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||||
</handlers>
|
</handlers>
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||||
<handlers>
|
<handlers>
|
||||||
|
@ -72,7 +77,8 @@
|
||||||
<native-interface security-realm="ManagementRealm">
|
<native-interface security-realm="ManagementRealm">
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||||
</native-interface>
|
</native-interface>
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
<http-interface security-realm="ManagementRealm">
|
||||||
|
<http-upgrade enabled="true" />
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||||
</http-interface>
|
</http-interface>
|
||||||
</management-interfaces>
|
</management-interfaces>
|
||||||
|
@ -80,6 +86,8 @@
|
||||||
|
|
||||||
<domain-controller>
|
<domain-controller>
|
||||||
<local/>
|
<local/>
|
||||||
|
<!-- Alternative remote domain controller configuration with a host and port -->
|
||||||
|
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
|
||||||
</domain-controller>
|
</domain-controller>
|
||||||
|
|
||||||
<interfaces>
|
<interfaces>
|
||||||
|
@ -99,6 +107,8 @@
|
||||||
<heap size="64m" max-size="256m"/>
|
<heap size="64m" max-size="256m"/>
|
||||||
<jvm-options>
|
<jvm-options>
|
||||||
<option value="-server"/>
|
<option value="-server"/>
|
||||||
|
<option value="-XX:MetaspaceSize=96m"/>
|
||||||
|
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||||
</jvm-options>
|
</jvm-options>
|
||||||
</jvm>
|
</jvm>
|
||||||
</jvms>
|
</jvms>
|
||||||
|
|
|
@ -19,6 +19,8 @@
|
||||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||||
<config>
|
<config>
|
||||||
<subsystems>
|
<subsystems>
|
||||||
|
<subsystem>core-management.xml</subsystem>
|
||||||
<subsystem>jmx.xml</subsystem>
|
<subsystem>jmx.xml</subsystem>
|
||||||
|
<subsystem supplement="host">elytron.xml</subsystem>
|
||||||
</subsystems>
|
</subsystems>
|
||||||
</config>
|
</config>
|
||||||
|
|
|
@ -30,16 +30,17 @@
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
<subsystem>jaxrs.xml</subsystem>
|
||||||
<subsystem>jca.xml</subsystem>
|
<subsystem>jca.xml</subsystem>
|
||||||
<subsystem>jdr.xml</subsystem>
|
<subsystem>jdr.xml</subsystem>
|
||||||
<subsystem>jgroups.xml</subsystem>
|
<subsystem supplement="default">jgroups.xml</subsystem>
|
||||||
<subsystem>jmx.xml</subsystem>
|
<subsystem>jmx.xml</subsystem>
|
||||||
<subsystem>jpa.xml</subsystem>
|
<subsystem>jpa.xml</subsystem>
|
||||||
<subsystem>jsf.xml</subsystem>
|
<subsystem>jsf.xml</subsystem>
|
||||||
<subsystem>mail.xml</subsystem>
|
<subsystem>mail.xml</subsystem>
|
||||||
<subsystem>mod_cluster.xml</subsystem>
|
<subsystem supplement="default">mod_cluster.xml</subsystem>
|
||||||
<subsystem>naming.xml</subsystem>
|
<subsystem>naming.xml</subsystem>
|
||||||
<subsystem>remoting.xml</subsystem>
|
<subsystem>remoting.xml</subsystem>
|
||||||
<subsystem>request-controller.xml</subsystem>
|
<subsystem>request-controller.xml</subsystem>
|
||||||
<subsystem>security-manager.xml</subsystem>
|
<subsystem>security-manager.xml</subsystem>
|
||||||
|
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
||||||
<subsystem>security.xml</subsystem>
|
<subsystem>security.xml</subsystem>
|
||||||
<subsystem>transactions.xml</subsystem>
|
<subsystem>transactions.xml</subsystem>
|
||||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||||
|
|
|
@ -19,28 +19,29 @@
|
||||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||||
<config>
|
<config>
|
||||||
<subsystems>
|
<subsystems>
|
||||||
<subsystem>logging.xml</subsystem>
|
<subsystem>logging.xml</subsystem>
|
||||||
<subsystem>bean-validation.xml</subsystem>
|
<subsystem>bean-validation.xml</subsystem>
|
||||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
|
||||||
<subsystem>deployment-scanner.xml</subsystem>
|
<subsystem>deployment-scanner.xml</subsystem>
|
||||||
<subsystem>ee.xml</subsystem>
|
<subsystem>ee.xml</subsystem>
|
||||||
<subsystem>ejb3.xml</subsystem>
|
<subsystem>ejb3.xml</subsystem>
|
||||||
<subsystem>io.xml</subsystem>
|
<subsystem>io.xml</subsystem>
|
||||||
<subsystem>keycloak-infinispan.xml</subsystem>
|
<subsystem>keycloak-infinispan2.xml</subsystem>
|
||||||
<subsystem>jaxrs.xml</subsystem>
|
<subsystem>jaxrs.xml</subsystem>
|
||||||
<subsystem>jca.xml</subsystem>
|
<subsystem>jca.xml</subsystem>
|
||||||
<subsystem>jdr.xml</subsystem>
|
<subsystem>jdr.xml</subsystem>
|
||||||
<subsystem>jmx.xml</subsystem>
|
<subsystem>jmx.xml</subsystem>
|
||||||
<subsystem>jpa.xml</subsystem>
|
<subsystem>jpa.xml</subsystem>
|
||||||
<subsystem>jsf.xml</subsystem>
|
<subsystem>jsf.xml</subsystem>
|
||||||
<subsystem>mail.xml</subsystem>
|
<subsystem>mail.xml</subsystem>
|
||||||
<subsystem>naming.xml</subsystem>
|
<subsystem>naming.xml</subsystem>
|
||||||
<subsystem>remoting.xml</subsystem>
|
<subsystem>remoting.xml</subsystem>
|
||||||
<subsystem>request-controller.xml</subsystem>
|
<subsystem>request-controller.xml</subsystem>
|
||||||
<subsystem>security-manager.xml</subsystem>
|
<subsystem>security-manager.xml</subsystem>
|
||||||
<subsystem>security.xml</subsystem>
|
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
||||||
<subsystem>transactions.xml</subsystem>
|
<subsystem>security.xml</subsystem>
|
||||||
<subsystem>undertow.xml</subsystem>
|
<subsystem>transactions.xml</subsystem>
|
||||||
<subsystem>keycloak-server.xml</subsystem>
|
<subsystem>undertow.xml</subsystem>
|
||||||
|
<subsystem>keycloak-server.xml</subsystem>
|
||||||
</subsystems>
|
</subsystems>
|
||||||
</config>
|
</config>
|
||||||
|
|
|
@ -1,23 +1,6 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
<?xml version='1.0' encoding='UTF-8'?>
|
||||||
|
|
||||||
<!--
|
<server xmlns="urn:jboss:domain:5.0">
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.0">
|
|
||||||
|
|
||||||
<extensions>
|
<extensions>
|
||||||
<?EXTENSIONS?>
|
<?EXTENSIONS?>
|
||||||
|
@ -27,7 +10,7 @@
|
||||||
<security-realms>
|
<security-realms>
|
||||||
<security-realm name="ManagementRealm">
|
<security-realm name="ManagementRealm">
|
||||||
<authentication>
|
<authentication>
|
||||||
<local default-user="$local" skip-group-loading="true" />
|
<local default-user="$local" skip-group-loading="true"/>
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
||||||
</authentication>
|
</authentication>
|
||||||
<authorization map-groups-to-roles="false">
|
<authorization map-groups-to-roles="false">
|
||||||
|
@ -35,8 +18,13 @@
|
||||||
</authorization>
|
</authorization>
|
||||||
</security-realm>
|
</security-realm>
|
||||||
<security-realm name="ApplicationRealm">
|
<security-realm name="ApplicationRealm">
|
||||||
|
<server-identities>
|
||||||
|
<ssl>
|
||||||
|
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||||
|
</ssl>
|
||||||
|
</server-identities>
|
||||||
<authentication>
|
<authentication>
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
|
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
||||||
</authentication>
|
</authentication>
|
||||||
<authorization>
|
<authorization>
|
||||||
|
@ -46,19 +34,20 @@
|
||||||
</security-realms>
|
</security-realms>
|
||||||
<audit-log>
|
<audit-log>
|
||||||
<formatters>
|
<formatters>
|
||||||
<json-formatter name="json-formatter"/>
|
<json-formatter name="json-formatter"/>
|
||||||
</formatters>
|
</formatters>
|
||||||
<handlers>
|
<handlers>
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||||
</handlers>
|
</handlers>
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||||
<handlers>
|
<handlers>
|
||||||
<handler name="file"/>
|
<handler name="file"/>
|
||||||
</handlers>
|
</handlers>
|
||||||
</logger>
|
</logger>
|
||||||
</audit-log>
|
</audit-log>
|
||||||
<management-interfaces>
|
<management-interfaces>
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
<http-interface security-realm="ManagementRealm">
|
||||||
|
<http-upgrade enabled="true" />
|
||||||
<socket-binding http="management-http"/>
|
<socket-binding http="management-http"/>
|
||||||
</http-interface>
|
</http-interface>
|
||||||
</management-interfaces>
|
</management-interfaces>
|
||||||
|
|
|
@ -104,13 +104,6 @@
|
||||||
</build>
|
</build>
|
||||||
</profile>
|
</profile>
|
||||||
|
|
||||||
<profile>
|
|
||||||
<id>wf11</id>
|
|
||||||
<properties>
|
|
||||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
|
||||||
</properties>
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
<profile>
|
<profile>
|
||||||
<id>product</id>
|
<id>product</id>
|
||||||
<activation>
|
<activation>
|
||||||
|
|
|
@ -189,13 +189,6 @@
|
||||||
</build>
|
</build>
|
||||||
</profile>
|
</profile>
|
||||||
|
|
||||||
<profile>
|
|
||||||
<id>wf11</id>
|
|
||||||
<properties>
|
|
||||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
|
||||||
</properties>
|
|
||||||
</profile>
|
|
||||||
|
|
||||||
<profile>
|
<profile>
|
||||||
<id>product</id>
|
<id>product</id>
|
||||||
<activation>
|
<activation>
|
||||||
|
|
4
pom.xml
4
pom.xml
|
@ -43,10 +43,8 @@
|
||||||
|
|
||||||
<!-- WildFly -->
|
<!-- WildFly -->
|
||||||
<jboss.as.version>7.2.0.Final</jboss.as.version>
|
<jboss.as.version>7.2.0.Final</jboss.as.version>
|
||||||
<wildfly.version>10.0.0.Final</wildfly.version>
|
<wildfly.version>11.0.0.Alpha1</wildfly.version>
|
||||||
<wildfly.build-tools.version>1.2.2.Final</wildfly.build-tools.version>
|
<wildfly.build-tools.version>1.2.2.Final</wildfly.build-tools.version>
|
||||||
<wildfly11.version>11.0.0.Alpha1</wildfly11.version> <!-- for testing with wf11 pre-releases -->
|
|
||||||
<wildfly11.build-tools.version>1.2.2.Final</wildfly11.build-tools.version>
|
|
||||||
<eap.version>7.1.0.Beta1-redhat-2</eap.version>
|
<eap.version>7.1.0.Beta1-redhat-2</eap.version>
|
||||||
<eap.build-tools.version>1.2.2.Final</eap.build-tools.version>
|
<eap.build-tools.version>1.2.2.Final</eap.build-tools.version>
|
||||||
<wildfly.core.version>2.0.10.Final</wildfly.core.version>
|
<wildfly.core.version>2.0.10.Final</wildfly.core.version>
|
||||||
|
|
Loading…
Reference in a new issue