KEYCLOAK-4477 Update to WildFly 11

This commit is contained in:
Stian Thorgersen 2017-05-18 10:22:27 +02:00
parent 6d8a3f7a8b
commit 2e83eda172
23 changed files with 156 additions and 1074 deletions

View file

@ -97,13 +97,6 @@
</properties> </properties>
</profile> </profile>
<profile>
<id>wf11</id>
<properties>
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
</properties>
</profile>
<profile> <profile>
<id>product</id> <id>product</id>
<activation> <activation>

View file

@ -128,7 +128,6 @@
<properties> <properties>
<build-tools.version>${wildfly.build-tools.version}</build-tools.version> <build-tools.version>${wildfly.build-tools.version}</build-tools.version>
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent> <feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
<configDir>src/main/resources/configuration</configDir>
</properties> </properties>
<dependencies> <dependencies>
@ -140,52 +139,6 @@
</dependencies> </dependencies>
</profile> </profile>
<!-- Temporary profile to test with WildFly 11 -->
<profile>
<id>wf11</id>
<properties>
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
<configDir>src/main/resources-wf11/configuration</configDir>
</properties>
<dependencies>
<dependency>
<groupId>org.wildfly</groupId>
<artifactId>wildfly-feature-pack</artifactId>
<version>${wildfly11.version}</version>
<type>zip</type>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-configuration-wf11</id>
<phase>validate</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>target/resources/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/resources-wf11/configuration</directory>
<filtering>true</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile> <profile>
<id>product</id> <id>product</id>
<activation> <activation>
@ -197,7 +150,6 @@
<properties> <properties>
<build-tools.version>${eap.build-tools.version}</build-tools.version> <build-tools.version>${eap.build-tools.version}</build-tools.version>
<feature.parent>org.jboss.eap:wildfly-feature-pack</feature.parent> <feature.parent>org.jboss.eap:wildfly-feature-pack</feature.parent>
<configDir>src/main/resources-wf11/configuration</configDir>
</properties> </properties>
<dependencies> <dependencies>
@ -208,32 +160,6 @@
<type>zip</type> <type>zip</type>
</dependency> </dependency>
</dependencies> </dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-configuration-wf11</id>
<phase>validate</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>target/resources/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/resources-wf11/configuration</directory>
<filtering>true</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile> </profile>
</profiles> </profiles>

View file

@ -1,79 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<config>
<subsystems name="auth-server-standalone">
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="auth-server-clustered">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jgroups.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
<subsystems name="load-balancer">
<subsystem>logging.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>undertow-load-balancer.xml</subsystem>
</subsystems>
</config>

View file

@ -1,110 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<domain xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<system-properties>
<!-- IPv4 is not required, but setting this helps avoid unintended use of IPv6 -->
<property name="java.net.preferIPv4Stack" value="true"/>
</system-properties>
<management>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
<profiles>
<!-- Non clustered authentication server profile -->
<profile name="auth-server-standalone">
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
<!--
Clustering authentication server setup.
You must configure a remote shared external database like PostgreSQL or MySql if you want this to be
able to work on multiple machines.
-->
<profile name="auth-server-clustered">
<?SUBSYSTEMS socket-binding-group="ha-sockets"?>
</profile>
<!--
This is a profile for the built-in Underto Loadbalancer
It should be removed in production systems and replaced with a better software or hardware based one
-->
<profile name="load-balancer">
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
</profile>
</profiles>
<!--
Named interfaces that can be referenced elsewhere in the configuration. The configuration
for how to associate these logical names with an actual network interface can either
be specified here or can be declared on a per-host basis in the equivalent element in host.xml.
These default configurations require the binding specification to be done in host.xml.
-->
<interfaces>
<interface name="management"/>
<interface name="public"/>
<?INTERFACES?>
</interfaces>
<socket-binding-groups>
<socket-binding-group name="standard-sockets" default-interface="public">
<?SOCKET-BINDINGS?>
</socket-binding-group>
<socket-binding-group name="ha-sockets" default-interface="public">
<?SOCKET-BINDINGS?>
</socket-binding-group>
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
<socket-binding-group name="load-balancer-sockets" default-interface="public">
<!-- Needed for server groups using the 'load-balancer' profile -->
<?SOCKET-BINDINGS?>
</socket-binding-group>
</socket-binding-groups>
<server-groups>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
<server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="load-balancer-sockets"/>
</server-group>
</server-groups>
</domain>

View file

@ -1,135 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
is also started by this host controller file. The other instance must be started
via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
<domain-controller>
<local/>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
<server name="load-balancer" group="load-balancer-group">
</server>
<server name="server-one" group="auth-server-group" auto-start="true">
<!-- Remote JPDA debugging for a specific server
<jvm name="default">
<jvm-options>
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
</jvm-options>
</jvm>
-->
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="150"/>
</server>
</servers>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
</host>

View file

@ -1,124 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<host xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
</server-identities>
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:3456}"/>
</native-interface>
</management-interfaces>
</management>
<domain-controller>
<remote username="$local" security-realm="ManagementRealm">
<discovery-options>
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
</discovery-options>
</remote>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<server name="server-two" group="auth-server-group" auto-start="true">
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="250"/>
</server>
</servers>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
</host>

View file

@ -1,137 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
is also started by this host controller file. The other instance must be started
via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="host-file"/>
</handlers>
</logger>
<server-logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="server-file"/>
</handlers>
</server-logger>
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
<domain-controller>
<local/>
<!-- Alternative remote domain controller configuration with a host and port -->
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<jvms>
<jvm name="default">
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
<servers>
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
<server name="load-balancer" group="load-balancer-group">
</server>
<server name="server-one" group="auth-server-group" auto-start="true">
<!-- Remote JPDA debugging for a specific server
<jvm name="default">
<jvm-options>
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
</jvm-options>
</jvm>
-->
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="150"/>
</server>
</servers>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
</host>

View file

@ -1,26 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>core-management.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem supplement="host">elytron.xml</subsystem>
</subsystems>
</config>

View file

@ -1,49 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem supplement="default">jgroups.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem supplement="default">mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
</config>

View file

@ -1,47 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan2.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem>
<subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
</config>

View file

@ -1,90 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="file"/>
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<?SOCKET-BINDINGS?>
</socket-binding-group>
</server>

View file

@ -15,71 +15,65 @@
~ See the License for the specific language governing permissions and ~ See the License for the specific language governing permissions and
~ limitations under the License. ~ limitations under the License.
--> -->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config> <config>
<subsystems name="load-balancer"> <subsystems name="auth-server-standalone">
<!-- Each subsystem to be included relative to the src/main/resources directory --> <subsystem>logging.xml</subsystem>
<subsystem>logging.xml</subsystem> <subsystem>bean-validation.xml</subsystem>
<subsystem>io.xml</subsystem> <subsystem>core-management.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem> <subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>naming.xml</subsystem> <subsystem>ee.xml</subsystem>
<subsystem>remoting.xml</subsystem> <subsystem>ejb3.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>io.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem>keycloak-infinispan.xml</subsystem>
<subsystem>security-manager.xml</subsystem> <subsystem>jaxrs.xml</subsystem>
</subsystems> <subsystem>jca.xml</subsystem>
<subsystems name="auth-server-standalone"> <subsystem>jdr.xml</subsystem>
<!-- Each subsystem to be included relative to the src/main/resources directory --> <subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>logging.xml</subsystem> <subsystem>jpa.xml</subsystem>
<subsystem>bean-validation.xml</subsystem> <subsystem>jsf.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem> <subsystem>mail.xml</subsystem>
<subsystem>ee.xml</subsystem> <subsystem>naming.xml</subsystem>
<subsystem>ejb3.xml</subsystem> <subsystem>remoting.xml</subsystem>
<subsystem>io.xml</subsystem> <subsystem>request-controller.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem> <subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>jaxrs.xml</subsystem> <subsystem>security.xml</subsystem>
<subsystem>jca.xml</subsystem> <subsystem>security-manager.xml</subsystem>
<subsystem>jdr.xml</subsystem> <subsystem>transactions.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem> <subsystem>undertow.xml</subsystem>
<subsystem>jpa.xml</subsystem> <subsystem>keycloak-server.xml</subsystem>
<subsystem>jsf.xml</subsystem> </subsystems>
<subsystem>mail.xml</subsystem> <subsystems name="auth-server-clustered">
<subsystem>naming.xml</subsystem> <!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>remoting.xml</subsystem> <subsystem>logging.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>bean-validation.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem>core-management.xml</subsystem>
<subsystem>security-manager.xml</subsystem> <subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>transactions.xml</subsystem> <subsystem>ee.xml</subsystem>
<subsystem>undertow.xml</subsystem> <subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem> <subsystem>io.xml</subsystem>
</subsystems> <subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
<subsystem>jaxrs.xml</subsystem>
<subsystems name="auth-server-clustered"> <subsystem>jca.xml</subsystem>
<!-- Each subsystem to be included relative to the src/main/resources directory --> <subsystem>jdr.xml</subsystem>
<subsystem>logging.xml</subsystem> <subsystem>jgroups.xml</subsystem>
<subsystem>bean-validation.xml</subsystem> <subsystem supplement="domain">jmx.xml</subsystem>
<subsystem supplement="domain">keycloak-datasources.xml</subsystem> <subsystem>jpa.xml</subsystem>
<subsystem>ee.xml</subsystem> <subsystem>jsf.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem> <subsystem>mail.xml</subsystem>
<subsystem>io.xml</subsystem> <subsystem>mod_cluster.xml</subsystem>
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem> <subsystem>naming.xml</subsystem>
<subsystem>jaxrs.xml</subsystem> <subsystem>remoting.xml</subsystem>
<subsystem>jca.xml</subsystem> <subsystem>request-controller.xml</subsystem>
<subsystem>jdr.xml</subsystem> <subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>jgroups.xml</subsystem> <subsystem>security.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem> <subsystem>security-manager.xml</subsystem>
<subsystem>jpa.xml</subsystem> <subsystem>transactions.xml</subsystem>
<subsystem>jsf.xml</subsystem> <subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>mail.xml</subsystem> <subsystem>keycloak-server.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem> </subsystems>
<subsystem>naming.xml</subsystem> <subsystems name="load-balancer">
<subsystem>remoting.xml</subsystem> <subsystem>logging.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>io.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem>undertow-load-balancer.xml</subsystem>
<subsystem>security-manager.xml</subsystem> </subsystems>
<subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
</config> </config>

View file

@ -17,7 +17,7 @@
~ limitations under the License. ~ limitations under the License.
--> -->
<domain xmlns="urn:jboss:domain:4.0"> <domain xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
@ -60,31 +60,6 @@
--> -->
<profile name="load-balancer"> <profile name="load-balancer">
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?> <?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="lb-handler"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<reverse-proxy name="lb-handler">
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
</reverse-proxy>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
</profile> </profile>
</profiles> </profiles>
@ -96,12 +71,8 @@
These default configurations require the binding specification to be done in host.xml. These default configurations require the binding specification to be done in host.xml.
--> -->
<interfaces> <interfaces>
<interface name="management"> <interface name="management"/>
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/> <interface name="public"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?> <?INTERFACES?>
</interfaces> </interfaces>
@ -114,20 +85,19 @@
</socket-binding-group> </socket-binding-group>
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one --> <!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
<socket-binding-group name="load-balancer-sockets" default-interface="public"> <socket-binding-group name="load-balancer-sockets" default-interface="public">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <!-- Needed for server groups using the 'load-balancer' profile -->
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<outbound-socket-binding name="remote-host1">
<remote-destination host="localhost" port="8159"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-host2">
<remote-destination host="localhost" port="8259"/>
</outbound-socket-binding>
<?SOCKET-BINDINGS?> <?SOCKET-BINDINGS?>
</socket-binding-group> </socket-binding-group>
</socket-binding-groups> </socket-binding-groups>
<server-groups> <server-groups>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one --> <!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
<server-group name="load-balancer-group" profile="load-balancer"> <server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default"> <jvm name="default">
@ -135,12 +105,6 @@
</jvm> </jvm>
<socket-binding-group ref="load-balancer-sockets"/> <socket-binding-group ref="load-balancer-sockets"/>
</server-group> </server-group>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
</server-groups> </server-groups>
</domain> </domain>

View file

@ -22,7 +22,7 @@
is also started by this host controller file. The other instance must be started is also started by this host controller file. The other instance must be started
via host-slave.xml via host-slave.xml
--> -->
<host name="master" xmlns="urn:jboss:domain:4.0"> <host name="master" xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
</extensions> </extensions>
@ -39,6 +39,11 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/> <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
@ -71,7 +76,8 @@
<native-interface security-realm="ManagementRealm"> <native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/> <socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface> </native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> <http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/> <socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface> </http-interface>
</management-interfaces> </management-interfaces>
@ -98,6 +104,8 @@
<heap size="64m" max-size="256m"/> <heap size="64m" max-size="256m"/>
<jvm-options> <jvm-options>
<option value="-server"/> <option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options> </jvm-options>
</jvm> </jvm>
</jvms> </jvms>

View file

@ -17,7 +17,7 @@
~ limitations under the License. ~ limitations under the License.
--> -->
<host xmlns="urn:jboss:domain:4.0"> <host xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
</extensions> </extensions>
@ -27,7 +27,7 @@
<security-realm name="ManagementRealm"> <security-realm name="ManagementRealm">
<server-identities> <server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression --> <!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
<secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/> <secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
</server-identities> </server-identities>
<authentication> <authentication>
@ -39,6 +39,11 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/> <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
@ -75,7 +80,7 @@
</management> </management>
<domain-controller> <domain-controller>
<remote security-realm="ManagementRealm"> <remote username="$local" security-realm="ManagementRealm">
<discovery-options> <discovery-options>
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/> <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
</discovery-options> </discovery-options>
@ -99,6 +104,8 @@
<heap size="64m" max-size="256m"/> <heap size="64m" max-size="256m"/>
<jvm-options> <jvm-options>
<option value="-server"/> <option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options> </jvm-options>
</jvm> </jvm>
</jvms> </jvms>

View file

@ -23,7 +23,7 @@
via host-slave.xml via host-slave.xml
--> -->
<host name="master" xmlns="urn:jboss:domain:4.0"> <host name="master" xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
</extensions> </extensions>
@ -40,6 +40,11 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -54,8 +59,8 @@
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/> <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
@ -72,7 +77,8 @@
<native-interface security-realm="ManagementRealm"> <native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/> <socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface> </native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> <http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/> <socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface> </http-interface>
</management-interfaces> </management-interfaces>
@ -80,6 +86,8 @@
<domain-controller> <domain-controller>
<local/> <local/>
<!-- Alternative remote domain controller configuration with a host and port -->
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller> </domain-controller>
<interfaces> <interfaces>
@ -99,6 +107,8 @@
<heap size="64m" max-size="256m"/> <heap size="64m" max-size="256m"/>
<jvm-options> <jvm-options>
<option value="-server"/> <option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options> </jvm-options>
</jvm> </jvm>
</jvms> </jvms>

View file

@ -19,6 +19,8 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works --> <!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config> <config>
<subsystems> <subsystems>
<subsystem>core-management.xml</subsystem>
<subsystem>jmx.xml</subsystem> <subsystem>jmx.xml</subsystem>
<subsystem supplement="host">elytron.xml</subsystem>
</subsystems> </subsystems>
</config> </config>

View file

@ -30,16 +30,17 @@
<subsystem>jaxrs.xml</subsystem> <subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem> <subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem> <subsystem>jdr.xml</subsystem>
<subsystem>jgroups.xml</subsystem> <subsystem supplement="default">jgroups.xml</subsystem>
<subsystem>jmx.xml</subsystem> <subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem> <subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem> <subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem> <subsystem>mail.xml</subsystem>
<subsystem>mod_cluster.xml</subsystem> <subsystem supplement="default">mod_cluster.xml</subsystem>
<subsystem>naming.xml</subsystem> <subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem> <subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem> <subsystem>security-manager.xml</subsystem>
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem>security.xml</subsystem>
<subsystem>transactions.xml</subsystem> <subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem> <subsystem supplement="ha">undertow.xml</subsystem>

View file

@ -19,28 +19,29 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works --> <!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config> <config>
<subsystems> <subsystems>
<subsystem>logging.xml</subsystem> <subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem> <subsystem>bean-validation.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem> <subsystem supplement="default">keycloak-datasources2.xml</subsystem>
<subsystem>deployment-scanner.xml</subsystem> <subsystem>deployment-scanner.xml</subsystem>
<subsystem>ee.xml</subsystem> <subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem> <subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem> <subsystem>io.xml</subsystem>
<subsystem>keycloak-infinispan.xml</subsystem> <subsystem>keycloak-infinispan2.xml</subsystem>
<subsystem>jaxrs.xml</subsystem> <subsystem>jaxrs.xml</subsystem>
<subsystem>jca.xml</subsystem> <subsystem>jca.xml</subsystem>
<subsystem>jdr.xml</subsystem> <subsystem>jdr.xml</subsystem>
<subsystem>jmx.xml</subsystem> <subsystem>jmx.xml</subsystem>
<subsystem>jpa.xml</subsystem> <subsystem>jpa.xml</subsystem>
<subsystem>jsf.xml</subsystem> <subsystem>jsf.xml</subsystem>
<subsystem>mail.xml</subsystem> <subsystem>mail.xml</subsystem>
<subsystem>naming.xml</subsystem> <subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem> <subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>request-controller.xml</subsystem>
<subsystem>security-manager.xml</subsystem> <subsystem>security-manager.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
<subsystem>transactions.xml</subsystem> <subsystem>security.xml</subsystem>
<subsystem>undertow.xml</subsystem> <subsystem>transactions.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem> <subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems> </subsystems>
</config> </config>

View file

@ -1,23 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?> <?xml version='1.0' encoding='UTF-8'?>
<!-- <server xmlns="urn:jboss:domain:5.0">
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<server xmlns="urn:jboss:domain:4.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
@ -27,7 +10,7 @@
<security-realms> <security-realms>
<security-realm name="ManagementRealm"> <security-realm name="ManagementRealm">
<authentication> <authentication>
<local default-user="$local" skip-group-loading="true" /> <local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication> </authentication>
<authorization map-groups-to-roles="false"> <authorization map-groups-to-roles="false">
@ -35,8 +18,13 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true" /> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication> </authentication>
<authorization> <authorization>
@ -46,19 +34,20 @@
</security-realms> </security-realms>
<audit-log> <audit-log>
<formatters> <formatters>
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
<handler name="file"/> <handler name="file"/>
</handlers> </handlers>
</logger> </logger>
</audit-log> </audit-log>
<management-interfaces> <management-interfaces>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> <http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http"/> <socket-binding http="management-http"/>
</http-interface> </http-interface>
</management-interfaces> </management-interfaces>

View file

@ -104,13 +104,6 @@
</build> </build>
</profile> </profile>
<profile>
<id>wf11</id>
<properties>
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
</properties>
</profile>
<profile> <profile>
<id>product</id> <id>product</id>
<activation> <activation>

View file

@ -189,13 +189,6 @@
</build> </build>
</profile> </profile>
<profile>
<id>wf11</id>
<properties>
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
</properties>
</profile>
<profile> <profile>
<id>product</id> <id>product</id>
<activation> <activation>

View file

@ -43,10 +43,8 @@
<!-- WildFly --> <!-- WildFly -->
<jboss.as.version>7.2.0.Final</jboss.as.version> <jboss.as.version>7.2.0.Final</jboss.as.version>
<wildfly.version>10.0.0.Final</wildfly.version> <wildfly.version>11.0.0.Alpha1</wildfly.version>
<wildfly.build-tools.version>1.2.2.Final</wildfly.build-tools.version> <wildfly.build-tools.version>1.2.2.Final</wildfly.build-tools.version>
<wildfly11.version>11.0.0.Alpha1</wildfly11.version> <!-- for testing with wf11 pre-releases -->
<wildfly11.build-tools.version>1.2.2.Final</wildfly11.build-tools.version>
<eap.version>7.1.0.Beta1-redhat-2</eap.version> <eap.version>7.1.0.Beta1-redhat-2</eap.version>
<eap.build-tools.version>1.2.2.Final</eap.build-tools.version> <eap.build-tools.version>1.2.2.Final</eap.build-tools.version>
<wildfly.core.version>2.0.10.Final</wildfly.core.version> <wildfly.core.version>2.0.10.Final</wildfly.core.version>