KEYCLOAK-4477 Update to WildFly 11
This commit is contained in:
parent
6d8a3f7a8b
commit
2e83eda172
23 changed files with 156 additions and 1074 deletions
|
@ -97,13 +97,6 @@
|
|||
</properties>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>wf11</id>
|
||||
<properties>
|
||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
||||
</properties>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>product</id>
|
||||
<activation>
|
||||
|
|
|
@ -128,7 +128,6 @@
|
|||
<properties>
|
||||
<build-tools.version>${wildfly.build-tools.version}</build-tools.version>
|
||||
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
|
||||
<configDir>src/main/resources/configuration</configDir>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
@ -140,52 +139,6 @@
|
|||
</dependencies>
|
||||
</profile>
|
||||
|
||||
<!-- Temporary profile to test with WildFly 11 -->
|
||||
<profile>
|
||||
<id>wf11</id>
|
||||
|
||||
<properties>
|
||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
||||
<feature.parent>org.wildfly:wildfly-feature-pack</feature.parent>
|
||||
<configDir>src/main/resources-wf11/configuration</configDir>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.wildfly</groupId>
|
||||
<artifactId>wildfly-feature-pack</artifactId>
|
||||
<version>${wildfly11.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-configuration-wf11</id>
|
||||
<phase>validate</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>target/resources/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/resources-wf11/configuration</directory>
|
||||
<filtering>true</filtering>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>product</id>
|
||||
<activation>
|
||||
|
@ -197,7 +150,6 @@
|
|||
<properties>
|
||||
<build-tools.version>${eap.build-tools.version}</build-tools.version>
|
||||
<feature.parent>org.jboss.eap:wildfly-feature-pack</feature.parent>
|
||||
<configDir>src/main/resources-wf11/configuration</configDir>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
@ -208,32 +160,6 @@
|
|||
<type>zip</type>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-configuration-wf11</id>
|
||||
<phase>validate</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>target/resources/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/resources-wf11/configuration</directory>
|
||||
<filtering>true</filtering>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
|
|
|
@ -1,79 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<config>
|
||||
<subsystems name="auth-server-standalone">
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem>ejb3.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem>keycloak-infinispan.xml</subsystem>
|
||||
<subsystem>jaxrs.xml</subsystem>
|
||||
<subsystem>jca.xml</subsystem>
|
||||
<subsystem>jdr.xml</subsystem>
|
||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
||||
<subsystem>jpa.xml</subsystem>
|
||||
<subsystem>jsf.xml</subsystem>
|
||||
<subsystem>mail.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem>undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
<subsystems name="auth-server-clustered">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
||||
<subsystem>jaxrs.xml</subsystem>
|
||||
<subsystem>jca.xml</subsystem>
|
||||
<subsystem>jdr.xml</subsystem>
|
||||
<subsystem>jgroups.xml</subsystem>
|
||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
||||
<subsystem>jpa.xml</subsystem>
|
||||
<subsystem>jsf.xml</subsystem>
|
||||
<subsystem>mail.xml</subsystem>
|
||||
<subsystem>mod_cluster.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
<subsystems name="load-balancer">
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem>undertow-load-balancer.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
|
@ -1,110 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<domain xmlns="urn:jboss:domain:5.0">
|
||||
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
||||
<system-properties>
|
||||
<!-- IPv4 is not required, but setting this helps avoid unintended use of IPv6 -->
|
||||
<property name="java.net.preferIPv4Stack" value="true"/>
|
||||
</system-properties>
|
||||
|
||||
<management>
|
||||
<access-control provider="simple">
|
||||
<role-mapping>
|
||||
<role name="SuperUser">
|
||||
<include>
|
||||
<user name="$local"/>
|
||||
</include>
|
||||
</role>
|
||||
</role-mapping>
|
||||
</access-control>
|
||||
</management>
|
||||
|
||||
<profiles>
|
||||
<!-- Non clustered authentication server profile -->
|
||||
<profile name="auth-server-standalone">
|
||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
||||
</profile>
|
||||
<!--
|
||||
Clustering authentication server setup.
|
||||
|
||||
You must configure a remote shared external database like PostgreSQL or MySql if you want this to be
|
||||
able to work on multiple machines.
|
||||
-->
|
||||
<profile name="auth-server-clustered">
|
||||
<?SUBSYSTEMS socket-binding-group="ha-sockets"?>
|
||||
</profile>
|
||||
<!--
|
||||
This is a profile for the built-in Underto Loadbalancer
|
||||
It should be removed in production systems and replaced with a better software or hardware based one
|
||||
-->
|
||||
<profile name="load-balancer">
|
||||
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
<!--
|
||||
Named interfaces that can be referenced elsewhere in the configuration. The configuration
|
||||
for how to associate these logical names with an actual network interface can either
|
||||
be specified here or can be declared on a per-host basis in the equivalent element in host.xml.
|
||||
|
||||
These default configurations require the binding specification to be done in host.xml.
|
||||
-->
|
||||
<interfaces>
|
||||
<interface name="management"/>
|
||||
<interface name="public"/>
|
||||
<?INTERFACES?>
|
||||
</interfaces>
|
||||
|
||||
<socket-binding-groups>
|
||||
<socket-binding-group name="standard-sockets" default-interface="public">
|
||||
<?SOCKET-BINDINGS?>
|
||||
</socket-binding-group>
|
||||
<socket-binding-group name="ha-sockets" default-interface="public">
|
||||
<?SOCKET-BINDINGS?>
|
||||
</socket-binding-group>
|
||||
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
||||
<!-- Needed for server groups using the 'load-balancer' profile -->
|
||||
<?SOCKET-BINDINGS?>
|
||||
</socket-binding-group>
|
||||
</socket-binding-groups>
|
||||
|
||||
<server-groups>
|
||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="512m"/>
|
||||
</jvm>
|
||||
<socket-binding-group ref="ha-sockets"/>
|
||||
</server-group>
|
||||
|
||||
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<server-group name="load-balancer-group" profile="load-balancer">
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="512m"/>
|
||||
</jvm>
|
||||
<socket-binding-group ref="load-balancer-sockets"/>
|
||||
</server-group>
|
||||
</server-groups>
|
||||
|
||||
</domain>
|
|
@ -1,135 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!--
|
||||
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
|
||||
is also started by this host controller file. The other instance must be started
|
||||
via host-slave.xml
|
||||
-->
|
||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
||||
<management>
|
||||
<security-realms>
|
||||
<security-realm name="ManagementRealm">
|
||||
<authentication>
|
||||
<local default-user="$local" skip-group-loading="true"/>
|
||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authentication>
|
||||
<authorization map-groups-to-roles="false">
|
||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authentication>
|
||||
<authorization>
|
||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
</security-realms>
|
||||
<audit-log>
|
||||
<formatters>
|
||||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="host-file"/>
|
||||
</handlers>
|
||||
</logger>
|
||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="server-file"/>
|
||||
</handlers>
|
||||
</server-logger>
|
||||
</audit-log>
|
||||
<management-interfaces>
|
||||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
</management>
|
||||
|
||||
<domain-controller>
|
||||
<local/>
|
||||
</domain-controller>
|
||||
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
</interface>
|
||||
|
||||
<?INTERFACES?>
|
||||
|
||||
</interfaces>
|
||||
|
||||
<jvms>
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
||||
<servers>
|
||||
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<server name="load-balancer" group="load-balancer-group">
|
||||
</server>
|
||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
||||
<!-- Remote JPDA debugging for a specific server
|
||||
<jvm name="default">
|
||||
<jvm-options>
|
||||
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
-->
|
||||
<!-- server-two avoids port conflicts by incrementing the ports in
|
||||
the default socket-group declared in the server-group -->
|
||||
<socket-bindings port-offset="150"/>
|
||||
</server>
|
||||
</servers>
|
||||
|
||||
<profile>
|
||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
||||
</profile>
|
||||
|
||||
</host>
|
|
@ -1,124 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<host xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
||||
<management>
|
||||
<security-realms>
|
||||
<security-realm name="ManagementRealm">
|
||||
<server-identities>
|
||||
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
|
||||
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
|
||||
</server-identities>
|
||||
|
||||
<authentication>
|
||||
<local default-user="$local" skip-group-loading="true"/>
|
||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authentication>
|
||||
<authorization map-groups-to-roles="false">
|
||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authentication>
|
||||
<authorization>
|
||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
</security-realms>
|
||||
<audit-log>
|
||||
<formatters>
|
||||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="host-file"/>
|
||||
</handlers>
|
||||
</logger>
|
||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="server-file"/>
|
||||
</handlers>
|
||||
</server-logger>
|
||||
</audit-log>
|
||||
<management-interfaces>
|
||||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:3456}"/>
|
||||
</native-interface>
|
||||
</management-interfaces>
|
||||
</management>
|
||||
|
||||
<domain-controller>
|
||||
<remote username="$local" security-realm="ManagementRealm">
|
||||
<discovery-options>
|
||||
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
|
||||
</discovery-options>
|
||||
</remote>
|
||||
</domain-controller>
|
||||
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
</interface>
|
||||
|
||||
<?INTERFACES?>
|
||||
|
||||
</interfaces>
|
||||
|
||||
<jvms>
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
||||
<servers>
|
||||
<server name="server-two" group="auth-server-group" auto-start="true">
|
||||
<!-- server-two avoids port conflicts by incrementing the ports in
|
||||
the default socket-group declared in the server-group -->
|
||||
<socket-bindings port-offset="250"/>
|
||||
</server>
|
||||
</servers>
|
||||
|
||||
<profile>
|
||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
||||
</profile>
|
||||
</host>
|
|
@ -1,137 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!--
|
||||
Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
|
||||
is also started by this host controller file. The other instance must be started
|
||||
via host-slave.xml
|
||||
-->
|
||||
|
||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
||||
<management>
|
||||
<security-realms>
|
||||
<security-realm name="ManagementRealm">
|
||||
<authentication>
|
||||
<local default-user="$local" skip-group-loading="true"/>
|
||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authentication>
|
||||
<authorization map-groups-to-roles="false">
|
||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authentication>
|
||||
<authorization>
|
||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
</security-realms>
|
||||
<audit-log>
|
||||
<formatters>
|
||||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="host-file"/>
|
||||
</handlers>
|
||||
</logger>
|
||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="server-file"/>
|
||||
</handlers>
|
||||
</server-logger>
|
||||
</audit-log>
|
||||
<management-interfaces>
|
||||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
</management>
|
||||
|
||||
<domain-controller>
|
||||
<local/>
|
||||
<!-- Alternative remote domain controller configuration with a host and port -->
|
||||
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
|
||||
</domain-controller>
|
||||
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
</interface>
|
||||
|
||||
<?INTERFACES?>
|
||||
|
||||
</interfaces>
|
||||
|
||||
<jvms>
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
||||
<servers>
|
||||
<!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<server name="load-balancer" group="load-balancer-group">
|
||||
</server>
|
||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
||||
<!-- Remote JPDA debugging for a specific server
|
||||
<jvm name="default">
|
||||
<jvm-options>
|
||||
<option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
-->
|
||||
<!-- server-two avoids port conflicts by incrementing the ports in
|
||||
the default socket-group declared in the server-group -->
|
||||
<socket-bindings port-offset="150"/>
|
||||
</server>
|
||||
</servers>
|
||||
|
||||
<profile>
|
||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
||||
</profile>
|
||||
</host>
|
|
@ -1,26 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem>jmx.xml</subsystem>
|
||||
<subsystem supplement="host">elytron.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
|
@ -1,49 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems>
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>deployment-scanner.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
|
||||
<subsystem>jaxrs.xml</subsystem>
|
||||
<subsystem>jca.xml</subsystem>
|
||||
<subsystem>jdr.xml</subsystem>
|
||||
<subsystem supplement="default">jgroups.xml</subsystem>
|
||||
<subsystem>jmx.xml</subsystem>
|
||||
<subsystem>jpa.xml</subsystem>
|
||||
<subsystem>jsf.xml</subsystem>
|
||||
<subsystem>mail.xml</subsystem>
|
||||
<subsystem supplement="default">mod_cluster.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
|
@ -1,47 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems>
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
|
||||
<subsystem>deployment-scanner.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem>ejb3.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem>keycloak-infinispan2.xml</subsystem>
|
||||
<subsystem>jaxrs.xml</subsystem>
|
||||
<subsystem>jca.xml</subsystem>
|
||||
<subsystem>jdr.xml</subsystem>
|
||||
<subsystem>jmx.xml</subsystem>
|
||||
<subsystem>jpa.xml</subsystem>
|
||||
<subsystem>jsf.xml</subsystem>
|
||||
<subsystem>mail.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem>undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
|
@ -1,90 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server xmlns="urn:jboss:domain:5.0">
|
||||
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
||||
<management>
|
||||
<security-realms>
|
||||
<security-realm name="ManagementRealm">
|
||||
<authentication>
|
||||
<local default-user="$local" skip-group-loading="true"/>
|
||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
||||
</authentication>
|
||||
<authorization map-groups-to-roles="false">
|
||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
||||
</authentication>
|
||||
<authorization>
|
||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
||||
</authorization>
|
||||
</security-realm>
|
||||
</security-realms>
|
||||
<audit-log>
|
||||
<formatters>
|
||||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
<handler name="file"/>
|
||||
</handlers>
|
||||
</logger>
|
||||
</audit-log>
|
||||
<management-interfaces>
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket-binding http="management-http"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
<access-control provider="simple">
|
||||
<role-mapping>
|
||||
<role name="SuperUser">
|
||||
<include>
|
||||
<user name="$local"/>
|
||||
</include>
|
||||
</role>
|
||||
</role-mapping>
|
||||
</access-control>
|
||||
</management>
|
||||
|
||||
<profile>
|
||||
|
||||
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
|
||||
|
||||
</profile>
|
||||
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
</interface>
|
||||
|
||||
<?INTERFACES?>
|
||||
|
||||
</interfaces>
|
||||
|
||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
||||
|
||||
<?SOCKET-BINDINGS?>
|
||||
|
||||
</socket-binding-group>
|
||||
</server>
|
|
@ -15,24 +15,11 @@
|
|||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems name="load-balancer">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem supplement="domain">jmx.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
</subsystems>
|
||||
<subsystems name="auth-server-standalone">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem>ejb3.xml</subsystem>
|
||||
|
@ -48,17 +35,18 @@
|
|||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem>undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
|
||||
<subsystems name="auth-server-clustered">
|
||||
<!-- Each subsystem to be included relative to the src/main/resources directory -->
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem supplement="domain">keycloak-datasources.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem supplement="ha">ejb3.xml</subsystem>
|
||||
|
@ -76,10 +64,16 @@
|
|||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||
<subsystem>keycloak-server.xml</subsystem>
|
||||
</subsystems>
|
||||
<subsystems name="load-balancer">
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem>undertow-load-balancer.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<domain xmlns="urn:jboss:domain:4.0">
|
||||
<domain xmlns="urn:jboss:domain:5.0">
|
||||
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
|
@ -60,31 +60,6 @@
|
|||
-->
|
||||
<profile name="load-balancer">
|
||||
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
||||
<host name="default-host" alias="localhost">
|
||||
<location name="/" handler="lb-handler"/>
|
||||
<filter-ref name="server-header"/>
|
||||
<filter-ref name="x-powered-by-header"/>
|
||||
</host>
|
||||
</server>
|
||||
<servlet-container name="default">
|
||||
<jsp-config/>
|
||||
<websockets/>
|
||||
</servlet-container>
|
||||
<handlers>
|
||||
<reverse-proxy name="lb-handler">
|
||||
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
|
||||
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
|
||||
</reverse-proxy>
|
||||
</handlers>
|
||||
<filters>
|
||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
||||
</filters>
|
||||
</subsystem>
|
||||
</profile>
|
||||
</profiles>
|
||||
|
||||
|
@ -96,12 +71,8 @@
|
|||
These default configurations require the binding specification to be done in host.xml.
|
||||
-->
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="management"/>
|
||||
<interface name="public"/>
|
||||
<?INTERFACES?>
|
||||
</interfaces>
|
||||
|
||||
|
@ -114,20 +85,19 @@
|
|||
</socket-binding-group>
|
||||
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
||||
<outbound-socket-binding name="remote-host1">
|
||||
<remote-destination host="localhost" port="8159"/>
|
||||
</outbound-socket-binding>
|
||||
<outbound-socket-binding name="remote-host2">
|
||||
<remote-destination host="localhost" port="8259"/>
|
||||
</outbound-socket-binding>
|
||||
<!-- Needed for server groups using the 'load-balancer' profile -->
|
||||
<?SOCKET-BINDINGS?>
|
||||
</socket-binding-group>
|
||||
</socket-binding-groups>
|
||||
|
||||
<server-groups>
|
||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="512m"/>
|
||||
</jvm>
|
||||
<socket-binding-group ref="ha-sockets"/>
|
||||
</server-group>
|
||||
|
||||
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
|
||||
<server-group name="load-balancer-group" profile="load-balancer">
|
||||
<jvm name="default">
|
||||
|
@ -135,12 +105,6 @@
|
|||
</jvm>
|
||||
<socket-binding-group ref="load-balancer-sockets"/>
|
||||
</server-group>
|
||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
||||
<jvm name="default">
|
||||
<heap size="64m" max-size="512m"/>
|
||||
</jvm>
|
||||
<socket-binding-group ref="ha-sockets"/>
|
||||
</server-group>
|
||||
</server-groups>
|
||||
|
||||
</domain>
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
is also started by this host controller file. The other instance must be started
|
||||
via host-slave.xml
|
||||
-->
|
||||
<host name="master" xmlns="urn:jboss:domain:4.0">
|
||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
@ -39,6 +39,11 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
|
@ -53,8 +58,8 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -71,7 +76,8 @@
|
|||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
|
@ -98,6 +104,8 @@
|
|||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<host xmlns="urn:jboss:domain:4.0">
|
||||
<host xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
@ -27,7 +27,7 @@
|
|||
<security-realm name="ManagementRealm">
|
||||
<server-identities>
|
||||
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
|
||||
<secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/>
|
||||
<secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
|
||||
</server-identities>
|
||||
|
||||
<authentication>
|
||||
|
@ -39,6 +39,11 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
|
@ -53,8 +58,8 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -75,7 +80,7 @@
|
|||
</management>
|
||||
|
||||
<domain-controller>
|
||||
<remote security-realm="ManagementRealm">
|
||||
<remote username="$local" security-realm="ManagementRealm">
|
||||
<discovery-options>
|
||||
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
|
||||
</discovery-options>
|
||||
|
@ -99,6 +104,8 @@
|
|||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
via host-slave.xml
|
||||
-->
|
||||
|
||||
<host name="master" xmlns="urn:jboss:domain:4.0">
|
||||
<host name="master" xmlns="urn:jboss:domain:5.0">
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
</extensions>
|
||||
|
@ -40,6 +40,11 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
||||
|
@ -54,8 +59,8 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -72,7 +77,8 @@
|
|||
<native-interface security-realm="ManagementRealm">
|
||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
||||
</native-interface>
|
||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
|
@ -80,6 +86,8 @@
|
|||
|
||||
<domain-controller>
|
||||
<local/>
|
||||
<!-- Alternative remote domain controller configuration with a host and port -->
|
||||
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
|
||||
</domain-controller>
|
||||
|
||||
<interfaces>
|
||||
|
@ -99,6 +107,8 @@
|
|||
<heap size="64m" max-size="256m"/>
|
||||
<jvm-options>
|
||||
<option value="-server"/>
|
||||
<option value="-XX:MetaspaceSize=96m"/>
|
||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
||||
</jvm-options>
|
||||
</jvm>
|
||||
</jvms>
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
|
||||
<config>
|
||||
<subsystems>
|
||||
<subsystem>core-management.xml</subsystem>
|
||||
<subsystem>jmx.xml</subsystem>
|
||||
<subsystem supplement="host">elytron.xml</subsystem>
|
||||
</subsystems>
|
||||
</config>
|
||||
|
|
|
@ -30,16 +30,17 @@
|
|||
<subsystem>jaxrs.xml</subsystem>
|
||||
<subsystem>jca.xml</subsystem>
|
||||
<subsystem>jdr.xml</subsystem>
|
||||
<subsystem>jgroups.xml</subsystem>
|
||||
<subsystem supplement="default">jgroups.xml</subsystem>
|
||||
<subsystem>jmx.xml</subsystem>
|
||||
<subsystem>jpa.xml</subsystem>
|
||||
<subsystem>jsf.xml</subsystem>
|
||||
<subsystem>mail.xml</subsystem>
|
||||
<subsystem>mod_cluster.xml</subsystem>
|
||||
<subsystem supplement="default">mod_cluster.xml</subsystem>
|
||||
<subsystem>naming.xml</subsystem>
|
||||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem supplement="ha">undertow.xml</subsystem>
|
||||
|
|
|
@ -21,12 +21,12 @@
|
|||
<subsystems>
|
||||
<subsystem>logging.xml</subsystem>
|
||||
<subsystem>bean-validation.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources.xml</subsystem>
|
||||
<subsystem supplement="default">keycloak-datasources2.xml</subsystem>
|
||||
<subsystem>deployment-scanner.xml</subsystem>
|
||||
<subsystem>ee.xml</subsystem>
|
||||
<subsystem>ejb3.xml</subsystem>
|
||||
<subsystem>io.xml</subsystem>
|
||||
<subsystem>keycloak-infinispan.xml</subsystem>
|
||||
<subsystem>keycloak-infinispan2.xml</subsystem>
|
||||
<subsystem>jaxrs.xml</subsystem>
|
||||
<subsystem>jca.xml</subsystem>
|
||||
<subsystem>jdr.xml</subsystem>
|
||||
|
@ -38,6 +38,7 @@
|
|||
<subsystem>remoting.xml</subsystem>
|
||||
<subsystem>request-controller.xml</subsystem>
|
||||
<subsystem>security-manager.xml</subsystem>
|
||||
<subsystem supplement="standalone-wildfly">elytron.xml</subsystem>
|
||||
<subsystem>security.xml</subsystem>
|
||||
<subsystem>transactions.xml</subsystem>
|
||||
<subsystem>undertow.xml</subsystem>
|
||||
|
|
|
@ -1,23 +1,6 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<server xmlns="urn:jboss:domain:4.0">
|
||||
<server xmlns="urn:jboss:domain:5.0">
|
||||
|
||||
<extensions>
|
||||
<?EXTENSIONS?>
|
||||
|
@ -27,7 +10,7 @@
|
|||
<security-realms>
|
||||
<security-realm name="ManagementRealm">
|
||||
<authentication>
|
||||
<local default-user="$local" skip-group-loading="true" />
|
||||
<local default-user="$local" skip-group-loading="true"/>
|
||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
||||
</authentication>
|
||||
<authorization map-groups-to-roles="false">
|
||||
|
@ -35,8 +18,13 @@
|
|||
</authorization>
|
||||
</security-realm>
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
|
||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
||||
</authentication>
|
||||
<authorization>
|
||||
|
@ -49,7 +37,7 @@
|
|||
<json-formatter name="json-formatter"/>
|
||||
</formatters>
|
||||
<handlers>
|
||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
||||
</handlers>
|
||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
||||
<handlers>
|
||||
|
@ -58,7 +46,8 @@
|
|||
</logger>
|
||||
</audit-log>
|
||||
<management-interfaces>
|
||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
||||
<http-interface security-realm="ManagementRealm">
|
||||
<http-upgrade enabled="true" />
|
||||
<socket-binding http="management-http"/>
|
||||
</http-interface>
|
||||
</management-interfaces>
|
||||
|
|
|
@ -104,13 +104,6 @@
|
|||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>wf11</id>
|
||||
<properties>
|
||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
||||
</properties>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>product</id>
|
||||
<activation>
|
||||
|
|
|
@ -189,13 +189,6 @@
|
|||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>wf11</id>
|
||||
<properties>
|
||||
<build-tools.version>${wildfly11.build-tools.version}</build-tools.version>
|
||||
</properties>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>product</id>
|
||||
<activation>
|
||||
|
|
4
pom.xml
4
pom.xml
|
@ -43,10 +43,8 @@
|
|||
|
||||
<!-- WildFly -->
|
||||
<jboss.as.version>7.2.0.Final</jboss.as.version>
|
||||
<wildfly.version>10.0.0.Final</wildfly.version>
|
||||
<wildfly.version>11.0.0.Alpha1</wildfly.version>
|
||||
<wildfly.build-tools.version>1.2.2.Final</wildfly.build-tools.version>
|
||||
<wildfly11.version>11.0.0.Alpha1</wildfly11.version> <!-- for testing with wf11 pre-releases -->
|
||||
<wildfly11.build-tools.version>1.2.2.Final</wildfly11.build-tools.version>
|
||||
<eap.version>7.1.0.Beta1-redhat-2</eap.version>
|
||||
<eap.build-tools.version>1.2.2.Final</eap.build-tools.version>
|
||||
<wildfly.core.version>2.0.10.Final</wildfly.core.version>
|
||||
|
|
Loading…
Reference in a new issue