Remove Server Config Migration tests from testsuite (#14334)
Closes #14303 Co-authored-by: wojnarfilip <fwojnar@redhat.com>
This commit is contained in:
parent
a58f0593a6
commit
cee69e1abc
42 changed files with 0 additions and 14507 deletions
|
@ -327,18 +327,6 @@ that you need to use property `migration.mode` with the value `manual` .
|
||||||
|
|
||||||
-Dmigration.mode=manual
|
-Dmigration.mode=manual
|
||||||
|
|
||||||
|
|
||||||
## Server configuration migration test
|
|
||||||
This will compare if Wildfly configuration files (standalone.xml, standalone-ha.xml, domain.xml)
|
|
||||||
are correctly migrated from previous version
|
|
||||||
|
|
||||||
mvn -f testsuite/integration-arquillian/tests/other/server-config-migration/pom.xml \
|
|
||||||
clean install \
|
|
||||||
-Dmigrated.version=1.9.8.Final-redhat-1
|
|
||||||
|
|
||||||
For the available versions, take a look at the directory [tests/other/server-config-migration/src/test/resources/standalone](tests/other/server-config-migration/src/test/resources/standalone)
|
|
||||||
|
|
||||||
|
|
||||||
## Old Admin Console UI tests
|
## Old Admin Console UI tests
|
||||||
The UI tests are real-life, UI focused integration tests. Hence they do not support the default HtmlUnit browser. Only the following real-life browsers are supported: Mozilla Firefox and Google Chrome. For details on how to run the tests with these browsers, please refer to [Different Browsers](#different-browsers) chapter.
|
The UI tests are real-life, UI focused integration tests. Hence they do not support the default HtmlUnit browser. Only the following real-life browsers are supported: Mozilla Firefox and Google Chrome. For details on how to run the tests with these browsers, please refer to [Different Browsers](#different-browsers) chapter.
|
||||||
|
|
||||||
|
|
|
@ -138,12 +138,6 @@
|
||||||
<module>jpa-performance</module>
|
<module>jpa-performance</module>
|
||||||
</modules>
|
</modules>
|
||||||
</profile>
|
</profile>
|
||||||
<profile>
|
|
||||||
<id>server-config-migration</id>
|
|
||||||
<modules>
|
|
||||||
<module>server-config-migration</module>
|
|
||||||
</modules>
|
|
||||||
</profile>
|
|
||||||
<profile>
|
<profile>
|
||||||
<id>sssd</id>
|
<id>sssd</id>
|
||||||
<modules>
|
<modules>
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
# Keycloak Server Config Migration Testsuite
|
|
||||||
|
|
||||||
## Test workflow
|
|
||||||
There are performed several steps before actual test is executed. The steps are divided into different maven lifecycle phases to make sure it goes in specified wanted order.
|
|
||||||
|
|
||||||
### `process-resources`
|
|
||||||
Unpack clean keycloak-server-dist
|
|
||||||
|
|
||||||
### `compile`
|
|
||||||
Copy standalone/domain resources to `${jbossHome}/standalone/configuration` and `${jbossHome}/domain/configuration`
|
|
||||||
|
|
||||||
### `process-classes`
|
|
||||||
`maven-exec-plugin` is used to read current master configs and saves the output to `${project.build.directory}/master-${config.name}.txt`
|
|
||||||
|
|
||||||
### `generate-test-sources`
|
|
||||||
Files `${jbossHome}/standalone/configuration/keycloak-server.json` and `${jbossHome}/domain/configuration/keycloak-server.json` are created.
|
|
||||||
|
|
||||||
Configuration files (`standalone.xml`, `standalone-ha.xml`, `domain.xml`, `host-master.xml`) are overwritten by those from previous version.
|
|
||||||
|
|
||||||
### `process-test-sources`
|
|
||||||
Migration scripts are applied using **offline mode**. Temporary data are removed.
|
|
||||||
|
|
||||||
### `generate-test-resources`
|
|
||||||
`wildfly-maven-plugin` is used to start and shutdown container with different configs. It is done to let subsystems to upgrade themselves during first run.
|
|
||||||
|
|
||||||
### `process-test-resources`
|
|
||||||
`maven-exec-plugin` is used to read migrated configs and saves the output to `${project.build.directory}/migrated-${config.name}.txt`
|
|
||||||
|
|
||||||
### `default-test`
|
|
||||||
`org.keycloak.test.config.migration.ConfigMigrationTest` is executed. It compares generated outputs from ${project.build.directory}
|
|
||||||
|
|
||||||
If config outputs don't equal to each other, **by default** the test will compare outputs more deeply to get more readable output. It fails on first found difference.
|
|
||||||
|
|
||||||
This can be overwritten by adding property: `-Dget.simple.full.comparison=true` to the test command. In that case it'll perform assert on the two config outputs.
|
|
||||||
|
|
||||||
## Properties
|
|
||||||
|
|
||||||
### maven
|
|
||||||
* jbossHome
|
|
||||||
* default: `${project.build.directory}/keycloak-${project.version}`
|
|
||||||
* specifies path to jbossHome dir
|
|
||||||
* migrated.version
|
|
||||||
* default: `1.8.1`
|
|
||||||
* specifies version it is migrated from
|
|
||||||
* master.version
|
|
||||||
* default: `${project.version}`
|
|
||||||
* specifies version it is migrated to
|
|
||||||
|
|
||||||
## How to run tests
|
|
||||||
|
|
||||||
note: `keycloak-server-dist` module has to be build first (`mvn install -f keycloak/pom.xml -Pdistribution`)
|
|
||||||
|
|
||||||
* `mvn clean install` tests migration from 1.8.1.Final to current master. It goes thru whole test workflow. Deep comparison is done.
|
|
||||||
* `mvn clean install -Dget.simple.full.comparison=true` does assert on outputs instead of deep comparison.
|
|
||||||
* `mvn clean process-test-sources -Dskip.rename.configs=true` applies migration scripts to current master. It can be used to make sure the current keycloak version doesn't break the scripts.
|
|
||||||
* `mvn clean install -Dskip.rename.configs=true` applies scripts to current master **and** verifies the scripts doesn't actually change anything.
|
|
|
@ -1,581 +0,0 @@
|
||||||
<?xml version="1.0"?>
|
|
||||||
<!--
|
|
||||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
||||||
~ and other contributors as indicated by the @author tags.
|
|
||||||
~
|
|
||||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
~ you may not use this file except in compliance with the License.
|
|
||||||
~ You may obtain a copy of the License at
|
|
||||||
~
|
|
||||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
~
|
|
||||||
~ Unless required by applicable law or agreed to in writing, software
|
|
||||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
~ See the License for the specific language governing permissions and
|
|
||||||
~ limitations under the License.
|
|
||||||
-->
|
|
||||||
|
|
||||||
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
|
|
||||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
|
||||||
|
|
||||||
<modelVersion>4.0.0</modelVersion>
|
|
||||||
|
|
||||||
<parent>
|
|
||||||
<groupId>org.keycloak.testsuite</groupId>
|
|
||||||
<artifactId>integration-arquillian-tests-other</artifactId>
|
|
||||||
<version>999-SNAPSHOT</version>
|
|
||||||
<relativePath>../pom.xml</relativePath>
|
|
||||||
</parent>
|
|
||||||
|
|
||||||
<groupId>org.keycloak.testsuite</groupId>
|
|
||||||
<artifactId>server-config-migration</artifactId>
|
|
||||||
|
|
||||||
<name>Keycloak Migration TestSuite For Server Config</name>
|
|
||||||
|
|
||||||
<properties>
|
|
||||||
<skip.add.user.json>true</skip.add.user.json>
|
|
||||||
<skip.copy.example.wars>true</skip.copy.example.wars>
|
|
||||||
<skip.rename.configs>false</skip.rename.configs>
|
|
||||||
<skip.remove.warnings>false</skip.remove.warnings>
|
|
||||||
|
|
||||||
<jbossHome>${project.build.directory}/keycloak-${project.version}</jbossHome>
|
|
||||||
<migrated.version>1.8.1</migrated.version>
|
|
||||||
<master.version>${project.version}</master.version>
|
|
||||||
|
|
||||||
<!-- example how to test 'product' config migration
|
|
||||||
<jbossHome>${project.build.directory}/rh-sso-7.1</jbossHome>
|
|
||||||
<migrated.version>1.9.8.Final-redhat-1</migrated.version>
|
|
||||||
<master.version>3.3.0.CR2-redhat-1</master.version>
|
|
||||||
-->
|
|
||||||
</properties>
|
|
||||||
|
|
||||||
<dependencies>
|
|
||||||
<dependency>
|
|
||||||
<groupId>junit</groupId>
|
|
||||||
<artifactId>junit</artifactId>
|
|
||||||
<scope>test</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.jboss</groupId>
|
|
||||||
<artifactId>jboss-dmr</artifactId>
|
|
||||||
<scope>test</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.keycloak</groupId>
|
|
||||||
<artifactId>keycloak-server-dist</artifactId>
|
|
||||||
<type>zip</type>
|
|
||||||
<scope>test</scope>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
|
||||||
|
|
||||||
<build>
|
|
||||||
<plugins>
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
|
||||||
<artifactId>maven-dependency-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>unpack-keycloak-server-dist</id>
|
|
||||||
<phase>process-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>unpack</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<artifactItems>
|
|
||||||
<artifactItem>
|
|
||||||
<groupId>org.keycloak</groupId>
|
|
||||||
<artifactId>keycloak-server-dist</artifactId>
|
|
||||||
<version>${master.version}</version>
|
|
||||||
<type>zip</type>
|
|
||||||
<overWrite>true</overWrite>
|
|
||||||
<outputDirectory>${project.build.directory}</outputDirectory>
|
|
||||||
</artifactItem>
|
|
||||||
</artifactItems>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
|
|
||||||
<plugin>
|
|
||||||
<artifactId>maven-resources-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>copy-standalone-resources</id>
|
|
||||||
<phase>compile</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>copy-resources</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<overwrite>true</overwrite>
|
|
||||||
<outputDirectory>${jbossHome}/standalone/configuration</outputDirectory>
|
|
||||||
<resources>
|
|
||||||
<resource>
|
|
||||||
<directory>src/test/resources/standalone</directory>
|
|
||||||
<filtering>false</filtering>
|
|
||||||
</resource>
|
|
||||||
</resources>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>copy-domain-resources</id>
|
|
||||||
<phase>compile</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>copy-resources</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<overwrite>true</overwrite>
|
|
||||||
<outputDirectory>${jbossHome}/domain/configuration</outputDirectory>
|
|
||||||
<resources>
|
|
||||||
<resource>
|
|
||||||
<directory>src/test/resources/domain</directory>
|
|
||||||
<filtering>false</filtering>
|
|
||||||
</resource>
|
|
||||||
</resources>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
|
|
||||||
<plugin>
|
|
||||||
<artifactId>maven-antrun-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>rename-migrated-resources</id>
|
|
||||||
<phase>generate-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>run</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<skip>${skip.rename.configs}</skip>
|
|
||||||
<target>
|
|
||||||
<echo>For migration from versions above 2.1.0 there is no keycloak-server.json supported.</echo>
|
|
||||||
<move file="${jbossHome}/standalone/configuration/keycloak-server-${migrated.version}.json"
|
|
||||||
tofile="${jbossHome}/standalone/configuration/keycloak-server.json"
|
|
||||||
verbose="true"
|
|
||||||
failonerror="false"/>
|
|
||||||
<move file="${jbossHome}/domain/configuration/keycloak-server-${migrated.version}.json"
|
|
||||||
tofile="${jbossHome}/domain/configuration/keycloak-server.json"
|
|
||||||
verbose="true"
|
|
||||||
failonerror="false"/>
|
|
||||||
<move file="${jbossHome}/standalone/configuration/standalone-${migrated.version}.xml"
|
|
||||||
tofile="${jbossHome}/standalone/configuration/standalone.xml"
|
|
||||||
verbose="true"/>
|
|
||||||
<move file="${jbossHome}/standalone/configuration/standalone-ha-${migrated.version}.xml"
|
|
||||||
tofile="${jbossHome}/standalone/configuration/standalone-ha.xml"
|
|
||||||
verbose="true"/>
|
|
||||||
<move file="${jbossHome}/domain/configuration/domain-${migrated.version}.xml"
|
|
||||||
tofile="${jbossHome}/domain/configuration/domain.xml"
|
|
||||||
verbose="true"/>
|
|
||||||
<move file="${jbossHome}/domain/configuration/host-master-${migrated.version}.xml"
|
|
||||||
tofile="${jbossHome}/domain/configuration/host-master.xml"
|
|
||||||
verbose="true"/>
|
|
||||||
</target>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<!-- KEYCLOAK-17156: Remove com.sun.net.ssl.internal.ssl.Provider.isFIPS() illegal reflective access warnings
|
|
||||||
possibly present in "master-standalone*.txt" and "migrated-standalone*.txt" files -->
|
|
||||||
<id>remove-illegal-reflective-access-warnings-from-txt-files</id>
|
|
||||||
<!-- Needs to be called after 'process-test-resources' phase, but before the 'test' phase itself! -->
|
|
||||||
<phase>process-test-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>run</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<skip>${skip.remove.warnings}</skip>
|
|
||||||
<target>
|
|
||||||
<copy todir="${project.build.directory}">
|
|
||||||
<fileset dir="${project.build.directory}">
|
|
||||||
<include name="**/master-standalone*.txt"/>
|
|
||||||
<include name="**/migrated-standalone*.txt"/>
|
|
||||||
</fileset>
|
|
||||||
<mapper type="glob" from="*" to="*.unfiltered"/>
|
|
||||||
</copy>
|
|
||||||
<move todir="${project.build.directory}" overwrite="true">
|
|
||||||
<fileset dir="${project.build.directory}">
|
|
||||||
<include name="**/*.unfiltered"/>
|
|
||||||
</fileset>
|
|
||||||
<filterchain>
|
|
||||||
<linecontains negate="true">
|
|
||||||
<contains value="WARNING:"/>
|
|
||||||
</linecontains>
|
|
||||||
</filterchain>
|
|
||||||
<mapper type="regexp" from="^(.*)\.unfiltered$" to="\1"/>
|
|
||||||
</move>
|
|
||||||
</target>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.codehaus.mojo</groupId>
|
|
||||||
<artifactId>exec-maven-plugin</artifactId>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-standalone</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-standalone.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-standalone.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-standalone-ha</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-standalone-ha.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-standalone-ha.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-domain-core-service</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-core-service.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-domain-core-service.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-domain-extension</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-extension.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-domain-extension.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-domain-interface</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-interface.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-domain-interface.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-domain-standalone</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-standalone.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-domain-standalone.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-master-domain-clustered</id>
|
|
||||||
<phase>process-classes</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-clustered.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/master-domain-clustered.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
|
|
||||||
<execution>
|
|
||||||
<id>migrate-standalone</id>
|
|
||||||
<phase>process-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=migrate-standalone.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>migrate-standalone-ha</id>
|
|
||||||
<phase>process-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=migrate-standalone-ha.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>migrate-domain-standalone</id>
|
|
||||||
<phase>process-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=migrate-domain-standalone.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>migrate-domain-clustered</id>
|
|
||||||
<phase>process-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=migrate-domain-clustered.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
|
|
||||||
<execution>
|
|
||||||
<id>remove-temp-data-standalone</id>
|
|
||||||
<phase>process-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>rm</executable>
|
|
||||||
<workingDirectory>${jbossHome}/standalone</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>-rf</argument>
|
|
||||||
<argument>data</argument>
|
|
||||||
<argument>log</argument>
|
|
||||||
<argument>tmp</argument>
|
|
||||||
</arguments>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>remove-temp-data-domain</id>
|
|
||||||
<phase>process-test-sources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>rm</executable>
|
|
||||||
<workingDirectory>${jbossHome}/domain</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>-rf</argument>
|
|
||||||
<argument>data/auto-start</argument>
|
|
||||||
<argument>data/kernel</argument>
|
|
||||||
<argument>log</argument>
|
|
||||||
<argument>servers</argument>
|
|
||||||
</arguments>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-standalone</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-standalone.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-standalone.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-standalone-ha</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-standalone-ha.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-standalone-ha.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-domain-core-service</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-core-service.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-domain-core-service.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-domain-extension</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-extension.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-domain-extension.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-domain-interface</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-interface.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-domain-interface.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-domain-standalone</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-standalone.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-domain-standalone.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>read-migrated-domain-clustered</id>
|
|
||||||
<phase>process-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>exec</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<executable>./jboss-cli.sh</executable>
|
|
||||||
<workingDirectory>${jbossHome}/bin</workingDirectory>
|
|
||||||
<arguments>
|
|
||||||
<argument>--file=${project.build.directory}/classes/cli/read-domain-clustered.cli</argument>
|
|
||||||
</arguments>
|
|
||||||
<outputFile>${project.build.directory}/migrated-domain-clustered.txt</outputFile>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.wildfly.plugins</groupId>
|
|
||||||
<artifactId>wildfly-maven-plugin</artifactId>
|
|
||||||
<configuration>
|
|
||||||
<jbossHome>${jbossHome}</jbossHome>
|
|
||||||
</configuration>
|
|
||||||
<executions>
|
|
||||||
<execution>
|
|
||||||
<id>start-stop-standalone</id>
|
|
||||||
<phase>generate-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>start</goal>
|
|
||||||
<goal>shutdown</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<serverConfig>standalone.xml</serverConfig>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>start-stop-standalone-ha</id>
|
|
||||||
<phase>generate-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>start</goal>
|
|
||||||
<goal>shutdown</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<serverConfig>standalone-ha.xml</serverConfig>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
<execution>
|
|
||||||
<id>start-stop-domain</id>
|
|
||||||
<phase>generate-test-resources</phase>
|
|
||||||
<goals>
|
|
||||||
<goal>start</goal>
|
|
||||||
<goal>shutdown</goal>
|
|
||||||
</goals>
|
|
||||||
<configuration>
|
|
||||||
<serverType>DOMAIN</serverType>
|
|
||||||
<domainConfig>domain.xml</domainConfig>
|
|
||||||
<server-args>
|
|
||||||
<server-arg>--host-config=host-master.xml</server-arg>
|
|
||||||
</server-args>
|
|
||||||
</configuration>
|
|
||||||
</execution>
|
|
||||||
</executions>
|
|
||||||
</plugin>
|
|
||||||
</plugins>
|
|
||||||
</build>
|
|
||||||
|
|
||||||
<profiles>
|
|
||||||
<profile>
|
|
||||||
<id>product</id>
|
|
||||||
<properties>
|
|
||||||
<jbossHome>${project.build.directory}/${product.name}-${product.filename.version}</jbossHome>
|
|
||||||
</properties>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
|
|
||||||
</project>
|
|
|
@ -1,3 +0,0 @@
|
||||||
embed-host-controller --domain-config=domain.xml
|
|
||||||
|
|
||||||
/profile=auth-server-clustered/subsystem=*/:read-resource(recursive=true)
|
|
|
@ -1,3 +0,0 @@
|
||||||
embed-host-controller --domain-config=domain.xml
|
|
||||||
|
|
||||||
/core-service=management/:read-resource(recursive=true)
|
|
|
@ -1,3 +0,0 @@
|
||||||
embed-host-controller --domain-config=domain.xml
|
|
||||||
|
|
||||||
/extension=*/:read-resource(recursive=true)
|
|
|
@ -1,3 +0,0 @@
|
||||||
embed-host-controller --domain-config=domain.xml
|
|
||||||
|
|
||||||
/interface=*/:read-resource(recursive=true)
|
|
|
@ -1,3 +0,0 @@
|
||||||
embed-host-controller --domain-config=domain.xml
|
|
||||||
|
|
||||||
/profile=auth-server-standalone/subsystem=*/:read-resource(recursive=true)
|
|
|
@ -1,4 +0,0 @@
|
||||||
embed-server --server-config=standalone-ha.xml
|
|
||||||
|
|
||||||
#/subsystem=*/:read-resource(recursive=true)
|
|
||||||
:read-resource(recursive=true)
|
|
|
@ -1,4 +0,0 @@
|
||||||
embed-server --server-config=standalone.xml
|
|
||||||
|
|
||||||
#/subsystem=*/:read-resource(recursive=true)
|
|
||||||
:read-resource(recursive=true)
|
|
|
@ -1,255 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2016 Red Hat Inc. and/or its affiliates and other contributors
|
|
||||||
* as indicated by the @author tags. All rights reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
||||||
* use this file except in compliance with the License. You may obtain a copy of
|
|
||||||
* the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
* License for the specific language governing permissions and limitations under
|
|
||||||
* the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.keycloak.test.config.migration;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.Comparator;
|
|
||||||
import java.util.Deque;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.LinkedList;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
import org.jboss.dmr.ModelNode;
|
|
||||||
import org.jboss.logging.Logger;
|
|
||||||
import org.junit.Assert;
|
|
||||||
import org.junit.Test;
|
|
||||||
|
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
|
||||||
import static org.hamcrest.Matchers.equalTo;
|
|
||||||
import static org.hamcrest.Matchers.is;
|
|
||||||
import static org.junit.Assert.assertEquals;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Compare outputs from jboss-cli read-resource operations. This compare the total
|
|
||||||
* configuration of all subsystems to make sure that the version in master
|
|
||||||
* matches the migrated version.
|
|
||||||
*
|
|
||||||
* @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
|
|
||||||
*/
|
|
||||||
public class ConfigMigrationTest {
|
|
||||||
|
|
||||||
private static final File TARGET_DIR = new File("./target");
|
|
||||||
private final Logger log = Logger.getLogger(ConfigMigrationTest.class);
|
|
||||||
private final Deque<String> nav = new LinkedList<>();
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testStandalone() throws IOException {
|
|
||||||
compareConfigs("master-standalone.txt", "migrated-standalone.txt");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testStandaloneHA() throws IOException {
|
|
||||||
compareConfigs("master-standalone-ha.txt", "migrated-standalone-ha.txt");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testDomain() throws IOException {
|
|
||||||
final Set<List<String>> ignoredPaths = new HashSet<>();
|
|
||||||
// KEYCLOAK-18505 Ignore some keys
|
|
||||||
ignoredPaths.add(getModelNode("root", "result", "[logging]", "result", "console-handler"));
|
|
||||||
|
|
||||||
compareConfigs("master-domain-standalone.txt", "migrated-domain-standalone.txt", ignoredPaths);
|
|
||||||
compareConfigs("master-domain-clustered.txt", "migrated-domain-clustered.txt", ignoredPaths);
|
|
||||||
compareConfigs("master-domain-core-service.txt", "migrated-domain-core-service.txt", ignoredPaths);
|
|
||||||
compareConfigs("master-domain-extension.txt", "migrated-domain-extension.txt", ignoredPaths);
|
|
||||||
// compareConfigs("master-domain-interface.txt", "migrated-domain-interface.txt");
|
|
||||||
}
|
|
||||||
|
|
||||||
private void compareConfigs(String masterConfig, String migratedConfig) throws IOException {
|
|
||||||
compareConfigs(masterConfig, migratedConfig, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
private void compareConfigs(String masterConfig, String migratedConfig, final Set<List<String>> ignoreMigrated) throws IOException {
|
|
||||||
File masterFile = new File(TARGET_DIR, masterConfig);
|
|
||||||
Assert.assertTrue(masterFile.exists());
|
|
||||||
File migratedFile = new File(TARGET_DIR, migratedConfig);
|
|
||||||
Assert.assertTrue(migratedFile.exists());
|
|
||||||
|
|
||||||
try (
|
|
||||||
FileInputStream masterStream = new FileInputStream(masterFile);
|
|
||||||
FileInputStream migratedStream = new FileInputStream(migratedFile);
|
|
||||||
) {
|
|
||||||
// Convert to ModelNode to test equality.
|
|
||||||
// A textual diff might have things out of order.
|
|
||||||
ModelNode master = ModelNode.fromStream(masterStream);
|
|
||||||
ModelNode migrated = ModelNode.fromStream(migratedStream);
|
|
||||||
|
|
||||||
if (master.equals(migrated)) {
|
|
||||||
// ok
|
|
||||||
} else {
|
|
||||||
if (Boolean.parseBoolean(System.getProperty("get.simple.full.comparison"))) {
|
|
||||||
assertThat(migrated, is(equalTo(master)));
|
|
||||||
}
|
|
||||||
compareConfigsDeeply("root", master, migrated, ignoreMigrated);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private List<String> getModelNode(String... paths) {
|
|
||||||
return Collections.unmodifiableList(Arrays.asList(paths));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Helper method for ignoring some keys in migrated files
|
|
||||||
*
|
|
||||||
* @param ignoredPaths Set of paths, which should be ignored
|
|
||||||
*/
|
|
||||||
private boolean shouldIgnoreKey(final Set<List<String>> ignoredPaths) {
|
|
||||||
if (ignoredPaths == null || ignoredPaths.isEmpty()) return false;
|
|
||||||
|
|
||||||
// Create new references for paths in order to ensure the original set will not be modified
|
|
||||||
Set<List<String>> available = ignoredPaths.stream()
|
|
||||||
.map(ArrayList::new)
|
|
||||||
.collect(Collectors.toSet());
|
|
||||||
|
|
||||||
for (String navPath : nav) {
|
|
||||||
Iterator<List<String>> it = available.iterator();
|
|
||||||
|
|
||||||
while (it.hasNext()) {
|
|
||||||
List<String> ignorePath = it.next();
|
|
||||||
String first = ignorePath.stream().findFirst().orElse(null);
|
|
||||||
|
|
||||||
if (navPath.equals(first)) {
|
|
||||||
ignorePath.remove(first);
|
|
||||||
|
|
||||||
if (ignorePath.isEmpty()) {
|
|
||||||
log.debugf("Ignoring navigation path '%s'", nav.toString());
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
it.remove();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void compareConfigsDeeply(String id, ModelNode master, ModelNode migrated, final Set<List<String>> ignoredPaths) {
|
|
||||||
nav.add(id);
|
|
||||||
|
|
||||||
if (shouldIgnoreKey(ignoredPaths)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
master.protect();
|
|
||||||
migrated.protect();
|
|
||||||
|
|
||||||
assertEquals(getMessage(), master.getType(), migrated.getType());
|
|
||||||
|
|
||||||
switch (master.getType()) {
|
|
||||||
case OBJECT:
|
|
||||||
//check nodes are equal
|
|
||||||
if (master.equals(migrated)) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
//check keys are equal
|
|
||||||
assertThat(getMessage(), migrated.keys(), is(equalTo(master.keys())));
|
|
||||||
|
|
||||||
for (String key : master.keys()) {
|
|
||||||
compareConfigsDeeply(key, master.get(key), migrated.get(key), ignoredPaths);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case LIST:
|
|
||||||
List<ModelNode> masterAsList = new ArrayList<>(master.asList());
|
|
||||||
List<ModelNode> migratedAsList = new ArrayList<>(migrated.asList());
|
|
||||||
|
|
||||||
if (masterAsList.equals(migratedAsList)) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
masterAsList.sort(nodeStringComparator);
|
|
||||||
migratedAsList.sort(nodeStringComparator);
|
|
||||||
|
|
||||||
if (masterAsList.toString().contains("subsystem")) {
|
|
||||||
assertEquals("Subsystem names are not equal.",
|
|
||||||
getSubsystemNames(masterAsList).toString(),
|
|
||||||
getSubsystemNames(migratedAsList).toString());
|
|
||||||
}
|
|
||||||
|
|
||||||
//remove equaled nodes and keep just different ones
|
|
||||||
List<ModelNode> diffNodesInMaster = new ArrayList<>(masterAsList);
|
|
||||||
diffNodesInMaster.removeAll(migratedAsList);
|
|
||||||
for (ModelNode diffNodeInMaster : diffNodesInMaster) {
|
|
||||||
String navigation = diffNodeInMaster.getType().toString();
|
|
||||||
if (diffNodeInMaster.toString().contains("subsystem")) {
|
|
||||||
navigation = getSubsystemNames(Arrays.asList(diffNodeInMaster)).toString();
|
|
||||||
}
|
|
||||||
compareConfigsDeeply(navigation,
|
|
||||||
diffNodeInMaster,
|
|
||||||
migratedAsList.get(masterAsList.indexOf(diffNodeInMaster)),
|
|
||||||
ignoredPaths);
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case BOOLEAN:
|
|
||||||
assertEquals(getMessage(), master.asBoolean(), migrated.asBoolean());
|
|
||||||
break;
|
|
||||||
case STRING:
|
|
||||||
assertEquals(getMessage(), master.asString(), migrated.asString());
|
|
||||||
break;
|
|
||||||
case UNDEFINED:
|
|
||||||
//nothing to test
|
|
||||||
break;
|
|
||||||
case LONG:
|
|
||||||
assertEquals(getMessage(), master.asLong(), migrated.asLong());
|
|
||||||
break;
|
|
||||||
case EXPRESSION:
|
|
||||||
assertEquals(getMessage(), master.asExpression(), migrated.asExpression());
|
|
||||||
break;
|
|
||||||
case INT:
|
|
||||||
assertEquals(getMessage(), master.asInt(), migrated.asInt());
|
|
||||||
break;
|
|
||||||
case DOUBLE:
|
|
||||||
assertEquals(getMessage(), master.asDouble(), migrated.asDouble(), new Double("0.0"));
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
assertThat(getMessage(), migrated, is(equalTo(master)));
|
|
||||||
throw new UnsupportedOperationException(getMessage() + ". There is missing case " + master.getType().name());
|
|
||||||
}
|
|
||||||
nav.pollLast();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final Comparator<ModelNode> nodeStringComparator = (n1, n2) -> {
|
|
||||||
//ascending order
|
|
||||||
return n1.toString().compareTo(n2.toString());
|
|
||||||
};
|
|
||||||
|
|
||||||
private String getMessage() {
|
|
||||||
return "* navigation -> " + nav.toString() + " * ";
|
|
||||||
}
|
|
||||||
|
|
||||||
private List<String> getSubsystemNames(List<ModelNode> modelNodes) {
|
|
||||||
int index;
|
|
||||||
if (modelNodes.toString().contains("profile")) {
|
|
||||||
index = 9; //domain
|
|
||||||
} else {
|
|
||||||
index = 5; //standalone
|
|
||||||
}
|
|
||||||
return modelNodes
|
|
||||||
.stream()
|
|
||||||
.map(ModelNode::toString)
|
|
||||||
.map(s -> s.split("\"")[index])
|
|
||||||
.collect(Collectors.toList());
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,733 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<domain xmlns="urn:jboss:domain:4.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<system-properties>
|
|
||||||
<!-- IPv4 is not required, but setting this helps avoid unintended use of IPv6 -->
|
|
||||||
<property name="java.net.preferIPv4Stack" value="true"/>
|
|
||||||
</system-properties>
|
|
||||||
<management>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profiles>
|
|
||||||
<profile name="auth-server-standalone">
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<local-cache name="realms"/>
|
|
||||||
<local-cache name="users"/>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="immutable-entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<!--<remoting-connector use-management-endpoint="false"/>-->
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<profile name="auth-server-clustered">
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/../../shared-database/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="realms" mode="SYNC"/>
|
|
||||||
<invalidation-cache name="users" mode="SYNC"/>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default" mode="SYNC">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="entity" mode="SYNC">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="timestamps" mode="ASYNC"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
|
|
||||||
<protocol type="FD"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<!--<remoting-connector use-management-endpoint="false"/>-->
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:2.0">
|
|
||||||
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</mod-cluster-config>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
<!--
|
|
||||||
~
|
|
||||||
~ Named interfaces that can be referenced elsewhere in the configuration. The configuration
|
|
||||||
~ for how to associate these logical names with an actual network interface can either
|
|
||||||
~ be specified here or can be declared on a per-host basis in the equivalent element in host.xml.
|
|
||||||
~
|
|
||||||
~ These default configurations require the binding specification to be done in host.xml.
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management"/>
|
|
||||||
<interface name="public"/>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-groups>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public">
|
|
||||||
<!-- Needed for server groups using the 'default' profile -->
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
<socket-binding-group name="ha-sockets" default-interface="public">
|
|
||||||
<!-- Needed for server groups using the 'ha' profile -->
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
|
|
||||||
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</socket-binding-groups>
|
|
||||||
<server-groups>
|
|
||||||
<server-group name="main-server-group" profile="auth-server-standalone">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="standard-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
<server-group name="other-server-group" profile="auth-server-clustered">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="ha-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
</server-groups>
|
|
||||||
</domain>
|
|
|
@ -1,896 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<domain xmlns="urn:jboss:domain:4.1">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<system-properties>
|
|
||||||
<!-- IPv4 is not required, but setting this helps avoid unintended use of IPv6 -->
|
|
||||||
<property name="java.net.preferIPv4Stack" value="true"/>
|
|
||||||
</system-properties>
|
|
||||||
<management>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profiles>
|
|
||||||
<!-- Non clustered authentication server profile -->
|
|
||||||
<profile name="auth-server-standalone">
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<local-cache name="realms"/>
|
|
||||||
<local-cache name="users">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
<local-cache name="work"/>
|
|
||||||
<local-cache name="realmVersions">
|
|
||||||
<transaction mode="BATCH" locking="PESSIMISTIC"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="immutable-entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<!--<remoting-connector use-management-endpoint="false"/>-->
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<!--
|
|
||||||
~
|
|
||||||
~ Clustering authentication server setup.
|
|
||||||
~
|
|
||||||
~ You must configure a remote shared external database like PostgreSQL or MySql if you want this to be
|
|
||||||
~ able to work on multiple machines.
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<profile name="auth-server-clustered">
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/../../shared-database/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="realms" mode="SYNC"/>
|
|
||||||
<invalidation-cache name="users" mode="SYNC">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
|
||||||
<replicated-cache name="work" mode="SYNC"/>
|
|
||||||
<local-cache name="realmVersions">
|
|
||||||
<transaction mode="BATCH" locking="PESSIMISTIC"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default" mode="SYNC">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="entity" mode="SYNC">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="timestamps" mode="ASYNC"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
|
|
||||||
<protocol type="FD"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<!--<remoting-connector use-management-endpoint="false"/>-->
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:2.0">
|
|
||||||
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</mod-cluster-config>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<!--
|
|
||||||
~
|
|
||||||
~ This is a profile for the built-in Underto Loadbalancer
|
|
||||||
~ It should be removed in production systems and replaced with a better software or hardware based one
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<profile name="load-balancer">
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<!--<remoting-connector use-management-endpoint="false"/>-->
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="lb-handler"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<reverse-proxy name="lb-handler">
|
|
||||||
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
|
|
||||||
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
|
|
||||||
</reverse-proxy>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</profiles>
|
|
||||||
<!--
|
|
||||||
~
|
|
||||||
~ Named interfaces that can be referenced elsewhere in the configuration. The configuration
|
|
||||||
~ for how to associate these logical names with an actual network interface can either
|
|
||||||
~ be specified here or can be declared on a per-host basis in the equivalent element in host.xml.
|
|
||||||
~
|
|
||||||
~ These default configurations require the binding specification to be done in host.xml.
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-groups>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public">
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
<socket-binding-group name="ha-sockets" default-interface="public">
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
|
|
||||||
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
<!-- load-balancer-sockets should be removed in production systems and replaced with a better software or hardware based one -->
|
|
||||||
<socket-binding-group name="load-balancer-sockets" default-interface="public">
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<outbound-socket-binding name="remote-host1">
|
|
||||||
<remote-destination host="localhost" port="8159"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
<outbound-socket-binding name="remote-host2">
|
|
||||||
<remote-destination host="localhost" port="8259"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</socket-binding-groups>
|
|
||||||
<server-groups>
|
|
||||||
<!-- load-balancer-group should be removed in production systems and replaced with a better software or hardware based one -->
|
|
||||||
<server-group name="load-balancer-group" profile="load-balancer">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="load-balancer-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
<server-group name="auth-server-group" profile="auth-server-clustered">
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="512m"/>
|
|
||||||
</jvm>
|
|
||||||
<socket-binding-group ref="ha-sockets"/>
|
|
||||||
</server-group>
|
|
||||||
</server-groups>
|
|
||||||
</domain>
|
|
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -1,79 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:4.0" name="master">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,82 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:4.1" name="master">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,102 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:4.1" name="master">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
<servers>
|
|
||||||
<!-- load-balancer should be removed in production systems and replaced with a better software or hardware based one -->
|
|
||||||
<server name="load-balancer" group="load-balancer-group"/>
|
|
||||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
|
||||||
<!--
|
|
||||||
~ Remote JPDA debugging for a specific server
|
|
||||||
~ <jvm name="default">
|
|
||||||
~ <jvm-options>
|
|
||||||
~ <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
|
||||||
~ </jvm-options>
|
|
||||||
~ </jvm>
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<!--
|
|
||||||
~ server-two avoids port conflicts by incrementing the ports in
|
|
||||||
~ the default socket-group declared in the server-group
|
|
||||||
-->
|
|
||||||
<socket-bindings port-offset="150"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,185 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:5.0" name="master">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
<option value="-XX:MetaspaceSize=96m"/>
|
|
||||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
<servers>
|
|
||||||
<!-- load-balancer should be removed in production systems and replaced with a better software or hardware based one -->
|
|
||||||
<server name="load-balancer" group="load-balancer-group"/>
|
|
||||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
|
||||||
<!--
|
|
||||||
~ Remote JPDA debugging for a specific server
|
|
||||||
~ <jvm name="default">
|
|
||||||
~ <jvm-options>
|
|
||||||
~ <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
|
||||||
~ </jvm-options>
|
|
||||||
~ </jvm>
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<!--
|
|
||||||
~ server-two avoids port conflicts by incrementing the ports in
|
|
||||||
~ the default socket-group declared in the server-group
|
|
||||||
-->
|
|
||||||
<socket-bindings port-offset="150"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.domain.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="BASIC">
|
|
||||||
<mechanism-realm realm-name="Management Realm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,193 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:8.0" name="master">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
<option value="-XX:MetaspaceSize=96m"/>
|
|
||||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
<servers>
|
|
||||||
<!-- load-balancer should be removed in production systems and replaced with a better software or hardware based one -->
|
|
||||||
<server name="load-balancer" group="load-balancer-group"/>
|
|
||||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
|
||||||
<!--
|
|
||||||
~ Remote JPDA debugging for a specific server
|
|
||||||
~ <jvm name="default">
|
|
||||||
~ <jvm-options>
|
|
||||||
~ <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
|
||||||
~ </jvm-options>
|
|
||||||
~ </jvm>
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<!--
|
|
||||||
~ server-two avoids port conflicts by incrementing the ports in
|
|
||||||
~ the default socket-group declared in the server-group
|
|
||||||
-->
|
|
||||||
<socket-bindings port-offset="150"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:4.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.domain.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission-set name="login-permission"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<permission-sets>
|
|
||||||
<permission-set name="login-permission">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-set>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-sets>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="BASIC">
|
|
||||||
<mechanism-realm realm-name="Management Realm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,193 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<host xmlns="urn:jboss:domain:10.0" name="master">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
|
|
||||||
<file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="host-file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
<server-logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="server-file"/>
|
|
||||||
</handlers>
|
|
||||||
</server-logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<native-interface security-realm="ManagementRealm">
|
|
||||||
<socket interface="management" port="${jboss.management.native.port:9999}"/>
|
|
||||||
</native-interface>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
</management>
|
|
||||||
<domain-controller>
|
|
||||||
<local/>
|
|
||||||
</domain-controller>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<jvms>
|
|
||||||
<jvm name="default">
|
|
||||||
<heap size="64m" max-size="256m"/>
|
|
||||||
<jvm-options>
|
|
||||||
<option value="-server"/>
|
|
||||||
<option value="-XX:MetaspaceSize=96m"/>
|
|
||||||
<option value="-XX:MaxMetaspaceSize=256m"/>
|
|
||||||
</jvm-options>
|
|
||||||
</jvm>
|
|
||||||
</jvms>
|
|
||||||
<servers>
|
|
||||||
<!-- load-balancer should be removed in production systems and replaced with a better software or hardware based one -->
|
|
||||||
<server name="load-balancer" group="load-balancer-group"/>
|
|
||||||
<server name="server-one" group="auth-server-group" auto-start="true">
|
|
||||||
<!--
|
|
||||||
~ Remote JPDA debugging for a specific server
|
|
||||||
~ <jvm name="default">
|
|
||||||
~ <jvm-options>
|
|
||||||
~ <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
|
|
||||||
~ </jvm-options>
|
|
||||||
~ </jvm>
|
|
||||||
~
|
|
||||||
-->
|
|
||||||
<!--
|
|
||||||
~ server-two avoids port conflicts by incrementing the ports in
|
|
||||||
~ the default socket-group declared in the server-group
|
|
||||||
-->
|
|
||||||
<socket-bindings port-offset="150"/>
|
|
||||||
</server>
|
|
||||||
</servers>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.domain.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission-set name="login-permission"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<permission-sets>
|
|
||||||
<permission-set name="login-permission">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-set>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-sets>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="BASIC">
|
|
||||||
<mechanism-realm realm-name="Management Realm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
</host>
|
|
|
@ -1,63 +0,0 @@
|
||||||
{
|
|
||||||
"providers": [
|
|
||||||
"classpath:${jboss.server.config.dir}/providers/*"
|
|
||||||
],
|
|
||||||
|
|
||||||
"admin": {
|
|
||||||
"realm": "master"
|
|
||||||
},
|
|
||||||
|
|
||||||
"eventsStore": {
|
|
||||||
"provider": "jpa",
|
|
||||||
"jpa": {
|
|
||||||
"exclude-events": [ "REFRESH_TOKEN" ]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"realm": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"user": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"userSessionPersister": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"timer": {
|
|
||||||
"provider": "basic"
|
|
||||||
},
|
|
||||||
|
|
||||||
"theme": {
|
|
||||||
"default": "keycloak",
|
|
||||||
"staticMaxAge": 2592000,
|
|
||||||
"cacheTemplates": true,
|
|
||||||
"cacheThemes": true,
|
|
||||||
"folder": {
|
|
||||||
"dir": "${jboss.server.config.dir}/themes"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"scheduled": {
|
|
||||||
"interval": 900
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsHttpClient": {
|
|
||||||
"default": {}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsJpa": {
|
|
||||||
"default": {
|
|
||||||
"dataSource": "java:jboss/datasources/KeycloakDS",
|
|
||||||
"databaseSchema": "update"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsInfinispan": {
|
|
||||||
"default" : {
|
|
||||||
"cacheContainer" : "java:comp/env/infinispan/Keycloak"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,75 +0,0 @@
|
||||||
{
|
|
||||||
"admin": {
|
|
||||||
"realm": "master"
|
|
||||||
},
|
|
||||||
|
|
||||||
"eventsStore": {
|
|
||||||
"provider": "jpa",
|
|
||||||
"jpa": {
|
|
||||||
"exclude-events": [ "REFRESH_TOKEN" ]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"realm": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"user": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"userCache": {
|
|
||||||
"default" : {
|
|
||||||
"enabled": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"userSessionPersister": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"authorizationPersister": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"timer": {
|
|
||||||
"provider": "basic"
|
|
||||||
},
|
|
||||||
|
|
||||||
"theme": {
|
|
||||||
"staticMaxAge": 2592000,
|
|
||||||
"cacheTemplates": true,
|
|
||||||
"cacheThemes": true,
|
|
||||||
"folder": {
|
|
||||||
"dir": "${jboss.home.dir}/themes"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"scheduled": {
|
|
||||||
"interval": 900
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsHttpClient": {
|
|
||||||
"default": {}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsJpa": {
|
|
||||||
"default": {
|
|
||||||
"dataSource": "java:jboss/datasources/KeycloakDS",
|
|
||||||
"databaseSchema": "update"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"realmCache": {
|
|
||||||
"default" : {
|
|
||||||
"enabled": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsInfinispan": {
|
|
||||||
"provider": "default",
|
|
||||||
"default": {
|
|
||||||
"cacheContainer" : "java:comp/env/infinispan/Keycloak"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,63 +0,0 @@
|
||||||
{
|
|
||||||
"providers": [
|
|
||||||
"classpath:${jboss.server.config.dir}/providers/*"
|
|
||||||
],
|
|
||||||
|
|
||||||
"admin": {
|
|
||||||
"realm": "master"
|
|
||||||
},
|
|
||||||
|
|
||||||
"eventsStore": {
|
|
||||||
"provider": "jpa",
|
|
||||||
"jpa": {
|
|
||||||
"exclude-events": [ "REFRESH_TOKEN" ]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"realm": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"user": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"userSessionPersister": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"timer": {
|
|
||||||
"provider": "basic"
|
|
||||||
},
|
|
||||||
|
|
||||||
"theme": {
|
|
||||||
"default": "keycloak",
|
|
||||||
"staticMaxAge": 2592000,
|
|
||||||
"cacheTemplates": true,
|
|
||||||
"cacheThemes": true,
|
|
||||||
"folder": {
|
|
||||||
"dir": "${jboss.server.config.dir}/themes"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"scheduled": {
|
|
||||||
"interval": 900
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsHttpClient": {
|
|
||||||
"default": {}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsJpa": {
|
|
||||||
"default": {
|
|
||||||
"dataSource": "java:jboss/datasources/KeycloakDS",
|
|
||||||
"databaseSchema": "update"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsInfinispan": {
|
|
||||||
"default" : {
|
|
||||||
"cacheContainer" : "java:comp/env/infinispan/Keycloak"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,75 +0,0 @@
|
||||||
{
|
|
||||||
"admin": {
|
|
||||||
"realm": "master"
|
|
||||||
},
|
|
||||||
|
|
||||||
"eventsStore": {
|
|
||||||
"provider": "jpa",
|
|
||||||
"jpa": {
|
|
||||||
"exclude-events": [ "REFRESH_TOKEN" ]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"realm": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"user": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"userCache": {
|
|
||||||
"default" : {
|
|
||||||
"enabled": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"userSessionPersister": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"authorizationPersister": {
|
|
||||||
"provider": "jpa"
|
|
||||||
},
|
|
||||||
|
|
||||||
"timer": {
|
|
||||||
"provider": "basic"
|
|
||||||
},
|
|
||||||
|
|
||||||
"theme": {
|
|
||||||
"staticMaxAge": 2592000,
|
|
||||||
"cacheTemplates": true,
|
|
||||||
"cacheThemes": true,
|
|
||||||
"folder": {
|
|
||||||
"dir": "${jboss.home.dir}/themes"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"scheduled": {
|
|
||||||
"interval": 900
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsHttpClient": {
|
|
||||||
"default": {}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsJpa": {
|
|
||||||
"default": {
|
|
||||||
"dataSource": "java:jboss/datasources/KeycloakDS",
|
|
||||||
"databaseSchema": "update"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"realmCache": {
|
|
||||||
"default" : {
|
|
||||||
"enabled": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
"connectionsInfinispan": {
|
|
||||||
"provider": "default",
|
|
||||||
"default": {
|
|
||||||
"cacheContainer" : "java:comp/env/infinispan/Keycloak"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,392 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<local-cache name="realms"/>
|
|
||||||
<local-cache name="users"/>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="immutable-entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,398 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.1">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<local-cache name="realms"/>
|
|
||||||
<local-cache name="users">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
<local-cache name="work"/>
|
|
||||||
<local-cache name="realmVersions">
|
|
||||||
<transaction mode="BATCH" locking="PESSIMISTIC"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="immutable-entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,479 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.1">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<local-cache name="realms">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
<local-cache name="work"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<eviction max-entries="100" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<eviction max-entries="1000" strategy="LRU"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="persistent">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="false" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realm">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="user">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userFederatedStorage">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="authorizationPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,573 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:5.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
|
||||||
<channel-creation-options>
|
|
||||||
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
|
|
||||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
|
||||||
</channel-creation-options>
|
|
||||||
</remote>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:2.0">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<local-cache name="realms">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="authenticationSessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="clientSessions"/>
|
|
||||||
<local-cache name="offlineClientSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
<local-cache name="work"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<eviction max-entries="1000" strategy="LRU"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="actionTokens">
|
|
||||||
<eviction max-entries="-1" strategy="NONE"/>
|
|
||||||
<expiration max-idle="-1" interval="300000"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" module="org.hibernate.infinispan">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local"/>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ApplicationRealm">
|
|
||||||
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
||||||
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="DIGEST">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="BASIC">
|
|
||||||
<mechanism-realm realm-name="Application Realm"/>
|
|
||||||
</mechanism>
|
|
||||||
<mechanism mechanism-name="FORM"/>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:4.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
||||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<http-invoker security-realm="ApplicationRealm"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="x509cert-lookup">
|
|
||||||
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,582 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:8.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:6.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
|
||||||
<channel-creation-options>
|
|
||||||
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
|
|
||||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
|
||||||
</channel-creation-options>
|
|
||||||
</remote>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:7.0">
|
|
||||||
<cache-container name="keycloak">
|
|
||||||
<local-cache name="realms">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="authenticationSessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="clientSessions"/>
|
|
||||||
<local-cache name="offlineClientSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
<local-cache name="work"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<object-memory size="1000"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="actionTokens">
|
|
||||||
<object-memory size="-1"/>
|
|
||||||
<expiration max-idle="-1" interval="300000"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:4.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local"/>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ApplicationRealm">
|
|
||||||
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
||||||
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission-set name="login-permission"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<permission-sets>
|
|
||||||
<permission-set name="login-permission">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-set>
|
|
||||||
<permission-set name="default-permissions">
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-set>
|
|
||||||
</permission-sets>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="DIGEST">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
|
||||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
||||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<http-invoker security-realm="ApplicationRealm"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="x509cert-lookup">
|
|
||||||
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="hostname">
|
|
||||||
<default-provider>request</default-provider>
|
|
||||||
<provider name="fixed" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="hostname" value="localhost"/>
|
|
||||||
<property name="httpPort" value="-1"/>
|
|
||||||
<property name="httpsPort" value="-1"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,599 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:10.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.jboss.as.weld"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<!-- Simulating manual migration step from KEYCLOAK-17995 issue -->
|
|
||||||
<!-- <extension module="org.wildfly.extension.microprofile.config-smallrye"/>-->
|
|
||||||
<!-- <extension module="org.wildfly.extension.microprofile.health-smallrye"/>-->
|
|
||||||
<!-- <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>-->
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:8.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="io.jaegertracing.Configuration">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
|
||||||
<channel-creation-options>
|
|
||||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
|
||||||
</channel-creation-options>
|
|
||||||
</remote>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="60" unit="seconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
|
|
||||||
<cache-container name="keycloak">
|
|
||||||
<local-cache name="realms">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sessions"/>
|
|
||||||
<local-cache name="authenticationSessions"/>
|
|
||||||
<local-cache name="offlineSessions"/>
|
|
||||||
<local-cache name="clientSessions"/>
|
|
||||||
<local-cache name="offlineClientSessions"/>
|
|
||||||
<local-cache name="loginFailures"/>
|
|
||||||
<local-cache name="work"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<object-memory size="1000"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="actionTokens">
|
|
||||||
<object-memory size="-1"/>
|
|
||||||
<expiration max-idle="-1" interval="300000"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<local-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="sso">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="routing"/>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<local-cache name="passivation">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store passivation="true" purge="false"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
|
||||||
<local-cache name="entity">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local"/>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ApplicationRealm">
|
|
||||||
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
||||||
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission-set name="login-permission"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<permission-sets>
|
|
||||||
<permission-set name="login-permission">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-set>
|
|
||||||
<permission-set name="default-permissions">
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-set>
|
|
||||||
</permission-sets>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="DIGEST">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
|
||||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
|
||||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
|
||||||
<!-- Simulating manual migration step from KEYCLOAK-17995 issue -->
|
|
||||||
<!-- <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>-->
|
|
||||||
<!-- <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>-->
|
|
||||||
<!-- <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>-->
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
||||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<http-invoker security-realm="ApplicationRealm"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="x509cert-lookup">
|
|
||||||
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="hostname">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
|
|
||||||
<property name="forceBackendUrlToFrontendUrl" value="false"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,438 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="realms" mode="SYNC"/>
|
|
||||||
<invalidation-cache name="users" mode="SYNC"/>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default" mode="SYNC">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="entity" mode="SYNC">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="timestamps" mode="ASYNC"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
|
|
||||||
<protocol type="FD"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:2.0">
|
|
||||||
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</mod-cluster-config>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
|
|
||||||
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,444 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.1">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="realms" mode="SYNC"/>
|
|
||||||
<invalidation-cache name="users" mode="SYNC">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
|
||||||
<replicated-cache name="work" mode="SYNC"/>
|
|
||||||
<local-cache name="realmVersions">
|
|
||||||
<transaction mode="BATCH" locking="PESSIMISTIC"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default" mode="SYNC">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<invalidation-cache name="entity" mode="SYNC">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="timestamps" mode="ASYNC"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
|
|
||||||
<protocol type="FD"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:2.0">
|
|
||||||
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</mod-cluster-config>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
|
|
||||||
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,527 +0,0 @@
|
||||||
<?xml version="1.0" ?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:4.1">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jdr"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.jsf"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:4.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:1.1">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="realms">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="authorization" mode="SYNC" owners="1"/>
|
|
||||||
<replicated-cache name="work" mode="SYNC"/>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<eviction max-entries="1000" strategy="LRU"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default" mode="SYNC">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<invalidation-cache name="entity" mode="SYNC">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<replicated-cache name="timestamps" mode="ASYNC"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:4.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
|
|
||||||
<protocol type="FD"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:2.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:2.0">
|
|
||||||
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</mod-cluster-config>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:3.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<filter-ref name="server-header"/>
|
|
||||||
<filter-ref name="x-powered-by-header"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
<filters>
|
|
||||||
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
|
|
||||||
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
|
|
||||||
</filters>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realm">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="user">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userFederatedStorage">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="authorizationPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
|
|
||||||
<socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,631 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:5.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:3.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
|
||||||
<channel-creation-options>
|
|
||||||
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
|
|
||||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
|
||||||
</channel-creation-options>
|
|
||||||
</remote>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:2.0">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
|
|
||||||
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="realms">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="authenticationSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="clientSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="offlineClientSessions" mode="SYNC" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<eviction max-entries="10000" strategy="LRU"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="work" mode="SYNC"/>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<eviction max-entries="1000" strategy="LRU"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="actionTokens" mode="SYNC" owners="2">
|
|
||||||
<eviction max-entries="-1" strategy="NONE"/>
|
|
||||||
<expiration max-idle="-1" interval="300000"/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<invalidation-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<eviction strategy="LRU" max-entries="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<replicated-cache name="timestamps" mode="ASYNC"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:5.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp" cluster="ejb"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<socket-protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG2"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:3.0">
|
|
||||||
<mod-cluster-config advertise-socket="modcluster" connector="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</mod-cluster-config>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
|
||||||
<endpoint/>
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local"/>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ApplicationRealm">
|
|
||||||
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
||||||
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="DIGEST">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="BASIC">
|
|
||||||
<mechanism-realm realm-name="Application Realm"/>
|
|
||||||
</mechanism>
|
|
||||||
<mechanism mechanism-name="FORM"/>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:4.0">
|
|
||||||
<core-environment>
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
||||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<http-invoker security-realm="ApplicationRealm"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="x509cert-lookup">
|
|
||||||
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="modcluster" port="0" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,640 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:8.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:6.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:5.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
|
||||||
<channel-creation-options>
|
|
||||||
<option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/>
|
|
||||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
|
||||||
</channel-creation-options>
|
|
||||||
</remote>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="100" unit="milliseconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:7.0">
|
|
||||||
<cache-container name="keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="realms">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="sessions" owners="1"/>
|
|
||||||
<distributed-cache name="authenticationSessions" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" owners="1"/>
|
|
||||||
<distributed-cache name="clientSessions" owners="1"/>
|
|
||||||
<distributed-cache name="offlineClientSessions" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" owners="1"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="work"/>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<object-memory size="1000"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="actionTokens" owners="2">
|
|
||||||
<object-memory size="-1"/>
|
|
||||||
<expiration max-idle="-1" interval="300000"/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<invalidation-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<replicated-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:6.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp" cluster="ejb"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG3"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<socket-protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<protocol type="FD_SOCK"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG3"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
|
|
||||||
<proxy name="default" advertise-socket="modcluster" listener="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</proxy>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:4.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local"/>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ApplicationRealm">
|
|
||||||
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
||||||
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission-set name="login-permission"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<permission-sets>
|
|
||||||
<permission-set name="login-permission">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-set>
|
|
||||||
<permission-set name="default-permissions">
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-set>
|
|
||||||
</permission-sets>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="DIGEST">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
|
||||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:7.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
||||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<http-invoker security-realm="ApplicationRealm"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="x509cert-lookup">
|
|
||||||
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="hostname">
|
|
||||||
<default-provider>request</default-provider>
|
|
||||||
<provider name="fixed" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="hostname" value="localhost"/>
|
|
||||||
<property name="httpPort" value="-1"/>
|
|
||||||
<property name="httpsPort" value="-1"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -1,660 +0,0 @@
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<server xmlns="urn:jboss:domain:10.0">
|
|
||||||
<extensions>
|
|
||||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
|
||||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
|
||||||
<extension module="org.jboss.as.connector"/>
|
|
||||||
<extension module="org.jboss.as.deployment-scanner"/>
|
|
||||||
<extension module="org.jboss.as.ee"/>
|
|
||||||
<extension module="org.jboss.as.ejb3"/>
|
|
||||||
<extension module="org.jboss.as.jaxrs"/>
|
|
||||||
<extension module="org.jboss.as.jmx"/>
|
|
||||||
<extension module="org.jboss.as.jpa"/>
|
|
||||||
<extension module="org.jboss.as.logging"/>
|
|
||||||
<extension module="org.jboss.as.mail"/>
|
|
||||||
<extension module="org.jboss.as.modcluster"/>
|
|
||||||
<extension module="org.jboss.as.naming"/>
|
|
||||||
<extension module="org.jboss.as.remoting"/>
|
|
||||||
<extension module="org.jboss.as.security"/>
|
|
||||||
<extension module="org.jboss.as.transactions"/>
|
|
||||||
<extension module="org.jboss.as.weld"/>
|
|
||||||
<extension module="org.keycloak.keycloak-server-subsystem"/>
|
|
||||||
<extension module="org.wildfly.extension.bean-validation"/>
|
|
||||||
<extension module="org.wildfly.extension.core-management"/>
|
|
||||||
<extension module="org.wildfly.extension.elytron"/>
|
|
||||||
<extension module="org.wildfly.extension.io"/>
|
|
||||||
<!-- Simulating manual migration step from KEYCLOAK-17995 issue -->
|
|
||||||
<!-- <extension module="org.wildfly.extension.microprofile.config-smallrye"/>-->
|
|
||||||
<!-- <extension module="org.wildfly.extension.microprofile.health-smallrye"/>-->
|
|
||||||
<!-- <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>-->
|
|
||||||
<extension module="org.wildfly.extension.request-controller"/>
|
|
||||||
<extension module="org.wildfly.extension.security.manager"/>
|
|
||||||
<extension module="org.wildfly.extension.undertow"/>
|
|
||||||
</extensions>
|
|
||||||
<management>
|
|
||||||
<security-realms>
|
|
||||||
<security-realm name="ManagementRealm">
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" skip-group-loading="true"/>
|
|
||||||
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization map-groups-to-roles="false">
|
|
||||||
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
<security-realm name="ApplicationRealm">
|
|
||||||
<server-identities>
|
|
||||||
<ssl>
|
|
||||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
|
||||||
</ssl>
|
|
||||||
</server-identities>
|
|
||||||
<authentication>
|
|
||||||
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
|
|
||||||
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authentication>
|
|
||||||
<authorization>
|
|
||||||
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</authorization>
|
|
||||||
</security-realm>
|
|
||||||
</security-realms>
|
|
||||||
<audit-log>
|
|
||||||
<formatters>
|
|
||||||
<json-formatter name="json-formatter"/>
|
|
||||||
</formatters>
|
|
||||||
<handlers>
|
|
||||||
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
||||||
</handlers>
|
|
||||||
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
||||||
<handlers>
|
|
||||||
<handler name="file"/>
|
|
||||||
</handlers>
|
|
||||||
</logger>
|
|
||||||
</audit-log>
|
|
||||||
<management-interfaces>
|
|
||||||
<http-interface security-realm="ManagementRealm">
|
|
||||||
<http-upgrade enabled="true"/>
|
|
||||||
<socket-binding http="management-http"/>
|
|
||||||
</http-interface>
|
|
||||||
</management-interfaces>
|
|
||||||
<access-control provider="simple">
|
|
||||||
<role-mapping>
|
|
||||||
<role name="SuperUser">
|
|
||||||
<include>
|
|
||||||
<user name="$local"/>
|
|
||||||
</include>
|
|
||||||
</role>
|
|
||||||
</role-mapping>
|
|
||||||
</access-control>
|
|
||||||
</management>
|
|
||||||
<profile>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:logging:8.0">
|
|
||||||
<console-handler name="CONSOLE">
|
|
||||||
<level name="INFO"/>
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="COLOR-PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
</console-handler>
|
|
||||||
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
||||||
<formatter>
|
|
||||||
<named-formatter name="PATTERN"/>
|
|
||||||
</formatter>
|
|
||||||
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
||||||
<suffix value=".yyyy-MM-dd"/>
|
|
||||||
<append value="true"/>
|
|
||||||
</periodic-rotating-file-handler>
|
|
||||||
<logger category="com.arjuna">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="io.jaegertracing.Configuration">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="org.jboss.as.config">
|
|
||||||
<level name="DEBUG"/>
|
|
||||||
</logger>
|
|
||||||
<logger category="sun.rmi">
|
|
||||||
<level name="WARN"/>
|
|
||||||
</logger>
|
|
||||||
<root-logger>
|
|
||||||
<level name="INFO"/>
|
|
||||||
<handlers>
|
|
||||||
<handler name="CONSOLE"/>
|
|
||||||
<handler name="FILE"/>
|
|
||||||
</handlers>
|
|
||||||
</root-logger>
|
|
||||||
<formatter name="PATTERN">
|
|
||||||
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
<formatter name="COLOR-PATTERN">
|
|
||||||
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
||||||
</formatter>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
|
||||||
<datasources>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
||||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
||||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
|
||||||
<driver>h2</driver>
|
|
||||||
<security>
|
|
||||||
<user-name>sa</user-name>
|
|
||||||
<password>sa</password>
|
|
||||||
</security>
|
|
||||||
</datasource>
|
|
||||||
<drivers>
|
|
||||||
<driver name="h2" module="com.h2database.h2">
|
|
||||||
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
|
|
||||||
</driver>
|
|
||||||
</drivers>
|
|
||||||
</datasources>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
||||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
|
||||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
||||||
<concurrent>
|
|
||||||
<context-services>
|
|
||||||
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
|
|
||||||
</context-services>
|
|
||||||
<managed-thread-factories>
|
|
||||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
||||||
</managed-thread-factories>
|
|
||||||
<managed-executor-services>
|
|
||||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
||||||
</managed-executor-services>
|
|
||||||
<managed-scheduled-executor-services>
|
|
||||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
||||||
</managed-scheduled-executor-services>
|
|
||||||
</concurrent>
|
|
||||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
|
|
||||||
<session-bean>
|
|
||||||
<stateless>
|
|
||||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
|
||||||
</stateless>
|
|
||||||
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
|
|
||||||
<singleton default-access-timeout="5000"/>
|
|
||||||
</session-bean>
|
|
||||||
<pools>
|
|
||||||
<bean-instance-pools>
|
|
||||||
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
|
|
||||||
</bean-instance-pools>
|
|
||||||
</pools>
|
|
||||||
<caches>
|
|
||||||
<cache name="simple"/>
|
|
||||||
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
|
|
||||||
</caches>
|
|
||||||
<passivation-stores>
|
|
||||||
<passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
|
|
||||||
</passivation-stores>
|
|
||||||
<async thread-pool-name="default"/>
|
|
||||||
<timer-service thread-pool-name="default" default-data-store="default-file-store">
|
|
||||||
<data-stores>
|
|
||||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
|
||||||
</data-stores>
|
|
||||||
</timer-service>
|
|
||||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
|
||||||
<channel-creation-options>
|
|
||||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
|
||||||
</channel-creation-options>
|
|
||||||
</remote>
|
|
||||||
<thread-pools>
|
|
||||||
<thread-pool name="default">
|
|
||||||
<max-threads count="10"/>
|
|
||||||
<keepalive-time time="60" unit="seconds"/>
|
|
||||||
</thread-pool>
|
|
||||||
</thread-pools>
|
|
||||||
<default-security-domain value="other"/>
|
|
||||||
<default-missing-method-permissions-deny-access value="true"/>
|
|
||||||
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
|
||||||
<log-system-exceptions value="true"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
|
||||||
<worker name="default"/>
|
|
||||||
<buffer-pool name="default"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
|
|
||||||
<cache-container name="keycloak">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="realms">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<local-cache name="users">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="sessions" owners="1"/>
|
|
||||||
<distributed-cache name="authenticationSessions" owners="1"/>
|
|
||||||
<distributed-cache name="offlineSessions" owners="1"/>
|
|
||||||
<distributed-cache name="clientSessions" owners="1"/>
|
|
||||||
<distributed-cache name="offlineClientSessions" owners="1"/>
|
|
||||||
<distributed-cache name="loginFailures" owners="1"/>
|
|
||||||
<local-cache name="authorization">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
</local-cache>
|
|
||||||
<replicated-cache name="work"/>
|
|
||||||
<local-cache name="keys">
|
|
||||||
<object-memory size="1000"/>
|
|
||||||
<expiration max-idle="3600000"/>
|
|
||||||
</local-cache>
|
|
||||||
<distributed-cache name="actionTokens" owners="2">
|
|
||||||
<object-memory size="-1"/>
|
|
||||||
<expiration max-idle="-1" interval="300000"/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="default">
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<replicated-cache name="sso">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
</replicated-cache>
|
|
||||||
<distributed-cache name="dist">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
<distributed-cache name="routing"/>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<distributed-cache name="dist">
|
|
||||||
<locking isolation="REPEATABLE_READ"/>
|
|
||||||
<transaction mode="BATCH"/>
|
|
||||||
<file-store/>
|
|
||||||
</distributed-cache>
|
|
||||||
</cache-container>
|
|
||||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
|
||||||
<transport lock-timeout="60000"/>
|
|
||||||
<local-cache name="local-query">
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</local-cache>
|
|
||||||
<invalidation-cache name="entity">
|
|
||||||
<transaction mode="NON_XA"/>
|
|
||||||
<object-memory size="10000"/>
|
|
||||||
<expiration max-idle="100000"/>
|
|
||||||
</invalidation-cache>
|
|
||||||
<replicated-cache name="timestamps"/>
|
|
||||||
</cache-container>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
|
||||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
|
||||||
<bean-validation enabled="true"/>
|
|
||||||
<default-workmanager>
|
|
||||||
<short-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</short-running-threads>
|
|
||||||
<long-running-threads>
|
|
||||||
<core-threads count="50"/>
|
|
||||||
<queue-length count="50"/>
|
|
||||||
<max-threads count="50"/>
|
|
||||||
<keepalive-time time="10" unit="seconds"/>
|
|
||||||
</long-running-threads>
|
|
||||||
</default-workmanager>
|
|
||||||
<cached-connection-manager/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jgroups:7.0">
|
|
||||||
<channels default="ee">
|
|
||||||
<channel name="ee" stack="udp" cluster="ejb"/>
|
|
||||||
</channels>
|
|
||||||
<stacks>
|
|
||||||
<stack name="udp">
|
|
||||||
<transport type="UDP" socket-binding="jgroups-udp"/>
|
|
||||||
<protocol type="PING"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="UFC"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG3"/>
|
|
||||||
</stack>
|
|
||||||
<stack name="tcp">
|
|
||||||
<transport type="TCP" socket-binding="jgroups-tcp"/>
|
|
||||||
<socket-protocol type="MPING" socket-binding="jgroups-mping"/>
|
|
||||||
<protocol type="MERGE3"/>
|
|
||||||
<socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
|
|
||||||
<protocol type="FD_ALL"/>
|
|
||||||
<protocol type="VERIFY_SUSPECT"/>
|
|
||||||
<protocol type="pbcast.NAKACK2"/>
|
|
||||||
<protocol type="UNICAST3"/>
|
|
||||||
<protocol type="pbcast.STABLE"/>
|
|
||||||
<protocol type="pbcast.GMS"/>
|
|
||||||
<protocol type="MFC"/>
|
|
||||||
<protocol type="FRAG3"/>
|
|
||||||
</stack>
|
|
||||||
</stacks>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
||||||
<expose-resolved-model/>
|
|
||||||
<expose-expression-model/>
|
|
||||||
<remoting-connector/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
|
||||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
|
||||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
|
||||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
|
||||||
</mail-session>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
|
||||||
<proxy name="default" advertise-socket="modcluster" listener="ajp">
|
|
||||||
<dynamic-load-provider>
|
|
||||||
<load-metric type="cpu"/>
|
|
||||||
</dynamic-load-provider>
|
|
||||||
</proxy>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
|
||||||
<remote-naming/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
|
||||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
||||||
<deployment-permissions>
|
|
||||||
<maximum-set>
|
|
||||||
<permission class="java.security.AllPermission"/>
|
|
||||||
</maximum-set>
|
|
||||||
</deployment-permissions>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
||||||
<providers>
|
|
||||||
<aggregate-providers name="combined-providers">
|
|
||||||
<providers name="elytron"/>
|
|
||||||
<providers name="openssl"/>
|
|
||||||
</aggregate-providers>
|
|
||||||
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
||||||
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
||||||
</providers>
|
|
||||||
<audit-logging>
|
|
||||||
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
||||||
</audit-logging>
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local"/>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
||||||
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
||||||
<realm name="local" role-mapper="super-user-mapper"/>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
<security-realms>
|
|
||||||
<identity-realm name="local" identity="$local"/>
|
|
||||||
<properties-realm name="ApplicationRealm">
|
|
||||||
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
||||||
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
<properties-realm name="ManagementRealm">
|
|
||||||
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
||||||
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
||||||
</properties-realm>
|
|
||||||
</security-realms>
|
|
||||||
<mappers>
|
|
||||||
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
||||||
<permission-mapping>
|
|
||||||
<principal name="anonymous"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
<permission-mapping match-all="true">
|
|
||||||
<permission-set name="login-permission"/>
|
|
||||||
<permission-set name="default-permissions"/>
|
|
||||||
</permission-mapping>
|
|
||||||
</simple-permission-mapper>
|
|
||||||
<constant-realm-mapper name="local" realm-name="local"/>
|
|
||||||
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
||||||
<constant-role-mapper name="super-user-mapper">
|
|
||||||
<role name="SuperUser"/>
|
|
||||||
</constant-role-mapper>
|
|
||||||
</mappers>
|
|
||||||
<permission-sets>
|
|
||||||
<permission-set name="login-permission">
|
|
||||||
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
||||||
</permission-set>
|
|
||||||
<permission-set name="default-permissions">
|
|
||||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
|
||||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
|
||||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
|
||||||
</permission-set>
|
|
||||||
</permission-sets>
|
|
||||||
<http>
|
|
||||||
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="DIGEST">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</http-authentication-factory>
|
|
||||||
<provider-http-server-mechanism-factory name="global"/>
|
|
||||||
</http>
|
|
||||||
<sasl>
|
|
||||||
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
||||||
<mechanism-configuration>
|
|
||||||
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
||||||
<mechanism mechanism-name="DIGEST-MD5">
|
|
||||||
<mechanism-realm realm-name="ManagementRealm"/>
|
|
||||||
</mechanism>
|
|
||||||
</mechanism-configuration>
|
|
||||||
</sasl-authentication-factory>
|
|
||||||
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
||||||
<properties>
|
|
||||||
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
||||||
</properties>
|
|
||||||
</configurable-sasl-server-factory>
|
|
||||||
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
||||||
<filters>
|
|
||||||
<filter provider-name="WildFlyElytron"/>
|
|
||||||
</filters>
|
|
||||||
</mechanism-provider-filtering-sasl-server-factory>
|
|
||||||
<provider-sasl-server-factory name="global"/>
|
|
||||||
</sasl>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
|
||||||
<security-domains>
|
|
||||||
<security-domain name="other" cache-type="default">
|
|
||||||
<authentication>
|
|
||||||
<login-module code="Remoting" flag="optional">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
<login-module code="RealmDirect" flag="required">
|
|
||||||
<module-option name="password-stacking" value="useFirstPass"/>
|
|
||||||
</login-module>
|
|
||||||
</authentication>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-web-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jaspitest" cache-type="default">
|
|
||||||
<authentication-jaspi>
|
|
||||||
<login-module-stack name="dummy">
|
|
||||||
<login-module code="Dummy" flag="optional"/>
|
|
||||||
</login-module-stack>
|
|
||||||
<auth-module code="Dummy"/>
|
|
||||||
</authentication-jaspi>
|
|
||||||
</security-domain>
|
|
||||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
|
||||||
<authorization>
|
|
||||||
<policy-module code="Delegating" flag="required"/>
|
|
||||||
</authorization>
|
|
||||||
</security-domain>
|
|
||||||
</security-domains>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
|
||||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
|
||||||
<process-id>
|
|
||||||
<uuid/>
|
|
||||||
</process-id>
|
|
||||||
</core-environment>
|
|
||||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
|
||||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
|
||||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
|
||||||
<!-- Simulating manual migration step from KEYCLOAK-17995 issue -->
|
|
||||||
<!-- <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>-->
|
|
||||||
<!-- <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>-->
|
|
||||||
<!-- <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>-->
|
|
||||||
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
||||||
<buffer-cache name="default"/>
|
|
||||||
<server name="default-server">
|
|
||||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
|
||||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
||||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
|
||||||
<host name="default-host" alias="localhost">
|
|
||||||
<location name="/" handler="welcome-content"/>
|
|
||||||
<http-invoker security-realm="ApplicationRealm"/>
|
|
||||||
</host>
|
|
||||||
</server>
|
|
||||||
<servlet-container name="default">
|
|
||||||
<jsp-config/>
|
|
||||||
<websockets/>
|
|
||||||
</servlet-container>
|
|
||||||
<handlers>
|
|
||||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
|
||||||
</handlers>
|
|
||||||
</subsystem>
|
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
|
||||||
<web-context>auth</web-context>
|
|
||||||
<providers>
|
|
||||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
|
||||||
</providers>
|
|
||||||
<master-realm-name>master</master-realm-name>
|
|
||||||
<scheduled-task-interval>900</scheduled-task-interval>
|
|
||||||
<theme>
|
|
||||||
<staticMaxAge>2592000</staticMaxAge>
|
|
||||||
<cacheThemes>true</cacheThemes>
|
|
||||||
<cacheTemplates>true</cacheTemplates>
|
|
||||||
<dir>${jboss.home.dir}/themes</dir>
|
|
||||||
</theme>
|
|
||||||
<spi name="eventsStore">
|
|
||||||
<provider name="jpa" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="exclude-events" value="["REFRESH_TOKEN"]"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="userCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="userSessionPersister">
|
|
||||||
<default-provider>jpa</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="timer">
|
|
||||||
<default-provider>basic</default-provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsHttpClient">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsJpa">
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
|
|
||||||
<property name="initializeEmpty" value="true"/>
|
|
||||||
<property name="migrationStrategy" value="update"/>
|
|
||||||
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="realmCache">
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="connectionsInfinispan">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="jta-lookup">
|
|
||||||
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
|
|
||||||
<provider name="jboss" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="publicKeyStorage">
|
|
||||||
<provider name="infinispan" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="minTimeBetweenRequests" value="10"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
<spi name="x509cert-lookup">
|
|
||||||
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
|
|
||||||
<provider name="default" enabled="true"/>
|
|
||||||
</spi>
|
|
||||||
<spi name="hostname">
|
|
||||||
<default-provider>default</default-provider>
|
|
||||||
<provider name="default" enabled="true">
|
|
||||||
<properties>
|
|
||||||
<property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
|
|
||||||
<property name="forceBackendUrlToFrontendUrl" value="false"/>
|
|
||||||
</properties>
|
|
||||||
</provider>
|
|
||||||
</spi>
|
|
||||||
</subsystem>
|
|
||||||
</profile>
|
|
||||||
<interfaces>
|
|
||||||
<interface name="management">
|
|
||||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="private">
|
|
||||||
<inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
<interface name="public">
|
|
||||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
||||||
</interface>
|
|
||||||
</interfaces>
|
|
||||||
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
||||||
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
||||||
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
||||||
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
||||||
<socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
|
|
||||||
<socket-binding name="jgroups-tcp" interface="private" port="7600"/>
|
|
||||||
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
|
|
||||||
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
|
|
||||||
<socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
|
|
||||||
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
||||||
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
||||||
<socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
|
|
||||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
|
||||||
<socket-binding name="txn-status-manager" port="4713"/>
|
|
||||||
<outbound-socket-binding name="mail-smtp">
|
|
||||||
<remote-destination host="localhost" port="25"/>
|
|
||||||
</outbound-socket-binding>
|
|
||||||
</socket-binding-group>
|
|
||||||
</server>
|
|
|
@ -7,8 +7,6 @@
|
||||||
# Also, you should update the migrate-*.cli scripts in
|
# Also, you should update the migrate-*.cli scripts in
|
||||||
# <keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin
|
# <keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin
|
||||||
#
|
#
|
||||||
# Furthermore, you should run the tests in
|
|
||||||
# <keycloak>/testsuite/integration-arquillian/tests/other/server-config-migration
|
|
||||||
|
|
||||||
keycloak.server.subsys.default.config=\
|
keycloak.server.subsys.default.config=\
|
||||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">\
|
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">\
|
||||||
|
|
|
@ -3,6 +3,3 @@ Subsystem Config Files
|
||||||
|
|
||||||
IMPORTANT: If you change files in this directory you should also update the migrate-*.cli scripts in
|
IMPORTANT: If you change files in this directory you should also update the migrate-*.cli scripts in
|
||||||
`<keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin`
|
`<keycloak>/distribution/feature-packs/server-feature-pack/src/main/resources/content/bin`
|
||||||
|
|
||||||
Furthermore, you should run the tests in
|
|
||||||
`<keycloak>/testsuite/integration-arquillian/tests/other/server-config-migration`
|
|
Loading…
Reference in a new issue