317 lines
18 KiB
XML
317 lines
18 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<server xmlns="urn:jboss:domain:community:20.0">
|
|
<extensions>
|
|
<extension module="org.jboss.as.deployment-scanner"/>
|
|
<extension module="org.jboss.as.ee"/>
|
|
<extension module="org.jboss.as.jaxrs"/>
|
|
<extension module="org.jboss.as.jmx"/>
|
|
<extension module="org.jboss.as.logging"/>
|
|
<extension module="org.jboss.as.naming"/>
|
|
<extension module="org.jboss.as.remoting"/>
|
|
<extension module="org.jboss.as.weld"/>
|
|
<extension module="org.wildfly.extension.bean-validation"/>
|
|
<extension module="org.wildfly.extension.core-management"/>
|
|
<extension module="org.wildfly.extension.ee-security"/>
|
|
<extension module="org.wildfly.extension.elytron"/>
|
|
<extension module="org.wildfly.extension.health"/>
|
|
<extension module="org.wildfly.extension.io"/>
|
|
<extension module="org.wildfly.extension.microprofile.config-smallrye"/>
|
|
<extension module="org.wildfly.extension.microprofile.fault-tolerance-smallrye"/>
|
|
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
|
|
<extension module="org.wildfly.extension.microprofile.jwt-smallrye"/>
|
|
<extension module="org.wildfly.extension.microprofile.openapi-smallrye"/>
|
|
<extension module="org.wildfly.extension.microprofile.telemetry"/>
|
|
<extension module="org.wildfly.extension.opentelemetry"/>
|
|
<extension module="org.wildfly.extension.request-controller"/>
|
|
<extension module="org.wildfly.extension.security.manager"/>
|
|
<extension module="org.wildfly.extension.undertow"/>
|
|
</extensions>
|
|
<management>
|
|
<audit-log>
|
|
<formatters>
|
|
<json-formatter name="json-formatter"/>
|
|
</formatters>
|
|
<handlers>
|
|
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
|
|
</handlers>
|
|
<logger log-boot="true" log-read-only="false" enabled="false">
|
|
<handlers>
|
|
<handler name="file"/>
|
|
</handlers>
|
|
</logger>
|
|
</audit-log>
|
|
<management-interfaces>
|
|
<http-interface http-authentication-factory="management-http-authentication">
|
|
<http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
|
|
<socket-binding http="management-http"/>
|
|
</http-interface>
|
|
</management-interfaces>
|
|
<access-control provider="simple">
|
|
<role-mapping>
|
|
<role name="SuperUser">
|
|
<include>
|
|
<user name="$local"/>
|
|
</include>
|
|
</role>
|
|
</role-mapping>
|
|
</access-control>
|
|
</management>
|
|
<profile>
|
|
<subsystem xmlns="urn:jboss:domain:logging:8.0">
|
|
<console-handler name="CONSOLE">
|
|
<level name="INFO"/>
|
|
<formatter>
|
|
<named-formatter name="COLOR-PATTERN"/>
|
|
</formatter>
|
|
</console-handler>
|
|
<periodic-rotating-file-handler name="FILE" autoflush="true">
|
|
<formatter>
|
|
<named-formatter name="PATTERN"/>
|
|
</formatter>
|
|
<file relative-to="jboss.server.log.dir" path="server.log"/>
|
|
<suffix value=".yyyy-MM-dd"/>
|
|
<append value="true"/>
|
|
</periodic-rotating-file-handler>
|
|
<logger category="com.arjuna">
|
|
<level name="WARN"/>
|
|
</logger>
|
|
<logger category="com.networknt.schema">
|
|
<level name="WARN"/>
|
|
</logger>
|
|
<logger category="io.jaegertracing.Configuration">
|
|
<level name="WARN"/>
|
|
</logger>
|
|
<logger category="org.jboss.as.config">
|
|
<level name="DEBUG"/>
|
|
</logger>
|
|
<logger category="sun.rmi">
|
|
<level name="WARN"/>
|
|
</logger>
|
|
<root-logger>
|
|
<level name="INFO"/>
|
|
<handlers>
|
|
<handler name="CONSOLE"/>
|
|
<handler name="FILE"/>
|
|
</handlers>
|
|
</root-logger>
|
|
<formatter name="PATTERN">
|
|
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
</formatter>
|
|
<formatter name="COLOR-PATTERN">
|
|
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
|
|
</formatter>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
|
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
|
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
|
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:ee:6.0">
|
|
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
|
<concurrent>
|
|
<context-services>
|
|
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default"/>
|
|
</context-services>
|
|
<managed-thread-factories>
|
|
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
|
</managed-thread-factories>
|
|
<managed-executor-services>
|
|
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
|
|
</managed-executor-services>
|
|
<managed-scheduled-executor-services>
|
|
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
|
|
</managed-scheduled-executor-services>
|
|
</concurrent>
|
|
<default-bindings context-service="java:jboss/ee/concurrency/context/default" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:ee-security:1.0"/>
|
|
<subsystem xmlns="urn:wildfly:elytron:community:18.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
|
<providers>
|
|
<aggregate-providers name="combined-providers">
|
|
<providers name="elytron"/>
|
|
<providers name="openssl"/>
|
|
</aggregate-providers>
|
|
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
|
|
<provider-loader name="openssl" module="org.wildfly.openssl"/>
|
|
</providers>
|
|
<audit-logging>
|
|
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
|
|
</audit-logging>
|
|
<security-domains>
|
|
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
|
|
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
|
|
<realm name="local"/>
|
|
</security-domain>
|
|
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
|
|
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
|
|
<realm name="local" role-mapper="super-user-mapper"/>
|
|
</security-domain>
|
|
</security-domains>
|
|
<security-realms>
|
|
<identity-realm name="local" identity="$local"/>
|
|
<properties-realm name="ApplicationRealm">
|
|
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
|
|
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
|
|
</properties-realm>
|
|
<properties-realm name="ManagementRealm">
|
|
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
|
|
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
|
|
</properties-realm>
|
|
</security-realms>
|
|
<mappers>
|
|
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
|
|
<permission-mapping>
|
|
<principal name="anonymous"/>
|
|
<permission-set name="default-permissions"/>
|
|
</permission-mapping>
|
|
<permission-mapping match-all="true">
|
|
<permission-set name="login-permission"/>
|
|
<permission-set name="default-permissions"/>
|
|
</permission-mapping>
|
|
</simple-permission-mapper>
|
|
<constant-realm-mapper name="local" realm-name="local"/>
|
|
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
|
|
<constant-role-mapper name="super-user-mapper">
|
|
<role name="SuperUser"/>
|
|
</constant-role-mapper>
|
|
</mappers>
|
|
<permission-sets>
|
|
<permission-set name="login-permission">
|
|
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
|
|
</permission-set>
|
|
<permission-set name="default-permissions"/>
|
|
</permission-sets>
|
|
<http>
|
|
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
|
|
<mechanism-configuration>
|
|
<mechanism mechanism-name="DIGEST">
|
|
<mechanism-realm realm-name="ManagementRealm"/>
|
|
</mechanism>
|
|
</mechanism-configuration>
|
|
</http-authentication-factory>
|
|
<http-authentication-factory name="application-http-authentication" security-domain="ApplicationDomain" http-server-mechanism-factory="global">
|
|
<mechanism-configuration>
|
|
<mechanism mechanism-name="BASIC">
|
|
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
</mechanism>
|
|
</mechanism-configuration>
|
|
</http-authentication-factory>
|
|
<provider-http-server-mechanism-factory name="global"/>
|
|
</http>
|
|
<sasl>
|
|
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
|
|
<mechanism-configuration>
|
|
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
<mechanism mechanism-name="DIGEST-MD5">
|
|
<mechanism-realm realm-name="ApplicationRealm"/>
|
|
</mechanism>
|
|
</mechanism-configuration>
|
|
</sasl-authentication-factory>
|
|
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
|
|
<mechanism-configuration>
|
|
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
|
|
<mechanism mechanism-name="DIGEST-MD5">
|
|
<mechanism-realm realm-name="ManagementRealm"/>
|
|
</mechanism>
|
|
</mechanism-configuration>
|
|
</sasl-authentication-factory>
|
|
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
|
|
<properties>
|
|
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
|
|
<property name="wildfly.sasl.local-user.challenge-path" value="${jboss.server.temp.dir}/auth"/>
|
|
</properties>
|
|
</configurable-sasl-server-factory>
|
|
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
|
|
<filters>
|
|
<filter provider-name="WildFlyElytron"/>
|
|
</filters>
|
|
</mechanism-provider-filtering-sasl-server-factory>
|
|
<provider-sasl-server-factory name="global"/>
|
|
</sasl>
|
|
<tls>
|
|
<key-stores>
|
|
<key-store name="applicationKS">
|
|
<credential-reference clear-text="password"/>
|
|
<implementation type="JKS"/>
|
|
<file path="application.keystore" relative-to="jboss.server.config.dir"/>
|
|
</key-store>
|
|
</key-stores>
|
|
<key-managers>
|
|
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
|
|
<credential-reference clear-text="password"/>
|
|
</key-manager>
|
|
</key-managers>
|
|
<server-ssl-contexts>
|
|
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
|
|
</server-ssl-contexts>
|
|
</tls>
|
|
<policy name="jacc">
|
|
<jacc-policy/>
|
|
</policy>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
|
|
<subsystem xmlns="urn:jboss:domain:io:4.0" default-worker="default">
|
|
<worker name="default"/>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:jaxrs:3.0"/>
|
|
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
|
<expose-resolved-model/>
|
|
<expose-expression-model/>
|
|
<remoting-connector/>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:2.0"/>
|
|
<subsystem xmlns="urn:wildfly:microprofile-fault-tolerance-smallrye:1.0"/>
|
|
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:3.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}" empty-startup-checks-status="${env.MP_HEALTH_EMPTY_STARTUP_CHECKS_STATUS:UP}"/>
|
|
<subsystem xmlns="urn:wildfly:microprofile-jwt-smallrye:1.0"/>
|
|
<subsystem xmlns="urn:wildfly:microprofile-openapi-smallrye:1.0"/>
|
|
<subsystem xmlns="urn:wildfly:microprofile-telemetry:1.0"/>
|
|
<subsystem xmlns="urn:jboss:domain:naming:2.0"/>
|
|
<subsystem xmlns="urn:wildfly:opentelemetry:1.1"/>
|
|
<subsystem xmlns="urn:jboss:domain:remoting:7.0">
|
|
<endpoint worker="default"/>
|
|
<http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
|
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
|
<deployment-permissions>
|
|
<maximum-set>
|
|
<permission class="java.security.AllPermission"/>
|
|
</maximum-set>
|
|
</deployment-permissions>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:undertow:14.0" default-virtual-host="default-host" default-servlet-container="default" default-server="default-server" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
|
<byte-buffer-pool name="default"/>
|
|
<buffer-cache name="default"/>
|
|
<server name="default-server">
|
|
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
|
<host name="default-host" alias="localhost">
|
|
<http-invoker http-authentication-factory="application-http-authentication"/>
|
|
</host>
|
|
</server>
|
|
<servlet-container name="default">
|
|
<jsp-config/>
|
|
<websockets/>
|
|
</servlet-container>
|
|
<application-security-domains>
|
|
<application-security-domain name="other" security-domain="ApplicationDomain"/>
|
|
</application-security-domains>
|
|
</subsystem>
|
|
<subsystem xmlns="urn:jboss:domain:weld:5.0"/>
|
|
</profile>
|
|
<interfaces>
|
|
<interface name="management">
|
|
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
|
</interface>
|
|
<interface name="public">
|
|
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
|
</interface>
|
|
</interfaces>
|
|
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
|
|
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
|
|
<socket-binding name="http" port="${jboss.http.port:8080}"/>
|
|
<socket-binding name="https" port="${jboss.https.port:8443}"/>
|
|
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
|
|
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
|
|
</socket-binding-group>
|
|
</server> |