1<?xml version='1.0' encoding='UTF-8'?> 2 3<host xmlns="urn:jboss:domain:5.0" name="master"> 4 <extensions> 5 <extension module="org.jboss.as.jmx"/> 6 <extension module="org.wildfly.extension.core-management"/> 7 <extension module="org.wildfly.extension.elytron"/> 8 </extensions> 9 <management> 10 <security-realms> 11 <security-realm name="ManagementRealm"> 12 <authentication> 13 <local default-user="$local" skip-group-loading="true"/> 14 <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/> 15 </authentication> 16 <authorization map-groups-to-roles="false"> 17 <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/> 18 </authorization> 19 </security-realm> 20 <security-realm name="ApplicationRealm"> 21 <server-identities> 22 <ssl> 23 <keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> 24 </ssl> 25 </server-identities> 26 <authentication> 27 <local default-user="$local" allowed-users="*" skip-group-loading="true"/> 28 <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> 29 </authentication> 30 <authorization> 31 <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/> 32 </authorization> 33 </security-realm> 34 </security-realms> 35 <audit-log> 36 <formatters> 37 <json-formatter name="json-formatter"/> 38 </formatters> 39 <handlers> 40 <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/> 41 <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> 42 </handlers> 43 <logger log-boot="true" log-read-only="false" enabled="false"> 44 <handlers> 45 <handler name="host-file"/> 46 </handlers> 47 </logger> 48 <server-logger log-boot="true" log-read-only="false" enabled="false"> 49 <handlers> 50 <handler name="server-file"/> 51 </handlers> 52 </server-logger> 53 </audit-log> 54 <management-interfaces> 55 <native-interface security-realm="ManagementRealm"> 56 <socket interface="management" port="${jboss.management.native.port:9999}"/> 57 </native-interface> 58 <http-interface security-realm="ManagementRealm"> 59 <http-upgrade enabled="true"/> 60 <socket interface="management" port="${jboss.management.http.port:9990}"/> 61 </http-interface> 62 </management-interfaces> 63 </management> 64 <domain-controller> 65 <local/> 66 <!-- Alternative remote domain controller configuration with a host and port --> 67 <!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> --> 68 </domain-controller> 69 <interfaces> 70 <interface name="management"> 71 <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> 72 </interface> 73 <interface name="public"> 74 <inet-address value="${jboss.bind.address:127.0.0.1}"/> 75 </interface> 76 </interfaces> 77 <jvms> 78 <jvm name="default"> 79 <heap size="64m" max-size="256m"/> 80 <jvm-options> 81 <option value="-server"/> 82 <option value="-XX:MetaspaceSize=96m"/> 83 <option value="-XX:MaxMetaspaceSize=256m"/> 84 <option value="--add-exports=java.base/sun.nio.ch=ALL-UNNAMED"/> 85 </jvm-options> 86 </jvm> 87 </jvms> 88 <servers> 89 <server name="server-one" group="main-server-group"> 90 <!-- 91 ~ Remote JPDA debugging for a specific server 92 ~ <jvm name="default"> 93 ~ <jvm-options> 94 ~ <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/> 95 ~ </jvm-options> 96 ~ </jvm> 97 ~ 98 --> 99 </server> 100 <server name="server-two" group="main-server-group" auto-start="true"> 101 <jvm name="default"/> 102 <!-- 103 ~ server-two avoids port conflicts by incrementing the ports in 104 ~ the default socket-group declared in the server-group 105 --> 106 <socket-bindings port-offset="150"/> 107 </server> 108 <server name="server-three" group="other-server-group" auto-start="false"> 109 <jvm name="default"/> 110 <!-- 111 ~ server-three avoids port conflicts by incrementing the ports in 112 ~ the default socket-group declared in the server-group 113 --> 114 <socket-bindings port-offset="250"/> 115 </server> 116 </servers> 117 <profile> 118 <subsystem xmlns="urn:jboss:domain:core-management:1.0"/> 119 <subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> 120 <providers> 121 <aggregate-providers name="combined-providers"> 122 <providers name="elytron"/> 123 <providers name="openssl"/> 124 </aggregate-providers> 125 <provider-loader name="elytron" module="org.wildfly.security.elytron"/> 126 <provider-loader name="openssl" module="org.wildfly.openssl"/> 127 </providers> 128 <audit-logging> 129 <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.domain.log.dir" format="JSON"/> 130 </audit-logging> 131 <security-domains> 132 <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper"> 133 <realm name="ManagementRealm" role-decoder="groups-to-roles"/> 134 <realm name="local" role-mapper="super-user-mapper"/> 135 </security-domain> 136 </security-domains> 137 <security-realms> 138 <identity-realm name="local" identity="$local"/> 139 <properties-realm name="ManagementRealm"> 140 <users-properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir" digest-realm-name="ManagementRealm"/> 141 <groups-properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/> 142 </properties-realm> 143 </security-realms> 144 <mappers> 145 <simple-permission-mapper name="default-permission-mapper" mapping-mode="first"> 146 <permission-mapping> 147 <principal name="anonymous"/> 148 </permission-mapping> 149 <permission-mapping match-all="true"> 150 <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> 151 </permission-mapping> 152 </simple-permission-mapper> 153 <constant-realm-mapper name="local" realm-name="local"/> 154 <simple-role-decoder name="groups-to-roles" attribute="groups"/> 155 <constant-role-mapper name="super-user-mapper"> 156 <role name="SuperUser"/> 157 </constant-role-mapper> 158 </mappers> 159 <http> 160 <http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain"> 161 <mechanism-configuration> 162 <mechanism mechanism-name="BASIC"> 163 <mechanism-realm realm-name="Management Realm"/> 164 </mechanism> 165 </mechanism-configuration> 166 </http-authentication-factory> 167 <provider-http-server-mechanism-factory name="global"/> 168 </http> 169 <sasl> 170 <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain"> 171 <mechanism-configuration> 172 <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> 173 <mechanism mechanism-name="DIGEST-MD5"> 174 <mechanism-realm realm-name="ManagementRealm"/> 175 </mechanism> 176 </mechanism-configuration> 177 </sasl-authentication-factory> 178 <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron"> 179 <properties> 180 <property name="wildfly.sasl.local-user.default-user" value="$local"/> 181 </properties> 182 </configurable-sasl-server-factory> 183 <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global"> 184 <filters> 185 <filter provider-name="WildFlyElytron"/> 186 </filters> 187 </mechanism-provider-filtering-sasl-server-factory> 188 <provider-sasl-server-factory name="global"/> 189 </sasl> 190 </subsystem> 191 <subsystem xmlns="urn:jboss:domain:jmx:1.3"> 192 <expose-resolved-model/> 193 <expose-expression-model/> 194 <remoting-connector/> 195 </subsystem> 196 </profile> 197</host> 198