WildFly Management API Configuration: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 73: Line 73:
=Management Realm Configuration Files=
=Management Realm Configuration Files=


The security information is maintained in flat files. The files are configured with <tt><security-realm><authentication><properties></tt> configuration element and their location is relative to <tt></tt>, which could be <tt>$JBOSS_HOME/standalone/configuration</tt> or <tt>$JBOSS_HOME/domain/configuration</tt>, depending on the mode WildFly is run in (standalone or domain).
The security information is maintained in flat files. The files are configured with <tt><security-realm><authentication><properties></tt> configuration element and their location is relative to <tt></tt>, which could be <tt>$JBOSS_HOME/standalone/configuration</tt> or <tt>$JBOSS_HOME/domain/configuration</tt>, depending on the mode WildFly is run in (standalone or domain). For more details, see <tt>[[jboss.server.config.dir]]</tt>.


The files can be modified at any time, updates after the server has started will be automatically detected.
The files can be modified at any time, updates after the server has started will be automatically detected.


=Application Realm Configuration Files=
=Application Realm Configuration Files=

Revision as of 02:39, 10 February 2016

Internal

Overview

    ...

    <management>

        <security-realms>

            <security-realm name="ManagementRealm">
                <authentication>
                    <local default-user="$local" skip-group-loading="true"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>

            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>

        </security-realms>

        <audit-log>
            <formatters>
                <json-formatter name="json-formatter"/>
            </formatters>
            <handlers>
                <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
            </handlers>
            <logger log-boot="true" log-read-only="false" enabled="false">
                <handlers>
                    <handler name="file"/>
                </handlers>
            </logger>
        </audit-log>

        <management-interfaces>

            <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
                <socket-binding http="management-http"/>
            </http-interface>

        </management-interfaces>

        <access-control provider="simple">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user name="$local"/>
                    </include>
                </role>
            </role-mapping>
        </access-control>
    </management>

   ...

Management Realm Configuration Files

The security information is maintained in flat files. The files are configured with <security-realm><authentication><properties> configuration element and their location is relative to , which could be $JBOSS_HOME/standalone/configuration or $JBOSS_HOME/domain/configuration, depending on the mode WildFly is run in (standalone or domain). For more details, see jboss.server.config.dir.

The files can be modified at any time, updates after the server has started will be automatically detected.

Application Realm Configuration Files