Created
July 27, 2018 10:16
-
-
Save allenyang79/bcecbc759490905422f9f5ebd881c4b8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| docker build -f Dockerfile --tag test . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| DB_VENDOR=$1 | |
| cd /opt/jboss/keycloak | |
| bin/jboss-cli.sh --file=cli/databases/$DB_VENDOR/standalone-configuration.cli | |
| rm -rf /opt/jboss/keycloak/standalone/configuration/standalone_xml_history | |
| bin/jboss-cli.sh --file=cli/databases/$DB_VENDOR/standalone-ha-configuration.cli | |
| rm -rf standalone/configuration/standalone_xml_history/current/* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vi: set ts=2 sw=2: | |
| version: '3.4' | |
| services: | |
| keycloak: | |
| image: test:latest | |
| build: | |
| context: . | |
| dockerfile: Dockerfile | |
| deploy: | |
| replicas: 2 | |
| update_config: | |
| parallelism: 2 | |
| delay: 30s | |
| links: | |
| - "mysql:mysql" | |
| environment: | |
| - "DB_VENDOR=mysql" | |
| - "DB_ADDR=mysql" | |
| - "DB_PORT=3306" | |
| - "DB_DATABASE=keycloak" | |
| - "DB_USER=keycloak" | |
| - "DB_PASSWORD=password" | |
| # theme cache | |
| - "STATIC_MAX_AGE=-1" | |
| - "CACHE_THEMES=false" | |
| - "CACHE_TEMPLATES=false" | |
| # first user | |
| - "KEYCLOAK_USER=admin" | |
| - "KEYCLOAK_PASSWORD=admin" | |
| ports: | |
| - "${KEYCLOAK_PORT:-8080}:8080" | |
| # volumes: | |
| # - ${PWD}/srv:/srv:ro | |
| command: ["/opt/jboss/keycloak/bin/standalone.sh", "-b", "0.0.0.0", "--server-config", "standalone-ha.xml"] | |
| depends_on: | |
| - mysql | |
| mysql: | |
| image: mysql:5.7 | |
| ports: | |
| - 3306:3306 | |
| environment: | |
| - "MYSQL_DATABASE=keycloak" | |
| - "MYSQL_USER=keycloak" | |
| - "MYSQL_PASSWORD=password" | |
| - "MYSQL_ROOT_PASSWORD=docker" | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ################## | |
| # Add admin user # | |
| ################## | |
| if [ $KEYCLOAK_USER ] && [ $KEYCLOAK_PASSWORD ]; then | |
| keycloak/bin/add-user-keycloak.sh --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD | |
| fi | |
| ############ | |
| # DB setup # | |
| ############ | |
| # Lower case DB_VENDOR | |
| DB_VENDOR=`echo $DB_VENDOR | tr A-Z a-z` | |
| # Detect DB vendor from default host names | |
| if [ "$DB_VENDOR" == "" ]; then | |
| if (getent hosts postgres &>/dev/null); then | |
| export DB_VENDOR="postgres" | |
| elif (getent hosts mysql &>/dev/null); then | |
| export DB_VENDOR="mysql" | |
| elif (getent hosts mariadb &>/dev/null); then | |
| export DB_VENDOR="mariadb" | |
| fi | |
| fi | |
| # Detect DB vendor from legacy `*_ADDR` environment variables | |
| if [ "$DB_VENDOR" == "" ]; then | |
| if (printenv | grep '^POSTGRES_ADDR=' &>/dev/null); then | |
| export DB_VENDOR="postgres" | |
| elif (printenv | grep '^MYSQL_ADDR=' &>/dev/null); then | |
| export DB_VENDOR="mysql" | |
| elif (printenv | grep '^MARIADB_ADDR=' &>/dev/null); then | |
| export DB_VENDOR="mariadb" | |
| fi | |
| fi | |
| # Default to H2 if DB type not detected | |
| if [ "$DB_VENDOR" == "" ]; then | |
| export DB_VENDOR="h2" | |
| fi | |
| # Set DB name | |
| case "$DB_VENDOR" in | |
| postgres) | |
| DB_NAME="PostgreSQL";; | |
| mysql) | |
| DB_NAME="MySQL";; | |
| mariadb) | |
| DB_NAME="MariaDB";; | |
| h2) | |
| DB_NAME="Embedded H2";; | |
| *) | |
| echo "Unknown DB vendor $DB_VENDOR" | |
| exit 1 | |
| esac | |
| # Append '?' in the beggining of the string if JDBC_PARAMS value isn't empty | |
| export JDBC_PARAMS=$(echo ${JDBC_PARAMS} | sed '/^$/! s/^/?/') | |
| # Convert deprecated DB specific variables | |
| function set_legacy_vars() { | |
| local suffixes=(ADDR DATABASE USER PASSWORD PORT) | |
| for suffix in "${suffixes[@]}"; do | |
| local varname="$1_$suffix" | |
| if [ ${!varname} ]; then | |
| echo WARNING: $varname variable name is DEPRECATED replace with DB_$suffix | |
| export DB_$suffix=${!varname} | |
| fi | |
| done | |
| } | |
| set_legacy_vars `echo $DB_VENDOR | tr a-z A-Z` | |
| # Configure DB | |
| echo "=========================================================================" | |
| echo "" | |
| echo " Using $DB_NAME database" | |
| echo "" | |
| echo "" | |
| if [ "$DB_VENDOR" != "h2" ]; then | |
| /bin/sh /opt/jboss/keycloak/bin/change-database.sh $DB_VENDOR | |
| fi | |
| # ################## | |
| # # update mysql jdbc-ping | |
| # ################## | |
| if [ "$DB_VENDOR" != "h2" ]; then | |
| /bin/sh /opt/jboss/keycloak/bin/jboss-cli.sh --file=/srv/jdbc-ping.cli | |
| fi | |
| ################## | |
| # Start Keycloak # | |
| ################## | |
| # /usr/sbin/sshd -D & | |
| # DEFAULT_NIC=`ip route | grep default | awk '{print $NF}'` | |
| # HOST_ADDR=`ip -f inet -o addr show $DEFAULT_NIC | cut -d" " -f 7 | cut -d/ -f 1` | |
| # echo "HOST_ADDR: ${HOST_ADDR}" | |
| HOST_ADDR=`hostname -i` | |
| exec /opt/jboss/keycloak/bin/standalone.sh -b 0.0.0.0 -c standalone-ha.xml \ | |
| -Djgroups.bind.address=$HOST_ADDR \ | |
| -Djboss.bind.address.private=$HOST_ADDR \ | |
| -Djava.net.preferIPv4Stack=true \ | |
| -Dignore.bind.address=true | |
| # -Djboss.bind.address.management=$HOST_ADDR | |
| # -Djgroups.bind.address=$HOST_ADDR | |
| exit $? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from jboss/keycloak:4.1.0.Final | |
| USER root | |
| RUN yum install -y iproute | |
| USER jboss | |
| COPY docker-entrypoint.sh docker-entrypoint.sh | |
| COPY srv/jdbc-ping.cli /srv/jdbc-ping.cli | |
| # COPY jdbc-ping.sh keycloak/bin/jdbc-ping.sh | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| embed-server --server-config=standalone-ha.xml --std-out=echo | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:remove | |
| /subsystem=infinispan/cache-container=keycloak/replicated-cache=sessions:add() | |
| /subsystem=infinispan/cache-container=keycloak/replicated-cache=sessions:write-attribute(name="mode",value="SYNC") | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:remove | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:remove | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:remove | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:remove | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:remove | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:add(mode="SYNC",owners="2") | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:add(mode="SYNC",owners="2") | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:add(mode="SYNC",owners="2") | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:add(mode="SYNC",owners="2") | |
| /subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="2") | |
| /subsystem=jgroups/stack=tcpping:add() | |
| /subsystem=jgroups/stack=tcpping/transport=TCP:add(socket-binding=jgroups-tcp) | |
| /subsystem=jgroups/stack=tcpping/transport=TCP/property=external_addr:add(value=${jgroups.bind.address:127.0.0.1}) | |
| /subsystem=jgroups/stack=tcpping/transport=TCP/property=bind_addr:add(value=${jgroups.bind_addr:SITE_LOCAL}) | |
| /subsystem=jgroups/stack=tcpping/protocol=MPING:add(socket-binding=jgroups-mping) | |
| /subsystem=jgroups/stack=tcpping/protocol=JDBC_PING:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=JDBC_PING/property=datasource_jndi_name:add(value=java:jboss/datasources/KeycloakDS) | |
| /subsystem=jgroups/stack=tcpping/protocol=JDBC_PING/property=initialize_sql:add(value="CREATE TABLE IF NOT EXISTS `JGROUPSPING` (`own_addr` varchar(200) NOT NULL,`bind_addr` varchar(200) NOT NULL,`created` timestamp NOT NULL,`cluster_name` varchar(200) NOT NULL,`ping_data` BLOB DEFAULT NULL,PRIMARY KEY (`own_addr`, `cluster_name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8") | |
| /subsystem=jgroups/stack=tcpping/protocol=JDBC_PING/property=insert_single_sql:add(value="INSERT INTO JGROUPSPING (own_addr, bind_addr, created, cluster_name, ping_data) values (?,'${jgroups.bind.address:127.0.0.1}',NOW(), ?, ?)") | |
| /subsystem=jgroups/stack=tcpping/protocol=JDBC_PING/property=delete_single_sql:add(value="DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?") | |
| /subsystem=jgroups/stack=tcpping/protocol=JDBC_PING/property=select_all_pingdata_sql:add(value="SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?;") | |
| /subsystem=jgroups/stack=tcpping/protocol=MERGE3:add() | |
| /subsystem=jgroups/stack=tcpping:add-protocol(type="FD_SOCK",socket-binding="jgroups-tcp-fd") | |
| /subsystem=jgroups/stack=tcpping/protocol=FD_SOCK/property=external_addr:add(value=${jgroups.bind.address:127.0.0.1}) | |
| /subsystem=jgroups/stack=tcpping/protocol=FD:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=VERIFY_SUSPECT:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=pbcast.NAKACK2:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=UNICAST3:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=pbcast.STABLE:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=pbcast.GMS:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=MFC:add() | |
| /subsystem=jgroups/stack=tcpping/protocol=FRAG2:add() | |
| /subsystem=jgroups/channel=ee:write-attribute(name="stack", value="tcpping") | |
| /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp:write-attribute(name="interface",value="private") | |
| /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd:add() | |
| /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd:write-attribute(name="interface",value="private") | |
| /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd:write-attribute(name="port",value="57600") | |
| # 未使用設定の削除 | |
| /subsystem=jgroups/stack=tcp:remove | |
| /subsystem=jgroups/stack=udp:remove | |
| # Debug logging | |
| /subsystem=logging/logger=org.jgroups:add | |
| #/subsystem=logging/logger=org.jgroups:write-attribute(name=level,value=ALL) | |
| #/subsystem=logging/console-handler=CONSOLE/:write-attribute(name=level,value=ALL) | |
| /subsystem=logging/logger=org.jgroups:write-attribute(name=level,value=DEBUG) | |
| /subsystem=logging/console-handler=CONSOLE/:write-attribute(name=level,value=DEBUG) | |
| # access-log | |
| /subsystem=undertow/server=default-server/host=default-host/setting=access-log:add | |
| /subsystem=undertow/server=default-server/host=default-host/setting=access-log:write-attribute(name="use-server-log",value="true") | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| docker run --user root -it --rm --name test \ | |
| -v ${PWD}/docker-entrypoint.sh:/opt/jboss/docker-entrypoint.sh \ | |
| -v ${PWD}/srv:/srv \ | |
| test bash |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0' encoding='UTF-8'?> | |
| <server xmlns="urn:jboss:domain:5.0"> | |
| <extensions> | |
| <extension module="org.jboss.as.clustering.infinispan"/> | |
| <extension module="org.jboss.as.clustering.jgroups"/> | |
| <extension module="org.jboss.as.connector"/> | |
| <extension module="org.jboss.as.deployment-scanner"/> | |
| <extension module="org.jboss.as.ee"/> | |
| <extension module="org.jboss.as.ejb3"/> | |
| <extension module="org.jboss.as.jaxrs"/> | |
| <extension module="org.jboss.as.jmx"/> | |
| <extension module="org.jboss.as.jpa"/> | |
| <extension module="org.jboss.as.logging"/> | |
| <extension module="org.jboss.as.mail"/> | |
| <extension module="org.jboss.as.modcluster"/> | |
| <extension module="org.jboss.as.naming"/> | |
| <extension module="org.jboss.as.remoting"/> | |
| <extension module="org.jboss.as.security"/> | |
| <extension module="org.jboss.as.transactions"/> | |
| <extension module="org.keycloak.keycloak-server-subsystem"/> | |
| <extension module="org.wildfly.extension.bean-validation"/> | |
| <extension module="org.wildfly.extension.elytron"/> | |
| <extension module="org.wildfly.extension.io"/> | |
| <extension module="org.wildfly.extension.request-controller"/> | |
| <extension module="org.wildfly.extension.security.manager"/> | |
| <extension module="org.wildfly.extension.undertow"/> | |
| </extensions> | |
| <management> | |
| <security-realms> | |
| <security-realm name="ManagementRealm"> | |
| <authentication> | |
| <local default-user="$local" skip-group-loading="true"/> | |
| <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> | |
| </authentication> | |
| <authorization map-groups-to-roles="false"> | |
| <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
| </authorization> | |
| </security-realm> | |
| <security-realm name="ApplicationRealm"> | |
| <server-identities> | |
| <ssl> | |
| <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> | |
| </ssl> | |
| </server-identities> | |
| <authentication> | |
| <local default-user="$local" allowed-users="*" skip-group-loading="true"/> | |
| <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> | |
| </authentication> | |
| <authorization> | |
| <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
| </authorization> | |
| </security-realm> | |
| </security-realms> | |
| <audit-log> | |
| <formatters> | |
| <json-formatter name="json-formatter"/> | |
| </formatters> | |
| <handlers> | |
| <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> | |
| </handlers> | |
| <logger log-boot="true" log-read-only="false" enabled="false"> | |
| <handlers> | |
| <handler name="file"/> | |
| </handlers> | |
| </logger> | |
| </audit-log> | |
| <management-interfaces> | |
| <http-interface security-realm="ManagementRealm"> | |
| <http-upgrade enabled="true"/> | |
| <socket-binding http="management-http"/> | |
| </http-interface> | |
| </management-interfaces> | |
| <access-control provider="simple"> | |
| <role-mapping> | |
| <role name="SuperUser"> | |
| <include> | |
| <user name="$local"/> | |
| </include> | |
| </role> | |
| </role-mapping> | |
| </access-control> | |
| </management> | |
| <profile> | |
| <subsystem xmlns="urn:jboss:domain:logging:3.0"> | |
| <console-handler name="CONSOLE"> | |
| <formatter> | |
| <named-formatter name="COLOR-PATTERN"/> | |
| </formatter> | |
| </console-handler> | |
| <logger category="com.arjuna"> | |
| <level name="WARN"/> | |
| </logger> | |
| <logger category="org.jboss.as.config"> | |
| <level name="DEBUG"/> | |
| </logger> | |
| <logger category="sun.rmi"> | |
| <level name="WARN"/> | |
| </logger> | |
| <logger category="org.keycloak"> | |
| <level name="${env.KEYCLOAK_LOGLEVEL:INFO}"/> | |
| </logger> | |
| <root-logger> | |
| <level name="${env.ROOT_LOGLEVEL:INFO}"/> | |
| <handlers> | |
| <handler name="CONSOLE"/> | |
| </handlers> | |
| </root-logger> | |
| <formatter name="PATTERN"> | |
| <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
| </formatter> | |
| <formatter name="COLOR-PATTERN"> | |
| <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
| </formatter> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:datasources:5.0"> | |
| <datasources> | |
| <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> | |
| <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url> | |
| <driver>h2</driver> | |
| <security> | |
| <user-name>sa</user-name> | |
| <password>sa</password> | |
| </security> | |
| </datasource> | |
| <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true"> | |
| <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url> | |
| <driver>h2</driver> | |
| <security> | |
| <user-name>sa</user-name> | |
| <password>sa</password> | |
| </security> | |
| </datasource> | |
| <drivers> | |
| <driver name="h2" module="com.h2database.h2"> | |
| <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> | |
| </driver> | |
| </drivers> | |
| </datasources> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"> | |
| <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:ee:4.0"> | |
| <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> | |
| <concurrent> | |
| <context-services> | |
| <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/> | |
| </context-services> | |
| <managed-thread-factories> | |
| <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/> | |
| </managed-thread-factories> | |
| <managed-executor-services> | |
| <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/> | |
| </managed-executor-services> | |
| <managed-scheduled-executor-services> | |
| <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/> | |
| </managed-scheduled-executor-services> | |
| </concurrent> | |
| <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:ejb3:5.0"> | |
| <session-bean> | |
| <stateless> | |
| <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> | |
| </stateless> | |
| <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/> | |
| <singleton default-access-timeout="5000"/> | |
| </session-bean> | |
| <pools> | |
| <bean-instance-pools> | |
| <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
| <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
| </bean-instance-pools> | |
| </pools> | |
| <caches> | |
| <cache name="simple"/> | |
| <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/> | |
| </caches> | |
| <passivation-stores> | |
| <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/> | |
| </passivation-stores> | |
| <async thread-pool-name="default"/> | |
| <timer-service thread-pool-name="default" default-data-store="default-file-store"> | |
| <data-stores> | |
| <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/> | |
| </data-stores> | |
| </timer-service> | |
| <remote connector-ref="http-remoting-connector" thread-pool-name="default"> | |
| <channel-creation-options> | |
| <option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/> | |
| <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/> | |
| </channel-creation-options> | |
| </remote> | |
| <thread-pools> | |
| <thread-pool name="default"> | |
| <max-threads count="10"/> | |
| <keepalive-time time="100" unit="milliseconds"/> | |
| </thread-pool> | |
| </thread-pools> | |
| <default-security-domain value="other"/> | |
| <default-missing-method-permissions-deny-access value="true"/> | |
| <log-system-exceptions value="true"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:io:2.0"> | |
| <worker name="default"/> | |
| <buffer-pool name="default"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:infinispan:4.0"> | |
| <cache-container name="keycloak" jndi-name="infinispan/Keycloak"> | |
| <transport lock-timeout="60000"/> | |
| <local-cache name="realms"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="users"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="authorization"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="keys"> | |
| <eviction strategy="LRU" max-entries="1000"/> | |
| <expiration max-idle="3600000"/> | |
| </local-cache> | |
| <replicated-cache name="work" mode="SYNC"/> | |
| <distributed-cache name="sessions" mode="SYNC" owners="1"/> | |
| <distributed-cache name="authenticationSessions" mode="SYNC" owners="1"/> | |
| <distributed-cache name="offlineSessions" mode="SYNC" owners="1"/> | |
| <distributed-cache name="clientSessions" mode="SYNC" owners="1"/> | |
| <distributed-cache name="offlineClientSessions" mode="SYNC" owners="1"/> | |
| <distributed-cache name="loginFailures" mode="SYNC" owners="1"/> | |
| <distributed-cache name="actionTokens" mode="SYNC" owners="2"> | |
| <eviction strategy="NONE" max-entries="-1"/> | |
| <expiration interval="300000" max-idle="-1"/> | |
| </distributed-cache> | |
| </cache-container> | |
| <cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server"> | |
| <transport lock-timeout="60000"/> | |
| <replicated-cache name="default"> | |
| <transaction mode="BATCH"/> | |
| </replicated-cache> | |
| </cache-container> | |
| <cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan"> | |
| <transport lock-timeout="60000"/> | |
| <distributed-cache name="dist"> | |
| <locking isolation="REPEATABLE_READ"/> | |
| <transaction mode="BATCH"/> | |
| <file-store/> | |
| </distributed-cache> | |
| </cache-container> | |
| <cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan"> | |
| <transport lock-timeout="60000"/> | |
| <distributed-cache name="dist"> | |
| <locking isolation="REPEATABLE_READ"/> | |
| <transaction mode="BATCH"/> | |
| <file-store/> | |
| </distributed-cache> | |
| </cache-container> | |
| <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan"> | |
| <transport lock-timeout="60000"/> | |
| <local-cache name="local-query"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| <expiration max-idle="100000"/> | |
| </local-cache> | |
| <invalidation-cache name="entity"> | |
| <transaction mode="NON_XA"/> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| <expiration max-idle="100000"/> | |
| </invalidation-cache> | |
| <replicated-cache name="timestamps" mode="ASYNC"/> | |
| </cache-container> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:jca:5.0"> | |
| <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> | |
| <bean-validation enabled="true"/> | |
| <default-workmanager> | |
| <short-running-threads> | |
| <core-threads count="50"/> | |
| <queue-length count="50"/> | |
| <max-threads count="50"/> | |
| <keepalive-time time="10" unit="seconds"/> | |
| </short-running-threads> | |
| <long-running-threads> | |
| <core-threads count="50"/> | |
| <queue-length count="50"/> | |
| <max-threads count="50"/> | |
| <keepalive-time time="10" unit="seconds"/> | |
| </long-running-threads> | |
| </default-workmanager> | |
| <cached-connection-manager/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jgroups:5.0"> | |
| <channels default=""> | |
| <channel name="ee" stack="udp" cluster="ejb"/> | |
| </channels> | |
| <stacks> | |
| <stack name="udp"> | |
| <transport type="UDP" socket-binding="jgroups-udp"/> | |
| <protocol type="PING"/> | |
| <protocol type="MERGE3"/> | |
| <protocol type="FD_SOCK"/> | |
| <protocol type="FD_ALL"/> | |
| <protocol type="VERIFY_SUSPECT"/> | |
| <protocol type="pbcast.NAKACK2"/> | |
| <protocol type="UNICAST3"/> | |
| <protocol type="pbcast.STABLE"/> | |
| <protocol type="pbcast.GMS"/> | |
| <protocol type="UFC"/> | |
| <protocol type="MFC"/> | |
| <protocol type="FRAG2"/> | |
| </stack> | |
| <stack name="tcp"> | |
| <transport type="TCP" socket-binding="jgroups-tcp"/> | |
| <socket-protocol type="MPING" socket-binding="jgroups-mping"/> | |
| <protocol type="MERGE3"/> | |
| <protocol type="FD_SOCK"/> | |
| <protocol type="FD_ALL"/> | |
| <protocol type="VERIFY_SUSPECT"/> | |
| <protocol type="pbcast.NAKACK2"/> | |
| <protocol type="UNICAST3"/> | |
| <protocol type="pbcast.STABLE"/> | |
| <protocol type="pbcast.GMS"/> | |
| <protocol type="MFC"/> | |
| <protocol type="FRAG2"/> | |
| </stack> | |
| </stacks> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jmx:1.3"> | |
| <expose-resolved-model/> | |
| <expose-expression-model/> | |
| <remoting-connector/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jpa:1.1"> | |
| <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:mail:3.0"> | |
| <mail-session name="default" jndi-name="java:jboss/mail/Default"> | |
| <smtp-server outbound-socket-binding-ref="mail-smtp"/> | |
| </mail-session> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:modcluster:3.0"> | |
| <mod-cluster-config advertise-socket="modcluster" connector="ajp"> | |
| <dynamic-load-provider> | |
| <load-metric type="cpu"/> | |
| </dynamic-load-provider> | |
| </mod-cluster-config> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:naming:2.0"> | |
| <remote-naming/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:remoting:4.0"> | |
| <endpoint/> | |
| <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> | |
| <deployment-permissions> | |
| <maximum-set> | |
| <permission class="java.security.AllPermission"/> | |
| </maximum-set> | |
| </deployment-permissions> | |
| </subsystem> | |
| <subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> | |
| <providers> | |
| <aggregate-providers name="combined-providers"> | |
| <providers name="elytron"/> | |
| <providers name="openssl"/> | |
| </aggregate-providers> | |
| <provider-loader name="elytron" module="org.wildfly.security.elytron"/> | |
| <provider-loader name="openssl" module="org.wildfly.openssl"/> | |
| </providers> | |
| <audit-logging> | |
| <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/> | |
| </audit-logging> | |
| <security-domains> | |
| <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper"> | |
| <realm name="ApplicationRealm" role-decoder="groups-to-roles"/> | |
| <realm name="local"/> | |
| </security-domain> | |
| <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper"> | |
| <realm name="ManagementRealm" role-decoder="groups-to-roles"/> | |
| <realm name="local" role-mapper="super-user-mapper"/> | |
| </security-domain> | |
| </security-domains> | |
| <security-realms> | |
| <identity-realm name="local" identity="$local"/> | |
| <properties-realm name="ApplicationRealm"> | |
| <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> | |
| <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
| </properties-realm> | |
| <properties-realm name="ManagementRealm"> | |
| <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> | |
| <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
| </properties-realm> | |
| </security-realms> | |
| <mappers> | |
| <simple-permission-mapper name="default-permission-mapper" mapping-mode="first"> | |
| <permission-mapping> | |
| <principal name="anonymous"/> | |
| <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
| <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
| <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
| </permission-mapping> | |
| <permission-mapping match-all="true"> | |
| <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | |
| <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
| <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
| <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
| </permission-mapping> | |
| </simple-permission-mapper> | |
| <constant-realm-mapper name="local" realm-name="local"/> | |
| <simple-role-decoder name="groups-to-roles" attribute="groups"/> | |
| <constant-role-mapper name="super-user-mapper"> | |
| <role name="SuperUser"/> | |
| </constant-role-mapper> | |
| </mappers> | |
| <http> | |
| <http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="DIGEST"> | |
| <mechanism-realm realm-name="ManagementRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </http-authentication-factory> | |
| <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="BASIC"> | |
| <mechanism-realm realm-name="Application Realm"/> | |
| </mechanism> | |
| <mechanism mechanism-name="FORM"/> | |
| </mechanism-configuration> | |
| </http-authentication-factory> | |
| <provider-http-server-mechanism-factory name="global"/> | |
| </http> | |
| <sasl> | |
| <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
| <mechanism mechanism-name="DIGEST-MD5"> | |
| <mechanism-realm realm-name="ManagementRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </sasl-authentication-factory> | |
| <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
| <mechanism mechanism-name="DIGEST-MD5"> | |
| <mechanism-realm realm-name="ApplicationRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </sasl-authentication-factory> | |
| <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron"> | |
| <properties> | |
| <property name="wildfly.sasl.local-user.default-user" value="$local"/> | |
| </properties> | |
| </configurable-sasl-server-factory> | |
| <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global"> | |
| <filters> | |
| <filter provider-name="WildFlyElytron"/> | |
| </filters> | |
| </mechanism-provider-filtering-sasl-server-factory> | |
| <provider-sasl-server-factory name="global"/> | |
| </sasl> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:security:2.0"> | |
| <security-domains> | |
| <security-domain name="other" cache-type="default"> | |
| <authentication> | |
| <login-module code="Remoting" flag="optional"> | |
| <module-option name="password-stacking" value="useFirstPass"/> | |
| </login-module> | |
| <login-module code="RealmDirect" flag="required"> | |
| <module-option name="password-stacking" value="useFirstPass"/> | |
| </login-module> | |
| </authentication> | |
| </security-domain> | |
| <security-domain name="jboss-web-policy" cache-type="default"> | |
| <authorization> | |
| <policy-module code="Delegating" flag="required"/> | |
| </authorization> | |
| </security-domain> | |
| <security-domain name="jboss-ejb-policy" cache-type="default"> | |
| <authorization> | |
| <policy-module code="Delegating" flag="required"/> | |
| </authorization> | |
| </security-domain> | |
| <security-domain name="jaspitest" cache-type="default"> | |
| <authentication-jaspi> | |
| <login-module-stack name="dummy"> | |
| <login-module code="Dummy" flag="optional"/> | |
| </login-module-stack> | |
| <auth-module code="Dummy"/> | |
| </authentication-jaspi> | |
| </security-domain> | |
| </security-domains> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:transactions:4.0"> | |
| <core-environment> | |
| <process-id> | |
| <uuid/> | |
| </process-id> | |
| </core-environment> | |
| <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> | |
| <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:undertow:4.0"> | |
| <buffer-cache name="default"/> | |
| <server name="default-server"> | |
| <ajp-listener name="ajp" socket-binding="ajp"/> | |
| <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" enable-http2="true"/> | |
| <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/> | |
| <host name="default-host" alias="localhost"> | |
| <location name="/" handler="welcome-content"/> | |
| <http-invoker security-realm="ApplicationRealm"/> | |
| </host> | |
| </server> | |
| <servlet-container name="default"> | |
| <jsp-config/> | |
| <websockets/> | |
| </servlet-container> | |
| <handlers> | |
| <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> | |
| </handlers> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> | |
| <web-context>auth</web-context> | |
| <providers> | |
| <provider> | |
| classpath:${jboss.home.dir}/providers/* | |
| </provider> | |
| </providers> | |
| <master-realm-name>master</master-realm-name> | |
| <scheduled-task-interval>900</scheduled-task-interval> | |
| <theme> | |
| <staticMaxAge>2592000</staticMaxAge> | |
| <cacheThemes>true</cacheThemes> | |
| <cacheTemplates>true</cacheTemplates> | |
| <dir>${jboss.home.dir}/themes</dir> | |
| </theme> | |
| <spi name="eventsStore"> | |
| <provider name="jpa" enabled="true"> | |
| <properties> | |
| <property name="exclude-events" value="["REFRESH_TOKEN"]"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="userCache"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="userSessionPersister"> | |
| <default-provider>jpa</default-provider> | |
| </spi> | |
| <spi name="timer"> | |
| <default-provider>basic</default-provider> | |
| </spi> | |
| <spi name="connectionsHttpClient"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="connectionsJpa"> | |
| <provider name="default" enabled="true"> | |
| <properties> | |
| <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/> | |
| <property name="initializeEmpty" value="true"/> | |
| <property name="migrationStrategy" value="update"/> | |
| <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="realmCache"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="connectionsInfinispan"> | |
| <default-provider>default</default-provider> | |
| <provider name="default" enabled="true"> | |
| <properties> | |
| <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="jta-lookup"> | |
| <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider> | |
| <provider name="jboss" enabled="true"/> | |
| </spi> | |
| <spi name="publicKeyStorage"> | |
| <provider name="infinispan" enabled="true"> | |
| <properties> | |
| <property name="minTimeBetweenRequests" value="10"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="x509cert-lookup"> | |
| <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| </subsystem> | |
| </profile> | |
| <interfaces> | |
| <interface name="management"> | |
| <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> | |
| </interface> | |
| <interface name="public"> | |
| <inet-address value="${jboss.bind.address:127.0.0.1}"/> | |
| </interface> | |
| <interface name="private"> | |
| <inet-address value="${jboss.bind.address.private:127.0.0.1}"/> | |
| </interface> | |
| </interfaces> | |
| <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> | |
| <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> | |
| <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> | |
| <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> | |
| <socket-binding name="http" port="${jboss.http.port:8080}"/> | |
| <socket-binding name="https" port="${jboss.https.port:8443}"/> | |
| <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/> | |
| <socket-binding name="jgroups-tcp" interface="private" port="7600"/> | |
| <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/> | |
| <socket-binding name="modcluster" port="0" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/> | |
| <socket-binding name="txn-recovery-environment" port="4712"/> | |
| <socket-binding name="txn-status-manager" port="4713"/> | |
| <outbound-socket-binding name="mail-smtp"> | |
| <remote-destination host="localhost" port="25"/> | |
| </outbound-socket-binding> | |
| </socket-binding-group> | |
| </server> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0' encoding='UTF-8'?> | |
| <server xmlns="urn:jboss:domain:5.0"> | |
| <extensions> | |
| <extension module="org.jboss.as.clustering.infinispan"/> | |
| <extension module="org.jboss.as.connector"/> | |
| <extension module="org.jboss.as.deployment-scanner"/> | |
| <extension module="org.jboss.as.ee"/> | |
| <extension module="org.jboss.as.ejb3"/> | |
| <extension module="org.jboss.as.jaxrs"/> | |
| <extension module="org.jboss.as.jmx"/> | |
| <extension module="org.jboss.as.jpa"/> | |
| <extension module="org.jboss.as.logging"/> | |
| <extension module="org.jboss.as.mail"/> | |
| <extension module="org.jboss.as.naming"/> | |
| <extension module="org.jboss.as.remoting"/> | |
| <extension module="org.jboss.as.security"/> | |
| <extension module="org.jboss.as.transactions"/> | |
| <extension module="org.keycloak.keycloak-server-subsystem"/> | |
| <extension module="org.wildfly.extension.bean-validation"/> | |
| <extension module="org.wildfly.extension.elytron"/> | |
| <extension module="org.wildfly.extension.io"/> | |
| <extension module="org.wildfly.extension.request-controller"/> | |
| <extension module="org.wildfly.extension.security.manager"/> | |
| <extension module="org.wildfly.extension.undertow"/> | |
| </extensions> | |
| <management> | |
| <security-realms> | |
| <security-realm name="ManagementRealm"> | |
| <authentication> | |
| <local default-user="$local" skip-group-loading="true"/> | |
| <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> | |
| </authentication> | |
| <authorization map-groups-to-roles="false"> | |
| <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
| </authorization> | |
| </security-realm> | |
| <security-realm name="ApplicationRealm"> | |
| <server-identities> | |
| <ssl> | |
| <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> | |
| </ssl> | |
| </server-identities> | |
| <authentication> | |
| <local default-user="$local" allowed-users="*" skip-group-loading="true"/> | |
| <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> | |
| </authentication> | |
| <authorization> | |
| <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
| </authorization> | |
| </security-realm> | |
| </security-realms> | |
| <audit-log> | |
| <formatters> | |
| <json-formatter name="json-formatter"/> | |
| </formatters> | |
| <handlers> | |
| <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> | |
| </handlers> | |
| <logger log-boot="true" log-read-only="false" enabled="false"> | |
| <handlers> | |
| <handler name="file"/> | |
| </handlers> | |
| </logger> | |
| </audit-log> | |
| <management-interfaces> | |
| <http-interface security-realm="ManagementRealm"> | |
| <http-upgrade enabled="true"/> | |
| <socket-binding http="management-http"/> | |
| </http-interface> | |
| </management-interfaces> | |
| <access-control provider="simple"> | |
| <role-mapping> | |
| <role name="SuperUser"> | |
| <include> | |
| <user name="$local"/> | |
| </include> | |
| </role> | |
| </role-mapping> | |
| </access-control> | |
| </management> | |
| <profile> | |
| <subsystem xmlns="urn:jboss:domain:logging:3.0"> | |
| <console-handler name="CONSOLE"> | |
| <formatter> | |
| <named-formatter name="COLOR-PATTERN"/> | |
| </formatter> | |
| </console-handler> | |
| <logger category="com.arjuna"> | |
| <level name="WARN"/> | |
| </logger> | |
| <logger category="org.jboss.as.config"> | |
| <level name="DEBUG"/> | |
| </logger> | |
| <logger category="sun.rmi"> | |
| <level name="WARN"/> | |
| </logger> | |
| <logger category="org.keycloak"> | |
| <level name="${env.KEYCLOAK_LOGLEVEL:INFO}"/> | |
| </logger> | |
| <root-logger> | |
| <level name="${env.ROOT_LOGLEVEL:INFO}"/> | |
| <handlers> | |
| <handler name="CONSOLE"/> | |
| </handlers> | |
| </root-logger> | |
| <formatter name="PATTERN"> | |
| <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
| </formatter> | |
| <formatter name="COLOR-PATTERN"> | |
| <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
| </formatter> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:datasources:5.0"> | |
| <datasources> | |
| <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> | |
| <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url> | |
| <driver>h2</driver> | |
| <security> | |
| <user-name>sa</user-name> | |
| <password>sa</password> | |
| </security> | |
| </datasource> | |
| <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" use-ccm="true"> | |
| <connection-url>jdbc:mysql://${env.DB_ADDR:mysql}:${env.DB_PORT:3306}/${env.DB_DATABASE:keycloak}${env.JDBC_PARAMS:}</connection-url> | |
| <driver>mysql</driver> | |
| <pool> | |
| <flush-strategy>IdleConnections</flush-strategy> | |
| </pool> | |
| <security> | |
| <user-name>${env.DB_USER:keycloak}</user-name> | |
| <password>${env.DB_PASSWORD:password}</password> | |
| </security> | |
| <validation> | |
| <check-valid-connection-sql>SELECT 1</check-valid-connection-sql> | |
| <background-validation>true</background-validation> | |
| <background-validation-millis>60000</background-validation-millis> | |
| </validation> | |
| </datasource> | |
| <drivers> | |
| <driver name="h2" module="com.h2database.h2"> | |
| <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> | |
| </driver> | |
| <driver name="mysql" module="com.mysql.jdbc"> | |
| <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class> | |
| </driver> | |
| </drivers> | |
| </datasources> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"> | |
| <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:ee:4.0"> | |
| <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> | |
| <concurrent> | |
| <context-services> | |
| <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/> | |
| </context-services> | |
| <managed-thread-factories> | |
| <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/> | |
| </managed-thread-factories> | |
| <managed-executor-services> | |
| <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/> | |
| </managed-executor-services> | |
| <managed-scheduled-executor-services> | |
| <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/> | |
| </managed-scheduled-executor-services> | |
| </concurrent> | |
| <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:ejb3:5.0"> | |
| <session-bean> | |
| <stateless> | |
| <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> | |
| </stateless> | |
| <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/> | |
| <singleton default-access-timeout="5000"/> | |
| </session-bean> | |
| <pools> | |
| <bean-instance-pools> | |
| <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
| <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
| </bean-instance-pools> | |
| </pools> | |
| <caches> | |
| <cache name="simple"/> | |
| <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/> | |
| </caches> | |
| <passivation-stores> | |
| <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/> | |
| </passivation-stores> | |
| <async thread-pool-name="default"/> | |
| <timer-service thread-pool-name="default" default-data-store="default-file-store"> | |
| <data-stores> | |
| <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/> | |
| </data-stores> | |
| </timer-service> | |
| <remote connector-ref="http-remoting-connector" thread-pool-name="default"> | |
| <channel-creation-options> | |
| <option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/> | |
| <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/> | |
| </channel-creation-options> | |
| </remote> | |
| <thread-pools> | |
| <thread-pool name="default"> | |
| <max-threads count="10"/> | |
| <keepalive-time time="100" unit="milliseconds"/> | |
| </thread-pool> | |
| </thread-pools> | |
| <default-security-domain value="other"/> | |
| <default-missing-method-permissions-deny-access value="true"/> | |
| <log-system-exceptions value="true"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:io:2.0"> | |
| <worker name="default"/> | |
| <buffer-pool name="default"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:infinispan:4.0"> | |
| <cache-container name="keycloak" jndi-name="infinispan/Keycloak"> | |
| <local-cache name="realms"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="users"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="sessions"/> | |
| <local-cache name="authenticationSessions"/> | |
| <local-cache name="offlineSessions"/> | |
| <local-cache name="clientSessions"/> | |
| <local-cache name="offlineClientSessions"/> | |
| <local-cache name="loginFailures"/> | |
| <local-cache name="work"/> | |
| <local-cache name="authorization"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="keys"> | |
| <eviction strategy="LRU" max-entries="1000"/> | |
| <expiration max-idle="3600000"/> | |
| </local-cache> | |
| <local-cache name="actionTokens"> | |
| <eviction strategy="NONE" max-entries="-1"/> | |
| <expiration interval="300000" max-idle="-1"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server"> | |
| <local-cache name="default"> | |
| <transaction mode="BATCH"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan"> | |
| <local-cache name="passivation"> | |
| <locking isolation="REPEATABLE_READ"/> | |
| <transaction mode="BATCH"/> | |
| <file-store passivation="true" purge="false"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan"> | |
| <local-cache name="passivation"> | |
| <locking isolation="REPEATABLE_READ"/> | |
| <transaction mode="BATCH"/> | |
| <file-store passivation="true" purge="false"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="hibernate" module="org.hibernate.infinispan"> | |
| <local-cache name="entity"> | |
| <transaction mode="NON_XA"/> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| <expiration max-idle="100000"/> | |
| </local-cache> | |
| <local-cache name="local-query"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| <expiration max-idle="100000"/> | |
| </local-cache> | |
| <local-cache name="timestamps"/> | |
| </cache-container> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:jca:5.0"> | |
| <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> | |
| <bean-validation enabled="true"/> | |
| <default-workmanager> | |
| <short-running-threads> | |
| <core-threads count="50"/> | |
| <queue-length count="50"/> | |
| <max-threads count="50"/> | |
| <keepalive-time time="10" unit="seconds"/> | |
| </short-running-threads> | |
| <long-running-threads> | |
| <core-threads count="50"/> | |
| <queue-length count="50"/> | |
| <max-threads count="50"/> | |
| <keepalive-time time="10" unit="seconds"/> | |
| </long-running-threads> | |
| </default-workmanager> | |
| <cached-connection-manager/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jmx:1.3"> | |
| <expose-resolved-model/> | |
| <expose-expression-model/> | |
| <remoting-connector/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jpa:1.1"> | |
| <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:mail:3.0"> | |
| <mail-session name="default" jndi-name="java:jboss/mail/Default"> | |
| <smtp-server outbound-socket-binding-ref="mail-smtp"/> | |
| </mail-session> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:naming:2.0"> | |
| <remote-naming/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:remoting:4.0"> | |
| <endpoint/> | |
| <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> | |
| <deployment-permissions> | |
| <maximum-set> | |
| <permission class="java.security.AllPermission"/> | |
| </maximum-set> | |
| </deployment-permissions> | |
| </subsystem> | |
| <subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> | |
| <providers> | |
| <aggregate-providers name="combined-providers"> | |
| <providers name="elytron"/> | |
| <providers name="openssl"/> | |
| </aggregate-providers> | |
| <provider-loader name="elytron" module="org.wildfly.security.elytron"/> | |
| <provider-loader name="openssl" module="org.wildfly.openssl"/> | |
| </providers> | |
| <audit-logging> | |
| <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/> | |
| </audit-logging> | |
| <security-domains> | |
| <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper"> | |
| <realm name="ApplicationRealm" role-decoder="groups-to-roles"/> | |
| <realm name="local"/> | |
| </security-domain> | |
| <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper"> | |
| <realm name="ManagementRealm" role-decoder="groups-to-roles"/> | |
| <realm name="local" role-mapper="super-user-mapper"/> | |
| </security-domain> | |
| </security-domains> | |
| <security-realms> | |
| <identity-realm name="local" identity="$local"/> | |
| <properties-realm name="ApplicationRealm"> | |
| <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> | |
| <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
| </properties-realm> | |
| <properties-realm name="ManagementRealm"> | |
| <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> | |
| <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
| </properties-realm> | |
| </security-realms> | |
| <mappers> | |
| <simple-permission-mapper name="default-permission-mapper" mapping-mode="first"> | |
| <permission-mapping> | |
| <principal name="anonymous"/> | |
| <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
| <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
| <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
| </permission-mapping> | |
| <permission-mapping match-all="true"> | |
| <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | |
| <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
| <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
| <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
| </permission-mapping> | |
| </simple-permission-mapper> | |
| <constant-realm-mapper name="local" realm-name="local"/> | |
| <simple-role-decoder name="groups-to-roles" attribute="groups"/> | |
| <constant-role-mapper name="super-user-mapper"> | |
| <role name="SuperUser"/> | |
| </constant-role-mapper> | |
| </mappers> | |
| <http> | |
| <http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="DIGEST"> | |
| <mechanism-realm realm-name="ManagementRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </http-authentication-factory> | |
| <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="BASIC"> | |
| <mechanism-realm realm-name="Application Realm"/> | |
| </mechanism> | |
| <mechanism mechanism-name="FORM"/> | |
| </mechanism-configuration> | |
| </http-authentication-factory> | |
| <provider-http-server-mechanism-factory name="global"/> | |
| </http> | |
| <sasl> | |
| <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
| <mechanism mechanism-name="DIGEST-MD5"> | |
| <mechanism-realm realm-name="ManagementRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </sasl-authentication-factory> | |
| <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
| <mechanism mechanism-name="DIGEST-MD5"> | |
| <mechanism-realm realm-name="ApplicationRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </sasl-authentication-factory> | |
| <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron"> | |
| <properties> | |
| <property name="wildfly.sasl.local-user.default-user" value="$local"/> | |
| </properties> | |
| </configurable-sasl-server-factory> | |
| <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global"> | |
| <filters> | |
| <filter provider-name="WildFlyElytron"/> | |
| </filters> | |
| </mechanism-provider-filtering-sasl-server-factory> | |
| <provider-sasl-server-factory name="global"/> | |
| </sasl> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:security:2.0"> | |
| <security-domains> | |
| <security-domain name="other" cache-type="default"> | |
| <authentication> | |
| <login-module code="Remoting" flag="optional"> | |
| <module-option name="password-stacking" value="useFirstPass"/> | |
| </login-module> | |
| <login-module code="RealmDirect" flag="required"> | |
| <module-option name="password-stacking" value="useFirstPass"/> | |
| </login-module> | |
| </authentication> | |
| </security-domain> | |
| <security-domain name="jboss-web-policy" cache-type="default"> | |
| <authorization> | |
| <policy-module code="Delegating" flag="required"/> | |
| </authorization> | |
| </security-domain> | |
| <security-domain name="jboss-ejb-policy" cache-type="default"> | |
| <authorization> | |
| <policy-module code="Delegating" flag="required"/> | |
| </authorization> | |
| </security-domain> | |
| <security-domain name="jaspitest" cache-type="default"> | |
| <authentication-jaspi> | |
| <login-module-stack name="dummy"> | |
| <login-module code="Dummy" flag="optional"/> | |
| </login-module-stack> | |
| <auth-module code="Dummy"/> | |
| </authentication-jaspi> | |
| </security-domain> | |
| </security-domains> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:transactions:4.0"> | |
| <core-environment> | |
| <process-id> | |
| <uuid/> | |
| </process-id> | |
| </core-environment> | |
| <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> | |
| <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:undertow:4.0"> | |
| <buffer-cache name="default"/> | |
| <server name="default-server"> | |
| <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" enable-http2="true"/> | |
| <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/> | |
| <host name="default-host" alias="localhost"> | |
| <location name="/" handler="welcome-content"/> | |
| <http-invoker security-realm="ApplicationRealm"/> | |
| </host> | |
| </server> | |
| <servlet-container name="default"> | |
| <jsp-config/> | |
| <websockets/> | |
| </servlet-container> | |
| <handlers> | |
| <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> | |
| </handlers> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> | |
| <web-context>auth</web-context> | |
| <providers> | |
| <provider> | |
| classpath:${jboss.home.dir}/providers/* | |
| </provider> | |
| </providers> | |
| <master-realm-name>master</master-realm-name> | |
| <scheduled-task-interval>900</scheduled-task-interval> | |
| <theme> | |
| <staticMaxAge>2592000</staticMaxAge> | |
| <cacheThemes>true</cacheThemes> | |
| <cacheTemplates>true</cacheTemplates> | |
| <dir>${jboss.home.dir}/themes</dir> | |
| </theme> | |
| <spi name="eventsStore"> | |
| <provider name="jpa" enabled="true"> | |
| <properties> | |
| <property name="exclude-events" value="["REFRESH_TOKEN"]"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="userCache"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="userSessionPersister"> | |
| <default-provider>jpa</default-provider> | |
| </spi> | |
| <spi name="timer"> | |
| <default-provider>basic</default-provider> | |
| </spi> | |
| <spi name="connectionsHttpClient"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="connectionsJpa"> | |
| <provider name="default" enabled="true"> | |
| <properties> | |
| <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/> | |
| <property name="initializeEmpty" value="true"/> | |
| <property name="migrationStrategy" value="update"/> | |
| <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="realmCache"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="connectionsInfinispan"> | |
| <default-provider>default</default-provider> | |
| <provider name="default" enabled="true"> | |
| <properties> | |
| <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="jta-lookup"> | |
| <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider> | |
| <provider name="jboss" enabled="true"/> | |
| </spi> | |
| <spi name="publicKeyStorage"> | |
| <provider name="infinispan" enabled="true"> | |
| <properties> | |
| <property name="minTimeBetweenRequests" value="10"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="x509cert-lookup"> | |
| <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| </subsystem> | |
| </profile> | |
| <interfaces> | |
| <interface name="management"> | |
| <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> | |
| </interface> | |
| <interface name="public"> | |
| <inet-address value="${jboss.bind.address:127.0.0.1}"/> | |
| </interface> | |
| </interfaces> | |
| <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> | |
| <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> | |
| <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> | |
| <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> | |
| <socket-binding name="http" port="${jboss.http.port:8080}"/> | |
| <socket-binding name="https" port="${jboss.https.port:8443}"/> | |
| <socket-binding name="txn-recovery-environment" port="4712"/> | |
| <socket-binding name="txn-status-manager" port="4713"/> | |
| <outbound-socket-binding name="mail-smtp"> | |
| <remote-destination host="localhost" port="25"/> | |
| </outbound-socket-binding> | |
| </socket-binding-group> | |
| </server> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0' encoding='UTF-8'?> | |
| <server xmlns="urn:jboss:domain:5.0"> | |
| <extensions> | |
| <extension module="org.jboss.as.clustering.infinispan"/> | |
| <extension module="org.jboss.as.connector"/> | |
| <extension module="org.jboss.as.deployment-scanner"/> | |
| <extension module="org.jboss.as.ee"/> | |
| <extension module="org.jboss.as.ejb3"/> | |
| <extension module="org.jboss.as.jaxrs"/> | |
| <extension module="org.jboss.as.jmx"/> | |
| <extension module="org.jboss.as.jpa"/> | |
| <extension module="org.jboss.as.logging"/> | |
| <extension module="org.jboss.as.mail"/> | |
| <extension module="org.jboss.as.naming"/> | |
| <extension module="org.jboss.as.remoting"/> | |
| <extension module="org.jboss.as.security"/> | |
| <extension module="org.jboss.as.transactions"/> | |
| <extension module="org.keycloak.keycloak-server-subsystem"/> | |
| <extension module="org.wildfly.extension.bean-validation"/> | |
| <extension module="org.wildfly.extension.elytron"/> | |
| <extension module="org.wildfly.extension.io"/> | |
| <extension module="org.wildfly.extension.request-controller"/> | |
| <extension module="org.wildfly.extension.security.manager"/> | |
| <extension module="org.wildfly.extension.undertow"/> | |
| </extensions> | |
| <management> | |
| <security-realms> | |
| <security-realm name="ManagementRealm"> | |
| <authentication> | |
| <local default-user="$local" skip-group-loading="true"/> | |
| <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> | |
| </authentication> | |
| <authorization map-groups-to-roles="false"> | |
| <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
| </authorization> | |
| </security-realm> | |
| <security-realm name="ApplicationRealm"> | |
| <server-identities> | |
| <ssl> | |
| <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> | |
| </ssl> | |
| </server-identities> | |
| <authentication> | |
| <local default-user="$local" allowed-users="*" skip-group-loading="true"/> | |
| <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> | |
| </authentication> | |
| <authorization> | |
| <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
| </authorization> | |
| </security-realm> | |
| </security-realms> | |
| <audit-log> | |
| <formatters> | |
| <json-formatter name="json-formatter"/> | |
| </formatters> | |
| <handlers> | |
| <file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/> | |
| </handlers> | |
| <logger log-boot="true" log-read-only="false" enabled="false"> | |
| <handlers> | |
| <handler name="file"/> | |
| </handlers> | |
| </logger> | |
| </audit-log> | |
| <management-interfaces> | |
| <http-interface security-realm="ManagementRealm"> | |
| <http-upgrade enabled="true"/> | |
| <socket-binding http="management-http"/> | |
| </http-interface> | |
| </management-interfaces> | |
| <access-control provider="simple"> | |
| <role-mapping> | |
| <role name="SuperUser"> | |
| <include> | |
| <user name="$local"/> | |
| </include> | |
| </role> | |
| </role-mapping> | |
| </access-control> | |
| </management> | |
| <profile> | |
| <subsystem xmlns="urn:jboss:domain:logging:3.0"> | |
| <console-handler name="CONSOLE"> | |
| <formatter> | |
| <named-formatter name="COLOR-PATTERN"/> | |
| </formatter> | |
| </console-handler> | |
| <logger category="com.arjuna"> | |
| <level name="WARN"/> | |
| </logger> | |
| <logger category="org.jboss.as.config"> | |
| <level name="DEBUG"/> | |
| </logger> | |
| <logger category="sun.rmi"> | |
| <level name="WARN"/> | |
| </logger> | |
| <logger category="org.keycloak"> | |
| <level name="${env.KEYCLOAK_LOGLEVEL:INFO}"/> | |
| </logger> | |
| <root-logger> | |
| <level name="${env.ROOT_LOGLEVEL:INFO}"/> | |
| <handlers> | |
| <handler name="CONSOLE"/> | |
| </handlers> | |
| </root-logger> | |
| <formatter name="PATTERN"> | |
| <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
| </formatter> | |
| <formatter name="COLOR-PATTERN"> | |
| <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> | |
| </formatter> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:datasources:5.0"> | |
| <datasources> | |
| <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> | |
| <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url> | |
| <driver>h2</driver> | |
| <security> | |
| <user-name>sa</user-name> | |
| <password>sa</password> | |
| </security> | |
| </datasource> | |
| <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true"> | |
| <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url> | |
| <driver>h2</driver> | |
| <security> | |
| <user-name>sa</user-name> | |
| <password>sa</password> | |
| </security> | |
| </datasource> | |
| <drivers> | |
| <driver name="h2" module="com.h2database.h2"> | |
| <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> | |
| </driver> | |
| </drivers> | |
| </datasources> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"> | |
| <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:ee:4.0"> | |
| <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> | |
| <concurrent> | |
| <context-services> | |
| <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/> | |
| </context-services> | |
| <managed-thread-factories> | |
| <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/> | |
| </managed-thread-factories> | |
| <managed-executor-services> | |
| <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/> | |
| </managed-executor-services> | |
| <managed-scheduled-executor-services> | |
| <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/> | |
| </managed-scheduled-executor-services> | |
| </concurrent> | |
| <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:ejb3:5.0"> | |
| <session-bean> | |
| <stateless> | |
| <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> | |
| </stateless> | |
| <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/> | |
| <singleton default-access-timeout="5000"/> | |
| </session-bean> | |
| <pools> | |
| <bean-instance-pools> | |
| <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
| <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> | |
| </bean-instance-pools> | |
| </pools> | |
| <caches> | |
| <cache name="simple"/> | |
| <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/> | |
| </caches> | |
| <passivation-stores> | |
| <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/> | |
| </passivation-stores> | |
| <async thread-pool-name="default"/> | |
| <timer-service thread-pool-name="default" default-data-store="default-file-store"> | |
| <data-stores> | |
| <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/> | |
| </data-stores> | |
| </timer-service> | |
| <remote connector-ref="http-remoting-connector" thread-pool-name="default"> | |
| <channel-creation-options> | |
| <option name="READ_TIMEOUT" value="${prop.remoting-connector.read.timeout:20}" type="xnio"/> | |
| <option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/> | |
| </channel-creation-options> | |
| </remote> | |
| <thread-pools> | |
| <thread-pool name="default"> | |
| <max-threads count="10"/> | |
| <keepalive-time time="100" unit="milliseconds"/> | |
| </thread-pool> | |
| </thread-pools> | |
| <default-security-domain value="other"/> | |
| <default-missing-method-permissions-deny-access value="true"/> | |
| <log-system-exceptions value="true"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:io:2.0"> | |
| <worker name="default"/> | |
| <buffer-pool name="default"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:infinispan:4.0"> | |
| <cache-container name="keycloak" jndi-name="infinispan/Keycloak"> | |
| <local-cache name="realms"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="users"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="sessions"/> | |
| <local-cache name="authenticationSessions"/> | |
| <local-cache name="offlineSessions"/> | |
| <local-cache name="clientSessions"/> | |
| <local-cache name="offlineClientSessions"/> | |
| <local-cache name="loginFailures"/> | |
| <local-cache name="work"/> | |
| <local-cache name="authorization"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| </local-cache> | |
| <local-cache name="keys"> | |
| <eviction strategy="LRU" max-entries="1000"/> | |
| <expiration max-idle="3600000"/> | |
| </local-cache> | |
| <local-cache name="actionTokens"> | |
| <eviction strategy="NONE" max-entries="-1"/> | |
| <expiration interval="300000" max-idle="-1"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server"> | |
| <local-cache name="default"> | |
| <transaction mode="BATCH"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan"> | |
| <local-cache name="passivation"> | |
| <locking isolation="REPEATABLE_READ"/> | |
| <transaction mode="BATCH"/> | |
| <file-store passivation="true" purge="false"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan"> | |
| <local-cache name="passivation"> | |
| <locking isolation="REPEATABLE_READ"/> | |
| <transaction mode="BATCH"/> | |
| <file-store passivation="true" purge="false"/> | |
| </local-cache> | |
| </cache-container> | |
| <cache-container name="hibernate" module="org.hibernate.infinispan"> | |
| <local-cache name="entity"> | |
| <transaction mode="NON_XA"/> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| <expiration max-idle="100000"/> | |
| </local-cache> | |
| <local-cache name="local-query"> | |
| <eviction strategy="LRU" max-entries="10000"/> | |
| <expiration max-idle="100000"/> | |
| </local-cache> | |
| <local-cache name="timestamps"/> | |
| </cache-container> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:jca:5.0"> | |
| <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> | |
| <bean-validation enabled="true"/> | |
| <default-workmanager> | |
| <short-running-threads> | |
| <core-threads count="50"/> | |
| <queue-length count="50"/> | |
| <max-threads count="50"/> | |
| <keepalive-time time="10" unit="seconds"/> | |
| </short-running-threads> | |
| <long-running-threads> | |
| <core-threads count="50"/> | |
| <queue-length count="50"/> | |
| <max-threads count="50"/> | |
| <keepalive-time time="10" unit="seconds"/> | |
| </long-running-threads> | |
| </default-workmanager> | |
| <cached-connection-manager/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jmx:1.3"> | |
| <expose-resolved-model/> | |
| <expose-expression-model/> | |
| <remoting-connector/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:jpa:1.1"> | |
| <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:mail:3.0"> | |
| <mail-session name="default" jndi-name="java:jboss/mail/Default"> | |
| <smtp-server outbound-socket-binding-ref="mail-smtp"/> | |
| </mail-session> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:naming:2.0"> | |
| <remote-naming/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:remoting:4.0"> | |
| <endpoint/> | |
| <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/> | |
| <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> | |
| <deployment-permissions> | |
| <maximum-set> | |
| <permission class="java.security.AllPermission"/> | |
| </maximum-set> | |
| </deployment-permissions> | |
| </subsystem> | |
| <subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> | |
| <providers> | |
| <aggregate-providers name="combined-providers"> | |
| <providers name="elytron"/> | |
| <providers name="openssl"/> | |
| </aggregate-providers> | |
| <provider-loader name="elytron" module="org.wildfly.security.elytron"/> | |
| <provider-loader name="openssl" module="org.wildfly.openssl"/> | |
| </providers> | |
| <audit-logging> | |
| <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/> | |
| </audit-logging> | |
| <security-domains> | |
| <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper"> | |
| <realm name="ApplicationRealm" role-decoder="groups-to-roles"/> | |
| <realm name="local"/> | |
| </security-domain> | |
| <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper"> | |
| <realm name="ManagementRealm" role-decoder="groups-to-roles"/> | |
| <realm name="local" role-mapper="super-user-mapper"/> | |
| </security-domain> | |
| </security-domains> | |
| <security-realms> | |
| <identity-realm name="local" identity="$local"/> | |
| <properties-realm name="ApplicationRealm"> | |
| <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> | |
| <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | |
| </properties-realm> | |
| <properties-realm name="ManagementRealm"> | |
| <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> | |
| <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | |
| </properties-realm> | |
| </security-realms> | |
| <mappers> | |
| <simple-permission-mapper name="default-permission-mapper" mapping-mode="first"> | |
| <permission-mapping> | |
| <principal name="anonymous"/> | |
| <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
| <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
| <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
| </permission-mapping> | |
| <permission-mapping match-all="true"> | |
| <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | |
| <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | |
| <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | |
| <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | |
| </permission-mapping> | |
| </simple-permission-mapper> | |
| <constant-realm-mapper name="local" realm-name="local"/> | |
| <simple-role-decoder name="groups-to-roles" attribute="groups"/> | |
| <constant-role-mapper name="super-user-mapper"> | |
| <role name="SuperUser"/> | |
| </constant-role-mapper> | |
| </mappers> | |
| <http> | |
| <http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="DIGEST"> | |
| <mechanism-realm realm-name="ManagementRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </http-authentication-factory> | |
| <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="BASIC"> | |
| <mechanism-realm realm-name="Application Realm"/> | |
| </mechanism> | |
| <mechanism mechanism-name="FORM"/> | |
| </mechanism-configuration> | |
| </http-authentication-factory> | |
| <provider-http-server-mechanism-factory name="global"/> | |
| </http> | |
| <sasl> | |
| <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
| <mechanism mechanism-name="DIGEST-MD5"> | |
| <mechanism-realm realm-name="ManagementRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </sasl-authentication-factory> | |
| <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain"> | |
| <mechanism-configuration> | |
| <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | |
| <mechanism mechanism-name="DIGEST-MD5"> | |
| <mechanism-realm realm-name="ApplicationRealm"/> | |
| </mechanism> | |
| </mechanism-configuration> | |
| </sasl-authentication-factory> | |
| <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron"> | |
| <properties> | |
| <property name="wildfly.sasl.local-user.default-user" value="$local"/> | |
| </properties> | |
| </configurable-sasl-server-factory> | |
| <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global"> | |
| <filters> | |
| <filter provider-name="WildFlyElytron"/> | |
| </filters> | |
| </mechanism-provider-filtering-sasl-server-factory> | |
| <provider-sasl-server-factory name="global"/> | |
| </sasl> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:security:2.0"> | |
| <security-domains> | |
| <security-domain name="other" cache-type="default"> | |
| <authentication> | |
| <login-module code="Remoting" flag="optional"> | |
| <module-option name="password-stacking" value="useFirstPass"/> | |
| </login-module> | |
| <login-module code="RealmDirect" flag="required"> | |
| <module-option name="password-stacking" value="useFirstPass"/> | |
| </login-module> | |
| </authentication> | |
| </security-domain> | |
| <security-domain name="jboss-web-policy" cache-type="default"> | |
| <authorization> | |
| <policy-module code="Delegating" flag="required"/> | |
| </authorization> | |
| </security-domain> | |
| <security-domain name="jboss-ejb-policy" cache-type="default"> | |
| <authorization> | |
| <policy-module code="Delegating" flag="required"/> | |
| </authorization> | |
| </security-domain> | |
| <security-domain name="jaspitest" cache-type="default"> | |
| <authentication-jaspi> | |
| <login-module-stack name="dummy"> | |
| <login-module code="Dummy" flag="optional"/> | |
| </login-module-stack> | |
| <auth-module code="Dummy"/> | |
| </authentication-jaspi> | |
| </security-domain> | |
| </security-domains> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:transactions:4.0"> | |
| <core-environment> | |
| <process-id> | |
| <uuid/> | |
| </process-id> | |
| </core-environment> | |
| <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> | |
| <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:undertow:4.0"> | |
| <buffer-cache name="default"/> | |
| <server name="default-server"> | |
| <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="${env.PROXY_ADDRESS_FORWARDING}" enable-http2="true"/> | |
| <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/> | |
| <host name="default-host" alias="localhost"> | |
| <location name="/" handler="welcome-content"/> | |
| <http-invoker security-realm="ApplicationRealm"/> | |
| </host> | |
| </server> | |
| <servlet-container name="default"> | |
| <jsp-config/> | |
| <websockets/> | |
| </servlet-container> | |
| <handlers> | |
| <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> | |
| </handlers> | |
| </subsystem> | |
| <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> | |
| <web-context>auth</web-context> | |
| <providers> | |
| <provider> | |
| classpath:${jboss.home.dir}/providers/* | |
| </provider> | |
| </providers> | |
| <master-realm-name>master</master-realm-name> | |
| <scheduled-task-interval>900</scheduled-task-interval> | |
| <theme> | |
| <staticMaxAge>2592000</staticMaxAge> | |
| <cacheThemes>true</cacheThemes> | |
| <cacheTemplates>true</cacheTemplates> | |
| <dir>${jboss.home.dir}/themes</dir> | |
| </theme> | |
| <spi name="eventsStore"> | |
| <provider name="jpa" enabled="true"> | |
| <properties> | |
| <property name="exclude-events" value="["REFRESH_TOKEN"]"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="userCache"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="userSessionPersister"> | |
| <default-provider>jpa</default-provider> | |
| </spi> | |
| <spi name="timer"> | |
| <default-provider>basic</default-provider> | |
| </spi> | |
| <spi name="connectionsHttpClient"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="connectionsJpa"> | |
| <provider name="default" enabled="true"> | |
| <properties> | |
| <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/> | |
| <property name="initializeEmpty" value="true"/> | |
| <property name="migrationStrategy" value="update"/> | |
| <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="realmCache"> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| <spi name="connectionsInfinispan"> | |
| <default-provider>default</default-provider> | |
| <provider name="default" enabled="true"> | |
| <properties> | |
| <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="jta-lookup"> | |
| <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider> | |
| <provider name="jboss" enabled="true"/> | |
| </spi> | |
| <spi name="publicKeyStorage"> | |
| <provider name="infinispan" enabled="true"> | |
| <properties> | |
| <property name="minTimeBetweenRequests" value="10"/> | |
| </properties> | |
| </provider> | |
| </spi> | |
| <spi name="x509cert-lookup"> | |
| <default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider> | |
| <provider name="default" enabled="true"/> | |
| </spi> | |
| </subsystem> | |
| </profile> | |
| <interfaces> | |
| <interface name="management"> | |
| <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> | |
| </interface> | |
| <interface name="public"> | |
| <inet-address value="${jboss.bind.address:127.0.0.1}"/> | |
| </interface> | |
| </interfaces> | |
| <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> | |
| <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> | |
| <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> | |
| <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> | |
| <socket-binding name="http" port="${jboss.http.port:8080}"/> | |
| <socket-binding name="https" port="${jboss.https.port:8443}"/> | |
| <socket-binding name="txn-recovery-environment" port="4712"/> | |
| <socket-binding name="txn-status-manager" port="4713"/> | |
| <outbound-socket-binding name="mail-smtp"> | |
| <remote-destination host="localhost" port="25"/> | |
| </outbound-socket-binding> | |
| </socket-binding-group> | |
| </server> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment