Skip to content

Instantly share code, notes, and snippets.

@darranl

darranl/Elytron Subsystem Description

Last active September 16, 2016 13:31
Show Gist options
  • Save darranl/140eda2dbd57995e776451532daf6c14 to your computer and use it in GitHub Desktop.
Save darranl/140eda2dbd57995e776451532daf6c14 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Elytron Subsystem Description
{
"outcome" => "success",
"result" => {
"description" => "The Elytron Subsystem",
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {
"configurable-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"model-description" => {"*" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-server-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this factory after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"filters" => {
"type" => LIST,
"description" => "List of filters to be evaluated sequentially combining the results using 'or'.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"predefined-filter" => {
"type" => STRING,
"description" => "A predefined filter to use to filter the mechanism name.",
"expressions-allowed" => true,
"nillable" => true,
"alternatives" => ["pattern-filter"],
"allowed" => [
"HASH_MD5",
"HASH_SHA",
"HASH_SHA_256",
"HASH_SHA_384",
"HASH_SHA_512",
"GS2",
"SCRAM",
"DIGEST",
"IEC_ISO_9798",
"EAP",
"MUTUAL",
"BINDING",
"RECOMMENDED"
]
},
"pattern-filter" => {
"type" => STRING,
"description" => "A regular expression based filter of the mechanism name.",
"expressions-allowed" => true,
"nillable" => false,
"alternatives" => ["predefined-filter"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"enabling" => {
"type" => BOOLEAN,
"description" => "Is this filter enabling or disabling the matched names.",
"expressions-allowed" => true,
"nillable" => true,
"default" => true
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"properties" => {
"type" => OBJECT,
"description" => "Custom properties to be passed in to the sasl server factory calls.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"protocol" => {
"type" => STRING,
"description" => "The protocol that should be passed into factory when creating the mechanism.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"sasl-server-factory" => {
"type" => STRING,
"description" => "The sasl server factory to be wrapped.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.sasl-server-factory",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"server-name" => {
"type" => STRING,
"description" => "The server name that should be passed into factory when creating the mechanism.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-role-mapper" => {
"description" => "Definition of a custom RoleMapper",
"model-description" => {"*" => {
"description" => "Definition of a custom RoleMapper",
"capabilities" => [{
"name" => "org.wildfly.security.role-mapper",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional key/value configuration for the RoleMapper",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "Fully qualified class name of the RoleMapper",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "Name of the module to use to load the RoleMapper",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"sasl-authentication-factory" => {
"description" => "Resource containing the association of a SecurityDomain with a SaslServerFactory.",
"model-description" => {"*" => {
"description" => "Resource containing the association of a SecurityDomain with a SaslServerFactory.",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-authentication-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this configuration after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"mechanism-configurations" => {
"type" => LIST,
"description" => "Mechanism specific configuration",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"mechanism-name" => {
"type" => STRING,
"description" => "The name of the mechanism the configuration applies to",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"host-name" => {
"type" => STRING,
"description" => "The host name this configuration applies to.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"protocol" => {
"type" => STRING,
"description" => "The protocol this configuration applies to.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"pre-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply before the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"post-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply after the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"final-name-rewriter" => {
"type" => STRING,
"description" => "The final name rewriter",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
},
"mechanism-realm-configurations" => {
"type" => LIST,
"description" => "Definition of the realm names as understood by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"realm-name" => {
"type" => STRING,
"description" => "The name of the realm to be presented by the mechanism",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"pre-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply before the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"post-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply after the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"final-name-rewriter" => {
"type" => STRING,
"description" => "The final name rewriter",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"credential-security-factory" => {
"type" => STRING,
"description" => "The security factory to use to obtain a credential as required by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.security-factory.credential",
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"sasl-server-factory" => {
"type" => STRING,
"description" => "The SaslServerFactory to associate with this resource",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.sasl-server-factory",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"security-domain" => {
"type" => STRING,
"description" => "The SecurityDomain to associate with this resource",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.security-domain",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"add-prefix-role-mapper" => {
"description" => "A role mapper definition for a role mapper that adds a prefix to each provided.",
"model-description" => {"*" => {
"description" => "A role mapper definition for a role mapper that adds a prefix to each provided.",
"capabilities" => [{
"name" => "org.wildfly.security.role-mapper",
"dynamic" => true
}],
"attributes" => {"prefix" => {
"type" => STRING,
"description" => "The prefix to add to each role.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"aggregate-http-server-mechanism-factory" => {
"description" => "A http server factory definition where the http server factory is an aggregation of other http server factories.",
"model-description" => {"*" => {
"description" => "A http server factory definition where the http server factory is an aggregation of other http server factories.",
"capabilities" => [{
"name" => "org.wildfly.security.http-server-mechanism-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The HTTP mechanisms available from this factory instance.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"http-server-factories" => {
"type" => LIST,
"description" => "The referenced http server factories to aggregate.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.http-server-mechanism-factory",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"empty-role-decoder" => {
"description" => "Definition of an empty RoleDecoder that never returns any roles.",
"model-description" => {"*" => {
"description" => "Definition of an empty RoleDecoder that never returns any roles.",
"capabilities" => [{
"name" => "org.wildfly.security.role-decoder",
"dynamic" => true
}],
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"mapped-regex-realm-mapper" => {
"description" => "Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.",
"model-description" => {"*" => {
"description" => "Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.",
"capabilities" => [{
"name" => "org.wildfly.security.realm-mapper",
"dynamic" => true
}],
"attributes" => {
"delegate-realm-mapper" => {
"type" => STRING,
"description" => "The RealmMapper to delegate to if there is no match using the pattern.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"pattern" => {
"type" => STRING,
"description" => "The regular expression which must contain at least one capture group to extract the realm from the name.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"realm-map" => {
"type" => OBJECT,
"description" => "Mapping of realm name extracted using the regular expression to a defined realm name.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"properties-realm" => {
"description" => "A security realm definition backed by properties files.",
"model-description" => {"*" => {
"description" => "A security realm definition backed by properties files.",
"capabilities" => [{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
}],
"attributes" => {
"groups-attribute" => {
"type" => STRING,
"description" => "The name of the attribute in the returned AuthorizationIdentity that should contain the group membership information for the identity.",
"expressions-allowed" => true,
"nillable" => true,
"default" => "groups",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"groups-properties" => {
"type" => OBJECT,
"description" => "The properties file containing the users and their groups.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"path" => {
"type" => STRING,
"description" => "The path to the file containing the users and their groups.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"relative-to" => {
"type" => STRING,
"description" => "The pre-defined path the path is relative to.",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"plain-text" => {
"type" => BOOLEAN,
"description" => "Are the passwords store in plain text within the properties file?",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"synchronized" => {
"type" => STRING,
"description" => "The time the properties files that back this realm were last loaded.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"users-properties" => {
"type" => OBJECT,
"description" => "The properties file containing the users and their passwords.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"path" => {
"type" => STRING,
"description" => "The path to the file containing the users and their passwords.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"relative-to" => {
"type" => STRING,
"description" => "The pre-defined path the path is relative to.",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"trust-managers" => {
"description" => "A trust manager definition for creating the TrustManager[] as used to create an SSLContext.",
"model-description" => {"*" => {
"description" => "A trust manager definition for creating the TrustManager[] as used to create an SSLContext.",
"capabilities" => [{
"name" => "org.wildfly.security.trust-managers",
"dynamic" => true
}],
"attributes" => {
"algorithm" => {
"type" => STRING,
"description" => "The name of the algorithm to use to create the underlying TrustManagerFactory.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-store" => {
"type" => STRING,
"description" => "Reference to the KeyStore to use to initialise the underlying TrustManagerFactory.",
"expressions-allowed" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider" => {
"type" => STRING,
"description" => "The name of the provider to use to create the underlying TrustManagerFactory.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider-loader" => {
"type" => STRING,
"description" => "Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.",
"expressions-allowed" => true,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"http-authentication-factory" => {
"description" => "Resource containing the association of a SecurityDomain with a HttpServerAuthenticationMechanismFactory.",
"model-description" => {"*" => {
"description" => "Resource containing the association of a SecurityDomain with a HttpServerAuthenticationMechanismFactory.",
"capabilities" => [{
"name" => "org.wildfly.security.http-authentication-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The HTTP mechanisms available from this configuration after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"http-server-mechanism-factory" => {
"type" => STRING,
"description" => "The HttpServerAuthenticationMechanismFactory to associate with this resource",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.http-server-mechanism-factory",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"mechanism-configurations" => {
"type" => LIST,
"description" => "Mechanism specific configuration",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"mechanism-name" => {
"type" => STRING,
"description" => "The name of the mechanism the configuration applies to",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"host-name" => {
"type" => STRING,
"description" => "The host name this configuration applies to.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"protocol" => {
"type" => STRING,
"description" => "The protocol this configuration applies to.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"pre-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply before the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"post-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply after the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"final-name-rewriter" => {
"type" => STRING,
"description" => "The final name rewriter",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
},
"mechanism-realm-configurations" => {
"type" => LIST,
"description" => "Definition of the realm names as understood by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"realm-name" => {
"type" => STRING,
"description" => "The name of the realm to be presented by the mechanism",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"pre-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply before the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"post-realm-name-rewriter" => {
"type" => STRING,
"description" => "A name rewriter to apply after the realm is selected",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"final-name-rewriter" => {
"type" => STRING,
"description" => "The final name rewriter",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"credential-security-factory" => {
"type" => STRING,
"description" => "The security factory to use to obtain a credential as required by the mechanism",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.security-factory.credential",
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"security-domain" => {
"type" => STRING,
"description" => "The SecurityDomain to associate with this resource",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.security-domain",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"filesystem-realm" => {
"description" => "A simple security realm definition backed by the filesystem.",
"model-description" => {"*" => {
"description" => "A simple security realm definition backed by the filesystem.",
"capabilities" => [
{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
},
{
"name" => "org.wildfly.security.modifiable-security-realm",
"dynamic" => true
}
],
"attributes" => {
"levels" => {
"type" => INT,
"description" => "The number of levels of directory hashing to apply.",
"expressions-allowed" => false,
"nillable" => true,
"default" => 2,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"name-rewriter" => {
"type" => STRING,
"description" => "The name of the NameRewriter to use.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"path" => {
"type" => STRING,
"description" => "The path to the file containing the realm.",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"relative-to" => {
"type" => STRING,
"description" => "The pre-defined path the path is relative to.",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"identity" => {
"description" => "An identity which can be managed by a security realm.",
"model-description" => {"*" => {
"description" => "An identity which can be managed by a security realm.",
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"logical-role-mapper" => {
"description" => "A RoleMapper definition for a RoleMapper that performs a logical operation using two referenced RoleMappers.",
"model-description" => {"*" => {
"description" => "A RoleMapper definition for a RoleMapper that performs a logical operation using two referenced RoleMappers.",
"capabilities" => [{
"name" => "org.wildfly.security.role-mapper",
"dynamic" => true
}],
"attributes" => {
"left" => {
"type" => STRING,
"description" => "Reference to a role mapper to be used on the left side of the operation.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.role-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"logical-operation" => {
"type" => STRING,
"description" => "The logical operation to be performed on the role mapper mappings.",
"expressions-allowed" => true,
"nillable" => false,
"allowed" => [
"and",
"minus",
"or",
"xor"
],
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"right" => {
"type" => STRING,
"description" => "Reference to a role mapper to be used on the right side of the operation.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.role-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"security-property" => {
"description" => "A definition of a security property to be set.",
"model-description" => {"*" => {
"description" => "A definition of a security property to be set.",
"attributes" => {"value" => {
"type" => STRING,
"description" => "The value to set the security property to.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"ldap-key-store" => {
"description" => "A LdapKeyStore definition.",
"model-description" => {"*" => {
"description" => "A LdapKeyStore definition.",
"capabilities" => [{
"name" => "org.wildfly.security.key-store",
"dynamic" => true
}],
"attributes" => {
"dir-context" => {
"type" => STRING,
"description" => "The name of DirContext, which will be used to communication with LDAP server.",
"expressions-allowed" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.dir-context",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"size" => {
"type" => INT,
"description" => "The size of LDAP KeyStore in amount of items/aliases.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"state" => {
"type" => STRING,
"description" => "The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"DOWN",
"STARTING",
"START_FAILED",
"UP",
"STOPPING",
"REMOVED"
],
"access-type" => "read-only",
"storage" => "runtime"
},
"alias-attribute" => {
"type" => STRING,
"description" => "The name of LDAP attribute, where will be item alias stored.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"certificate-attribute" => {
"type" => STRING,
"description" => "The name of LDAP attribute, where will be certificate stored.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"certificate-chain-attribute" => {
"type" => STRING,
"description" => "The name of LDAP attribute, where will be certificate chain stored.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"certificate-chain-encoding" => {
"type" => STRING,
"description" => "The encoding of the certificate chain.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"certificate-type" => {
"type" => STRING,
"description" => "The type of the Certificate.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-attribute" => {
"type" => STRING,
"description" => "The name of LDAP attribute, where will be key stored.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-type" => {
"type" => STRING,
"description" => "The type of KeyStore, in which will be key serialized to LDAP attribute.",
"attribute-group" => "attribute-mapping",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"new-item-attributes" => {
"type" => LIST,
"description" => "The LDAP attributes, which will be set for newly created items.",
"attribute-group" => "new-item-template",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"name" => {
"type" => STRING,
"description" => "The name of the LDAP attribute.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => LIST,
"description" => "The value of LDAP attribute.",
"expressions-allowed" => true,
"nillable" => false,
"value-type" => STRING
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"new-item-path" => {
"type" => STRING,
"description" => "The path in LDAP, where will be newly created KeyStore items stored.",
"attribute-group" => "new-item-template",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"new-item-rdn" => {
"type" => STRING,
"description" => "The name of LDAP attribute, which will be used in RDN of newly created items.",
"attribute-group" => "new-item-template",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"filter-alias" => {
"type" => STRING,
"description" => "The LDAP filter for obtaining item of the KeyStore by alias.",
"attribute-group" => "search",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"filter-certificate" => {
"type" => STRING,
"description" => "The LDAP filter for obtaining item of the KeyStore by certificate.",
"attribute-group" => "search",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"filter-iterate" => {
"type" => STRING,
"description" => "The LDAP filter for iterating over all items of the KeyStore.",
"attribute-group" => "search",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"search-path" => {
"type" => STRING,
"description" => "The path in LDAP, where will be KeyStore items searched.",
"attribute-group" => "search",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"search-recursive" => {
"type" => BOOLEAN,
"description" => "If the LDAP search should be recursive.",
"attribute-group" => "search",
"expressions-allowed" => true,
"nillable" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"search-time-limit" => {
"type" => INT,
"description" => "The time limit for obtaining keystore items from LDAP.",
"attribute-group" => "search",
"expressions-allowed" => true,
"nillable" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"alias" => {
"description" => "An individual alias within the KeyStore.",
"model-description" => {"*" => {
"description" => "An individual alias within the KeyStore.",
"storage" => "runtime-only",
"attributes" => {
"certificate" => {
"type" => OBJECT,
"description" => "The certificate associated with the alias (Note: If the alias has a certificate chain this will always be undefined).",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"certificate-chain" => {
"type" => LIST,
"description" => "The certificate chain associated with the alias.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"creation-date" => {
"type" => STRING,
"description" => "The creation date of the entry represented by this alias.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"entry-type" => {
"type" => STRING,
"description" => "The type of the entry for this alias. Note: Unrecognised types will be reported as 'Other'.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"PasswordEntry",
"PrivateKeyEntry",
"SecretKeyEntry",
"TrustedCertificateEntry",
"Other"
],
"access-type" => "read-only",
"storage" => "runtime"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"constant-name-rewriter" => {
"description" => "A name rewriter definition for a NameRewriter that always returns the same constant.",
"model-description" => {"*" => {
"description" => "A name rewriter definition for a NameRewriter that always returns the same constant.",
"capabilities" => [{
"name" => "org.wildfly.security.name-rewriter",
"dynamic" => true
}],
"attributes" => {"constant" => {
"type" => STRING,
"description" => "The constant value this NameRewriter will always return.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"service-loader-http-server-mechanism-factory" => {
"description" => "A http server factory definition where the http server factory is an aggregation of factories identified using a ServiceLoader",
"model-description" => {"*" => {
"description" => "A http server factory definition where the http server factory is an aggregation of factories identified using a ServiceLoader",
"capabilities" => [{
"name" => "org.wildfly.security.http-server-mechanism-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The HTTP mechanisms available from this factory instance.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"module" => {
"type" => STRING,
"description" => "The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"server-ssl-context" => {
"description" => "An SSLContext for use on the server side of a connection.",
"model-description" => {"*" => {
"description" => "An SSLContext for use on the server side of a connection.",
"capabilities" => [{
"name" => "org.wildfly.security.ssl-context",
"dynamic" => true
}],
"attributes" => {
"active-session-count" => {
"type" => INT,
"description" => "The count of current active sessions.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"authentication-optional" => {
"type" => BOOLEAN,
"description" => "Allow for a SSLSession to still be established even if the authentication failed, this allows a fall through to use other authentication mechanisms.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"cipher-suite-filter" => {
"type" => STRING,
"description" => "The filter to apply to specify the enabled cipher suites.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-managers" => {
"type" => STRING,
"description" => "Reference to the key managers to use within the SSLContext.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.key-managers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"maximum-session-cache-size" => {
"type" => INT,
"description" => "The maximum number of SSL sessions to be cached.",
"expressions-allowed" => true,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"need-client-auth" => {
"type" => BOOLEAN,
"description" => "Set needClientAuth on the underlying SSLContext.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"protocols" => {
"type" => LIST,
"description" => "The enabled protocols.",
"expressions-allowed" => true,
"nillable" => true,
"allowed" => [
"SSLv2",
"SSLv3",
"TLSv1",
"TLSv1_1",
"TLSv1_2",
"TLSv1_3"
],
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider-loader" => {
"type" => STRING,
"description" => "Reference to the Provider[] to use to load the SSLContext.",
"expressions-allowed" => true,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"security-domain" => {
"type" => STRING,
"description" => "The security domain to use for authentication during SSL session establishment.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.security-domain",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"session-timeout" => {
"type" => INT,
"description" => "The timeout for SSL sessions.",
"expressions-allowed" => true,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"trust-managers" => {
"type" => STRING,
"description" => "Reference to the trust managers to use within the SSLContext.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.trust-managers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"want-client-auth" => {
"type" => BOOLEAN,
"description" => "Set wantClientAuth on the underlying SSLContext - if a security domain is referenced this will automatically be set to true.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"ssl-session" => {
"description" => "A currently established SSL session.",
"model-description" => {"*" => {
"description" => "A currently established SSL session.",
"storage" => "runtime-only",
"attributes" => {
"application-buffer-size" => {
"type" => INT,
"description" => "The application buffer size as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"cipher-suite" => {
"type" => STRING,
"description" => "The selected cipher suite as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"creation-time" => {
"type" => STRING,
"description" => "The creation time as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"last-accessed-time" => {
"type" => STRING,
"description" => "The last accessed time as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"local-certificates" => {
"type" => LIST,
"description" => "The local certificates from the SSLSession.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"local-principal" => {
"type" => STRING,
"description" => "The local principal as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"packet-buffer-size" => {
"type" => INT,
"description" => "The packet buffer size as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-certificates" => {
"type" => LIST,
"description" => "The local certificates from the SSLSession.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-host" => {
"type" => STRING,
"description" => "The peer host as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-port" => {
"type" => INT,
"description" => "The peer port as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-principal" => {
"type" => STRING,
"description" => "The peer principal as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"protocol" => {
"type" => STRING,
"description" => "The protocol as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"valid" => {
"type" => BOOLEAN,
"description" => "The validity of the session as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"client-ssl-context" => {
"description" => "An SSLContext for use on the client side of a connection.",
"model-description" => {"*" => {
"description" => "An SSLContext for use on the client side of a connection.",
"capabilities" => [{
"name" => "org.wildfly.security.ssl-context",
"dynamic" => true
}],
"attributes" => {
"active-session-count" => {
"type" => INT,
"description" => "The count of current active sessions.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"cipher-suite-filter" => {
"type" => STRING,
"description" => "The filter to apply to specify the enabled cipher suites.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-managers" => {
"type" => STRING,
"description" => "Reference to the key managers to use within the SSLContext.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.key-managers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"maximum-session-cache-size" => {
"type" => INT,
"description" => "The maximum number of SSL sessions to be cached.",
"expressions-allowed" => true,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"protocols" => {
"type" => LIST,
"description" => "The enabled protocols.",
"expressions-allowed" => true,
"nillable" => true,
"allowed" => [
"SSLv2",
"SSLv3",
"TLSv1",
"TLSv1_1",
"TLSv1_2",
"TLSv1_3"
],
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider-loader" => {
"type" => STRING,
"description" => "Reference to the Provider[] to use to load the SSLContext.",
"expressions-allowed" => true,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"session-timeout" => {
"type" => INT,
"description" => "The timeout for SSL sessions.",
"expressions-allowed" => true,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"trust-managers" => {
"type" => STRING,
"description" => "Reference to the trust managers to use within the SSLContext.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.trust-managers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"ssl-session" => {
"description" => "A currently established SSL session.",
"model-description" => {"*" => {
"description" => "A currently established SSL session.",
"storage" => "runtime-only",
"attributes" => {
"application-buffer-size" => {
"type" => INT,
"description" => "The application buffer size as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"cipher-suite" => {
"type" => STRING,
"description" => "The selected cipher suite as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"creation-time" => {
"type" => STRING,
"description" => "The creation time as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"last-accessed-time" => {
"type" => STRING,
"description" => "The last accessed time as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"local-certificates" => {
"type" => LIST,
"description" => "The local certificates from the SSLSession.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"local-principal" => {
"type" => STRING,
"description" => "The local principal as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"packet-buffer-size" => {
"type" => INT,
"description" => "The packet buffer size as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-certificates" => {
"type" => LIST,
"description" => "The local certificates from the SSLSession.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-host" => {
"type" => STRING,
"description" => "The peer host as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-port" => {
"type" => INT,
"description" => "The peer port as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"peer-principal" => {
"type" => STRING,
"description" => "The peer principal as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"protocol" => {
"type" => STRING,
"description" => "The protocol as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"valid" => {
"type" => BOOLEAN,
"description" => "The validity of the session as reported by the SSLSession.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"simple-regex-realm-mapper" => {
"description" => "Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.",
"model-description" => {"*" => {
"description" => "Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.",
"capabilities" => [{
"name" => "org.wildfly.security.realm-mapper",
"dynamic" => true
}],
"attributes" => {
"delegate-realm-mapper" => {
"type" => STRING,
"description" => "The RealmMapper to delegate to if there is no match using the pattern.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"pattern" => {
"type" => STRING,
"description" => "The regular expression which must contain at least one capture group to extract the realm from the name.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"constant-principal-decoder" => {
"description" => "Definition of a principal decoder that always returns the same constant.",
"model-description" => {"*" => {
"description" => "Definition of a principal decoder that always returns the same constant.",
"capabilities" => [{
"name" => "org.wildfly.security.principal-decoder",
"dynamic" => true
}],
"attributes" => {"constant" => {
"type" => STRING,
"description" => "The constant value the principal decoder will always return.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"aggregate-principal-decoder" => {
"description" => "A principal decoder definition where the principal decoder is an aggregation of other principal decoders.",
"model-description" => {"*" => {
"description" => "A principal decoder definition where the principal decoder is an aggregation of other principal decoders.",
"capabilities" => [{
"name" => "org.wildfly.security.principal-decoder",
"dynamic" => true
}],
"attributes" => {"principal-decoders" => {
"type" => LIST,
"description" => "The referenced principal decoders to aggregate.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.principal-decoder",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"simple-permission-mapper" => {
"description" => "Definition of a simple configured permission mapper.",
"model-description" => {"*" => {
"description" => "Definition of a simple configured permission mapper.",
"capabilities" => [{
"name" => "org.wildfly.security.permission-mapper",
"dynamic" => true
}],
"attributes" => {
"mapping-mode" => {
"type" => STRING,
"description" => "The mapping mode that should be used in the event of multiple matches.",
"expressions-allowed" => true,
"nillable" => true,
"default" => "first",
"allowed" => [
"and",
"or",
"xor",
"unless",
"first"
],
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"permission-mappings" => {
"type" => LIST,
"description" => "The defined permission mappings.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"principals" => {
"type" => LIST,
"description" => "Principals to compare when mapping permissions, if the identities principal matches any one in the list it is a match.",
"expressions-allowed" => true,
"nillable" => true,
"value-type" => STRING
},
"roles" => {
"type" => LIST,
"description" => "Roles to compare when mapping permissions, if the identity is a member of any one in the list it is a match.",
"expressions-allowed" => true,
"nillable" => true,
"value-type" => STRING
},
"permissions" => {
"type" => LIST,
"description" => "The permissions to assign in the event of a match.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"class-name" => {
"type" => STRING,
"description" => "The fully qualified class name of the permission.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"module" => {
"type" => STRING,
"description" => "The module to use to load the permission.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"target-name" => {
"type" => STRING,
"description" => "The target name to pass to the permission as it is constructed.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"action" => {
"type" => STRING,
"description" => "The action to pass to the permission as it is constructed.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"filtering-key-store" => {
"description" => "A filtering KeyStore definition.",
"model-description" => {"*" => {
"description" => "A filtering KeyStore definition.",
"capabilities" => [{
"name" => "org.wildfly.security.key-store",
"dynamic" => true
}],
"attributes" => {
"alias-filter" => {
"type" => STRING,
"description" => "A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-store" => {
"type" => STRING,
"description" => "Name of filtered KeyStore.",
"expressions-allowed" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"state" => {
"type" => STRING,
"description" => "The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"DOWN",
"STARTING",
"START_FAILED",
"UP",
"STOPPING",
"REMOVED"
],
"access-type" => "read-only",
"storage" => "runtime"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"alias" => {
"description" => "An individual alias within the filtering KeyStore.",
"model-description" => {"*" => {
"description" => "An individual alias within the KeyStore.",
"storage" => "runtime-only",
"attributes" => {
"certificate" => {
"type" => OBJECT,
"description" => "The certificate associated with the alias (Note: If the alias has a certificate chain this will always be undefined).",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"certificate-chain" => {
"type" => LIST,
"description" => "The certificate chain associated with the alias.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"creation-date" => {
"type" => STRING,
"description" => "The creation date of the entry represented by this alias.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"entry-type" => {
"type" => STRING,
"description" => "The type of the entry for this alias. Note: Unrecognised types will be reported as 'Other'.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"PasswordEntry",
"PrivateKeyEntry",
"SecretKeyEntry",
"TrustedCertificateEntry",
"Other"
],
"access-type" => "read-only",
"storage" => "runtime"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"x500-attribute-principal-decoder" => {
"description" => "Definition of a X500 attribute based principal decoder",
"model-description" => {"*" => {
"description" => "Definition of a X500 attribute based principal decoder",
"capabilities" => [{
"name" => "org.wildfly.security.principal-decoder",
"dynamic" => true
}],
"attributes" => {
"joiner" => {
"type" => STRING,
"description" => "The joining string",
"expressions-allowed" => true,
"nillable" => true,
"default" => ".",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"maximum-segments" => {
"type" => INT,
"description" => "The maximum number of occurrences of the attribute to map",
"expressions-allowed" => true,
"nillable" => true,
"default" => 2147483647,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"oid" => {
"type" => STRING,
"description" => "The OID of the attribute to map",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"required-oids" => {
"type" => LIST,
"description" => "The OIDs of the attributes that must be present in the principal",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"reverse" => {
"type" => BOOLEAN,
"description" => "When set to 'true', the attribute values will be processed and returned in reverse order",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"start-segment" => {
"type" => INT,
"description" => "The 0-based starting occurrence of the attribute to map",
"expressions-allowed" => true,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"token-realm" => {
"description" => "A security realm definition capable of validating and extracting identities from security tokens.",
"model-description" => {"*" => {
"description" => "A security realm definition capable of validating and extracting identities from security tokens.",
"capabilities" => [
{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
},
{
"name" => "org.wildfly.security.modifiable-security-realm",
"dynamic" => true
}
],
"attributes" => {
"jwt" => {
"type" => OBJECT,
"description" => "A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"issuer" => {
"type" => LIST,
"description" => "A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an <code>iss</code> claim that contains one of the values defined here.",
"expressions-allowed" => true,
"nillable" => true,
"value-type" => STRING
},
"audience" => {
"type" => LIST,
"description" => "A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an <code>aud</code> claim that contains one of the values defined here.",
"expressions-allowed" => true,
"nillable" => true,
"value-type" => STRING
},
"public-key" => {
"type" => STRING,
"description" => "A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"oauth2-introspection" => {
"type" => OBJECT,
"description" => "A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"client-id" => {
"type" => STRING,
"description" => "A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an <code>iss</code> claim that contains one of the values defined here.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"client-secret" => {
"type" => STRING,
"description" => "A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an <code>aud</code> claim that contains one of the values defined here.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"introspection-url" => {
"type" => STRING,
"description" => "A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"client-ssl-context" => {
"type" => STRING,
"description" => "A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an <code>aud</code> claim that contains one of the values defined here.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.ssl-context",
"min-length" => 1L,
"max-length" => 2147483647L
},
"host-name-verification-policy" => {
"type" => STRING,
"description" => "A policy that defines how host names should be verified when using HTTPS.",
"expressions-allowed" => false,
"nillable" => true,
"default" => "ANY",
"allowed" => ["ANY"]
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"principal-claim" => {
"type" => STRING,
"description" => "The name of the claim that should be used to obtain the principal's name.",
"expressions-allowed" => false,
"nillable" => true,
"default" => "username",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"chained-name-rewriter" => {
"description" => "A name rewriter definition where the name rewriter is a chaining of other name rewriters.",
"model-description" => {"*" => {
"description" => "A name rewriter definition where the name rewriter is a chaining of other name rewriters.",
"capabilities" => [{
"name" => "org.wildfly.security.name-rewriter",
"dynamic" => true
}],
"attributes" => {"name-rewriters" => {
"type" => LIST,
"description" => "The referenced name rewriters to chain.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.name-rewriter",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-permission-mapper" => {
"description" => "Definition of a custom permission mapper.",
"model-description" => {"*" => {
"description" => "Definition of a custom permission mapper.",
"capabilities" => [{
"name" => "org.wildfly.security.permission-mapper",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional kay/value configuration for the permission mapper",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "Fully qualified class name of the permission mapper",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "Name of the module to use to load the permission mapper",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"dir-context" => {
"description" => "The configuration to connect to a directory (LDAP) server.",
"model-description" => {"*" => {
"description" => "The configuration to connect to a directory (LDAP) server.",
"capabilities" => [{
"name" => "org.wildfly.security.dir-context",
"dynamic" => true
}],
"attributes" => {
"authentication-level" => {
"type" => STRING,
"description" => "The authentication level (security level) to use.",
"expressions-allowed" => true,
"nillable" => true,
"default" => "simple",
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"none",
"simple",
"strong"
],
"access-type" => "read-only",
"storage" => "configuration"
},
"credential" => {
"type" => STRING,
"description" => "The credential to authenticate and connect to the LDAP server.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "configuration"
},
"enable-connection-pooling" => {
"type" => BOOLEAN,
"description" => "Indicates if connection pooling is enabled.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-only",
"storage" => "configuration"
},
"principal" => {
"type" => STRING,
"description" => "The principal to authenticate and connect to the LDAP server.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "configuration"
},
"referral-mode" => {
"type" => STRING,
"description" => "If referrals should be followed.",
"expressions-allowed" => true,
"nillable" => true,
"default" => "IGNORE",
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"FOLLOW",
"IGNORE",
"THROW"
],
"access-type" => "read-only",
"storage" => "configuration"
},
"ssl-context" => {
"type" => STRING,
"description" => "SSL context to connect to the LDAP server.",
"expressions-allowed" => true,
"nillable" => true,
"capability-reference" => "org.wildfly.security.ssl-context",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "configuration"
},
"url" => {
"type" => STRING,
"description" => "The connection url.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "configuration"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"add-suffix-role-mapper" => {
"description" => "A role mapper definition for a role mapper that adds a suffix to each provided.",
"model-description" => {"*" => {
"description" => "A role mapper definition for a role mapper that adds a suffix to each provided.",
"capabilities" => [{
"name" => "org.wildfly.security.role-mapper",
"dynamic" => true
}],
"attributes" => {"suffix" => {
"type" => STRING,
"description" => "The suffix to add to each role.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"configurable-http-server-mechanism-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"model-description" => {"*" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"capabilities" => [{
"name" => "org.wildfly.security.http-server-mechanism-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The HTTP mechanisms available from this factory instance.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"filters" => {
"type" => LIST,
"description" => "Filtering to be applied to enable / disable mechanisms based on the name.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"pattern-filter" => {
"type" => STRING,
"description" => "A regular expression pattern based filter.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"enabling" => {
"type" => BOOLEAN,
"description" => "Does this filter enable or disable a mechanism if it matches.",
"expressions-allowed" => true,
"nillable" => false,
"default" => true
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"http-server-mechanism-factory" => {
"type" => STRING,
"description" => "The http server factory to be wrapped.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.http-server-mechanism-factory",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"properties" => {
"type" => OBJECT,
"description" => "Custom properties to be passed in to the http server factory calls.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-name-rewriter" => {
"description" => "A custom name rewriter definition.",
"model-description" => {"*" => {
"description" => "A custom name rewriter definition.",
"capabilities" => [{
"name" => "org.wildfly.security.name-rewriter",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional key/value configuration for the custom name rewriter.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "The class name of the implementation of the custom name rewriter.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "The module to use to load the custom name rewriter.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"aggregate-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"model-description" => {"*" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-server-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this factory after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"sasl-server-factories" => {
"type" => LIST,
"description" => "The referenced sasl server factories to aggregate.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.sasl-server-factory",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"aggregate-name-rewriter" => {
"description" => "A name rewriter definition where the name rewriter is an aggregation of other name rewriters.",
"model-description" => {"*" => {
"description" => "A name rewriter definition where the name rewriter is an aggregation of other name rewriters.",
"capabilities" => [{
"name" => "org.wildfly.security.name-rewriter",
"dynamic" => true
}],
"attributes" => {"name-rewriters" => {
"type" => LIST,
"description" => "The referenced name rewriters to aggregate.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.name-rewriter",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"ldap-realm" => {
"description" => "A security realm definition backed by LDAP.",
"model-description" => {"*" => {
"description" => "A security realm definition backed by LDAP.",
"capabilities" => [
{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
},
{
"name" => "org.wildfly.security.modifiable-security-realm",
"dynamic" => true
}
],
"attributes" => {
"dir-context" => {
"type" => STRING,
"description" => "The configuration to connect to a LDAP server.",
"expressions-allowed" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.dir-context",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"direct-verification" => {
"type" => BOOLEAN,
"description" => "Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"identity-mapping" => {
"type" => OBJECT,
"description" => "The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"rdn-identifier" => {
"type" => STRING,
"description" => "The RDN part of the principal's DN to be used to obtain the principal's name from an LDAP entry.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"use-recursive-search" => {
"type" => BOOLEAN,
"description" => "Indicates if queries are recursive.",
"expressions-allowed" => true,
"nillable" => false,
"default" => false,
"requires" => ["search-base-dn"]
},
"search-base-dn" => {
"type" => STRING,
"description" => "The base DN to be used when executing queries",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["rdn-identifier"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"attribute-mapping" => {
"type" => LIST,
"description" => "The attribute mappings defined for this resource.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"from" => {
"type" => STRING,
"description" => "The name of the LDAP attribute to map to an identity attribute.",
"expressions-allowed" => true,
"nillable" => false,
"alternatives" => ["filter"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"to" => {
"type" => STRING,
"description" => "The name of the identity attribute mapped from a specific LDAP attribute.",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["from"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"filter" => {
"type" => STRING,
"description" => "The filter to use to obtain the values for a specific attribute.",
"expressions-allowed" => true,
"nillable" => true,
"alternatives" => ["from"],
"requires" => ["to"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"filter-base-dn" => {
"type" => STRING,
"description" => "The name of the context where the filter should be performed.",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["filter"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"as-rdn" => {
"type" => STRING,
"description" => "The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"iterator-filter" => {
"type" => STRING,
"description" => "The LDAP filter for iterating over identities of the realm.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"new-identity-parent-dn" => {
"type" => STRING,
"description" => "The DN of parent of newly created identities. Required for modifiability of the realm.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"new-identity-attributes" => {
"type" => LIST,
"description" => "The attributes of newly created identities. Required for modifiability of the realm.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"name" => {
"type" => STRING,
"description" => "The attribute name.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => LIST,
"description" => "The attribute value.",
"expressions-allowed" => true,
"nillable" => false,
"value-type" => STRING
}
}
},
"user-password-mapper" => {
"type" => OBJECT,
"description" => "The credential mapping for userPassword-like credential attribute.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"from" => {
"type" => STRING,
"description" => "The name of the LDAP attribute to map to an identity attribute.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"writable" => {
"type" => BOOLEAN,
"description" => "Indicates if password can be changed.",
"expressions-allowed" => true,
"nillable" => false,
"default" => false
},
"verifiable" => {
"type" => BOOLEAN,
"description" => "Indicates if password can be used to verify user.",
"expressions-allowed" => true,
"nillable" => false,
"default" => true
}
}
},
"otp-credential-mapper" => {
"type" => OBJECT,
"description" => "The credential mapping for OTP credential.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm-from" => {
"type" => STRING,
"description" => "The name of the LDAP attribute of OTP algorithm.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"hash-from" => {
"type" => STRING,
"description" => "The name of the LDAP attribute of OTP hash function.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"seed-from" => {
"type" => STRING,
"description" => "The name of the LDAP attribute of OTP seed.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"sequence-from" => {
"type" => STRING,
"description" => "The name of the LDAP attribute of OTP sequence number.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"identity" => {
"description" => "An identity which can be managed by a security realm.",
"model-description" => {"*" => {
"description" => "An identity which can be managed by a security realm.",
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"provider-loader" => {
"description" => "A definition for a Provider loader.",
"model-description" => {"*" => {
"description" => "A definition for a Provider loader.",
"capabilities" => [{
"name" => "org.wildfly.security.providers",
"dynamic" => true
}],
"attributes" => {
"loaded-providers" => {
"type" => LIST,
"description" => "The list of providers loaded by this provider loader.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"name" => {
"type" => STRING,
"description" => "The name reported by the provider instance.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"info" => {
"type" => STRING,
"description" => "The information reported by the provider instance.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => DOUBLE,
"description" => "The version reported by the provider instance.",
"expressions-allowed" => false,
"nillable" => false
},
"services" => {
"type" => LIST,
"description" => "List of services available from this provider.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The service type.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"algorithm" => {
"type" => STRING,
"description" => "The algorithm supported by the service.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"class-name" => {
"type" => STRING,
"description" => "The class name of the implementation of the service SPI.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"providers" => {
"type" => LIST,
"description" => "The providers to be loaded by this resource.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"index" => {
"type" => INT,
"description" => "The index of the provider or property within the provider. Note: This is dynamically generated based on the current list contents.",
"expressions-allowed" => false,
"nillable" => false
},
"module" => {
"type" => STRING,
"description" => "The name of the module to load the provider from.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"load-services" => {
"type" => BOOLEAN,
"description" => "Should service loader discovery be used to load the providers.",
"expressions-allowed" => true,
"nillable" => false,
"default" => false
},
"class-names" => {
"type" => LIST,
"description" => "The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.",
"expressions-allowed" => true,
"nillable" => true,
"value-type" => STRING
},
"path" => {
"type" => STRING,
"description" => "The path of the file to use to initialise the providers.",
"expressions-allowed" => true,
"nillable" => true,
"alternatives" => ["property-list"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"relative-to" => {
"type" => STRING,
"description" => "The base path of the configuration file.",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"property-list" => {
"type" => LIST,
"description" => "Configuration properties to be applied to the loaded provider. (Can not be set at the same time as path)",
"expressions-allowed" => false,
"nillable" => true,
"alternatives" => ["path"],
"value-type" => {
"index" => {
"type" => INT,
"description" => "The index of the provider or property within the provider. Note: This is dynamically generated based on the current list contents.",
"expressions-allowed" => false,
"nillable" => false
},
"key" => {
"type" => STRING,
"description" => "The key for the property to be set.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the property to be set.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
}
},
"access-type" => "read-only",
"storage" => "configuration"
},
"register" => {
"type" => BOOLEAN,
"description" => "Should the loaded providers be registered globally.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"mechanism-provider-filtering-sasl-server-factory" => {
"description" => "A sasl server factory definition that enables filtering by provider where the factory was loaded using a provider.",
"model-description" => {"*" => {
"description" => "A sasl server factory definition that enables filtering by provider where the factory was loaded using a provider.",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-server-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this factory after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"enabling" => {
"type" => BOOLEAN,
"description" => "When set to 'true' no provider loaded mechanisms are enabled unless matched by one of the filters, setting to 'false' has the inverse effect.",
"expressions-allowed" => true,
"nillable" => true,
"default" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"filters" => {
"type" => LIST,
"description" => "The filters to apply when comparing the mechanisms from the providers, a filter matches when all of the specified values match the mechanism / provider pair.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"mechanism-name" => {
"type" => STRING,
"description" => "The name of the sasl mechanism this filter matches with.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"provider-name" => {
"type" => STRING,
"description" => "The name of the provider this filter matches.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"provider-version" => {
"type" => DOUBLE,
"description" => "Version to use when comparing the Provider's version.",
"expressions-allowed" => true,
"nillable" => true
},
"version-comparison" => {
"type" => STRING,
"description" => "The equality to use when evaluating the Provider's version.",
"expressions-allowed" => true,
"nillable" => false,
"default" => "less-than",
"requires" => ["provider-version"],
"allowed" => [
"less-than",
"greater-than"
]
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"sasl-server-factory" => {
"type" => STRING,
"description" => "Reference to a sasl server factory to be wrapped by this definition.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.sasl-server-factory",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"kerberos-security-factory" => {
"description" => "A security factory for obtaining a GSSCredential for use during authentication.",
"model-description" => {"*" => {
"description" => "A security factory for obtaining a GSSCredential for use during authentication.",
"capabilities" => [{
"name" => "org.wildfly.security.security-factory.credential",
"dynamic" => true
}],
"attributes" => {
"debug" => {
"type" => STRING,
"description" => "Should the JAAS step of obtaining the credential have debug logging enabled.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"mechanism-oids" => {
"type" => LIST,
"description" => "The mechanism OIDs the credential should be usable with.",
"expressions-allowed" => true,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"minimum-remaining-lifetime" => {
"type" => INT,
"description" => "How much lifetime should a cached credential have remaining before it is recreated.",
"expressions-allowed" => true,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"principal" => {
"type" => STRING,
"description" => "The principal represented by the KeyTab",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"request-lifetime" => {
"type" => INT,
"description" => "How much lifetime should be requested for newly created credentials.",
"expressions-allowed" => true,
"nillable" => true,
"default" => 2147483647,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"server" => {
"type" => BOOLEAN,
"description" => "If this for use server side or client side?",
"expressions-allowed" => true,
"nillable" => true,
"default" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"path" => {
"type" => STRING,
"description" => "The path of the KeyTab to load to obtain the credential.",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"relative-to" => {
"type" => STRING,
"description" => "The relative path to the KeyTab",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-principal-decoder" => {
"description" => "Definition of a custom principal decoder",
"model-description" => {"*" => {
"description" => "Definition of a custom principal decoder",
"capabilities" => [{
"name" => "org.wildfly.security.principal-decoder",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional kay/value configuration for the principal decoder",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "Fully qualified class name of the principal decoder",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "Name of the module to use to load the principal decoder",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-realm-mapper" => {
"description" => "Definition of a custom RealmMapper",
"model-description" => {"*" => {
"description" => "Definition of a custom RealmMapper",
"capabilities" => [{
"name" => "org.wildfly.security.realm-mapper",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional kay/value configuration for the RealmMapper",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "Fully qualified class name of the RealmMapper",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "Name of the module to use to load the RealmMapper",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"provider-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of factories from the Provider[]",
"model-description" => {"*" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of factories from the Provider[]",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-server-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this factory after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"provider-loader" => {
"type" => STRING,
"description" => "The provider to use to locate the factories, if not specified the globally registered list of Providers will be used.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"jdbc-realm" => {
"description" => "A security realm definition backed by database using JDBC.",
"model-description" => {"*" => {
"description" => "A security realm definition backed by database using JDBC.",
"capabilities" => [{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
}],
"attributes" => {"principal-query" => {
"type" => LIST,
"description" => "The authentication query used to authenticate users based on specific key types.",
"attribute-group" => "attribute",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"sql" => {
"type" => STRING,
"description" => "The SQL statement used to obtain the keys(as table columns) for a specific user and map them accordingly with their type.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"data-source" => {
"type" => STRING,
"description" => "The name of the datasource used to connect to the database.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.data-source",
"min-length" => 1L,
"max-length" => 2147483647L
},
"attribute-mapping" => {
"type" => LIST,
"description" => "The attribute mappings defined for this resource.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"to" => {
"type" => STRING,
"description" => "The name of the identity attribute mapped from a column returned from a SQL query.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"index" => {
"type" => INT,
"description" => "The column index from a query that representing the mapped attribute.",
"expressions-allowed" => true,
"nillable" => false
}
}
},
"clear-password-mapper" => {
"type" => OBJECT,
"description" => "A key mapper that maps a column returned from a SQL query to a Clear Password key type.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {"password-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the user's password.",
"expressions-allowed" => false,
"nillable" => false
}}
},
"bcrypt-mapper" => {
"type" => OBJECT,
"description" => "A key mapper that maps a column returned from a SQL query to a Bcrypt key type.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"password-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the user's password.",
"expressions-allowed" => false,
"nillable" => false
},
"salt-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the password's salt, if supported.",
"expressions-allowed" => false,
"nillable" => false
},
"iteration-count-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the password's iteration count, if supported.",
"expressions-allowed" => false,
"nillable" => false
}
}
},
"salted-simple-digest-mapper" => {
"type" => OBJECT,
"description" => "A key mapper that maps a column returned from a SQL query to a Salted Simple Digest key type.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm for a specific password key mapper.",
"expressions-allowed" => false,
"nillable" => false,
"default" => "password-salt-digest-md5",
"allowed" => [
"password-salt-digest-md5",
"password-salt-digest-sha-1",
"password-salt-digest-sha-256",
"password-salt-digest-sha-384",
"password-salt-digest-sha-512",
"salt-password-digest-md5",
"salt-password-digest-sha-1",
"salt-password-digest-sha-256",
"salt-password-digest-sha-384",
"salt-password-digest-sha-512"
]
},
"password-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the user's password.",
"expressions-allowed" => false,
"nillable" => false
},
"salt-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the password's salt, if supported.",
"expressions-allowed" => false,
"nillable" => false
}
}
},
"simple-digest-mapper" => {
"type" => OBJECT,
"description" => "A key mapper that maps a column returned from a SQL query to a Simple Digest key type.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm for a specific password key mapper.",
"expressions-allowed" => false,
"nillable" => false,
"default" => "simple-digest-md5",
"allowed" => [
"simple-digest-md2",
"simple-digest-md5",
"simple-digest-sha-1",
"simple-digest-sha-256",
"simple-digest-sha-384",
"simple-digest-sha-512"
]
},
"password-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the user's password.",
"expressions-allowed" => false,
"nillable" => false
}
}
},
"scram-mapper" => {
"type" => OBJECT,
"description" => "A key mapper that maps a column returned from a SQL query to a Scram key type.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm for a specific password key mapper.",
"expressions-allowed" => false,
"nillable" => false,
"default" => "scram-sha-256",
"allowed" => [
"scram-sha-1",
"scram-sha-256"
]
},
"password-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the user's password.",
"expressions-allowed" => false,
"nillable" => false
},
"salt-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the password's salt, if supported.",
"expressions-allowed" => false,
"nillable" => false
},
"iteration-count-index" => {
"type" => INT,
"description" => "The column index from an authentication query that represents the password's iteration count, if supported.",
"expressions-allowed" => false,
"nillable" => false
}
}
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"key-store-realm" => {
"description" => "A security realm definition backed by a key store.",
"model-description" => {"*" => {
"description" => "A security realm definition backed by a key store.",
"capabilities" => [{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
}],
"attributes" => {"key-store" => {
"type" => STRING,
"description" => "Reference to the KeyStore that should be used to back this security realm.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"security-domain" => {
"description" => "A security domain definition.",
"model-description" => {"*" => {
"description" => "A security domain definition.",
"capabilities" => [{
"name" => "org.wildfly.security.security-domain",
"dynamic" => true
}],
"attributes" => {
"default-realm" => {
"type" => STRING,
"description" => "The default realm contained by this security domain.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"permission-mapper" => {
"type" => STRING,
"description" => "A reference to a PermissionMapper to be used by this domain.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.permission-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"post-realm-name-rewriter" => {
"type" => STRING,
"description" => "A reference to a NameRewriter to be applied after the realm has operated on the supplied identity name.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"pre-realm-name-rewriter" => {
"type" => STRING,
"description" => "A reference to a NameRewriter to be applied before the realm is selected.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"principal-decoder" => {
"type" => STRING,
"description" => "A reference to a PrincipalDecoder to be used by this domain.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-decoder",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"realm-mapper" => {
"type" => STRING,
"description" => "Reference to the RealmMapper to be used by this domain.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"realms" => {
"type" => LIST,
"description" => "The list of realms contained by this security domain.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"realm" => {
"type" => STRING,
"description" => "A reference to an individual security realm.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.security-realm",
"min-length" => 1L,
"max-length" => 2147483647L
},
"name-rewriter" => {
"type" => STRING,
"description" => "A NameRewriter to be associated with the realm.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.name-rewriter",
"min-length" => 1L,
"max-length" => 2147483647L
},
"role-decoder" => {
"type" => STRING,
"description" => "A RoleDecoder reference to be associated with the realm.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.role-decoder",
"min-length" => 1L,
"max-length" => 2147483647L
},
"role-mapper" => {
"type" => STRING,
"description" => "A RoleMapper reference to be associated with the realm.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.role-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"role-mapper" => {
"type" => STRING,
"description" => "Reference to the RoleMapper to be used by this domain.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.role-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"trusted-security-domains" => {
"type" => LIST,
"description" => "The list of security domains that are trusted by this security domain.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.security-domain",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"aggregate-realm" => {
"description" => "A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.",
"model-description" => {"*" => {
"description" => "A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.",
"capabilities" => [{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
}],
"attributes" => {
"authentication-realm" => {
"type" => STRING,
"description" => "Reference to the security realm to use for authentication.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.security-realm",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"authorization-realm" => {
"type" => STRING,
"description" => "Reference to the security realm to use for loading the identity for authorization.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.security-realm",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"logical-permission-mapper" => {
"description" => "Definition of a logical permission mapper.",
"model-description" => {"*" => {
"description" => "Definition of a logical permission mapper.",
"capabilities" => [{
"name" => "org.wildfly.security.permission-mapper",
"dynamic" => true
}],
"attributes" => {
"left" => {
"type" => STRING,
"description" => "Reference to the permission mapper to use to the left of the operation.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.permission-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"logical-operation" => {
"type" => STRING,
"description" => "The logical operation to use to combine the permission mappers.",
"expressions-allowed" => true,
"nillable" => false,
"allowed" => [
"and",
"or",
"xor",
"unless"
],
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"right" => {
"type" => STRING,
"description" => "Reference to the permission mapper to use to the right of the operation.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.permission-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"provider-http-server-mechanism-factory" => {
"description" => "A http server factory definition where the http server factory is an aggregation of factories from the Provider[]",
"model-description" => {"*" => {
"description" => "A http server factory definition where the http server factory is an aggregation of factories from the Provider[]",
"capabilities" => [{
"name" => "org.wildfly.security.http-server-mechanism-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The HTTP mechanisms available from this factory instance.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"provider-loader" => {
"type" => STRING,
"description" => "The provider to use to locate the factories, if not specified the globally registered list of Providers will be used.",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"key-managers" => {
"description" => "A key manager definition for creating the KeyManager[] as used to create an SSLContext.",
"model-description" => {"*" => {
"description" => "A key manager definition for creating the KeyManager[] as used to create an SSLContext.",
"capabilities" => [{
"name" => "org.wildfly.security.key-managers",
"dynamic" => true
}],
"attributes" => {
"algorithm" => {
"type" => STRING,
"description" => "The name of the algorithm to use to create the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-store" => {
"type" => STRING,
"description" => "Reference to the KeyStore to use to initialise the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"password" => {
"type" => STRING,
"description" => "The password to use when initialising the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"deprecated" => {
"since" => "1.0.0",
"reason" => "Will be updated to use proper CredentialStore references."
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider" => {
"type" => STRING,
"description" => "The name of the provider to use to create the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider-loader" => {
"type" => STRING,
"description" => "Reference to obtain the Provider[] to use when creating the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"constant-role-mapper" => {
"description" => "A role mapper definition where a constant set of roles is always returned.",
"model-description" => {"*" => {
"description" => "A role mapper definition where a constant set of roles is always returned.",
"capabilities" => [{
"name" => "org.wildfly.security.role-mapper",
"dynamic" => true
}],
"attributes" => {"roles" => {
"type" => LIST,
"description" => "The constant roles to be returned by this role mapper.",
"expressions-allowed" => true,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"service-loader-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of factories identified using a ServiceLoader",
"model-description" => {"*" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of factories identified using a ServiceLoader",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-server-factory",
"dynamic" => true
}],
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this factory after all filtering has been applied.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"module" => {
"type" => STRING,
"description" => "The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"concatenating-principal-decoder" => {
"description" => "A principal decoder definition where the principal decoder is a concatenation of other principal decoders.",
"model-description" => {"*" => {
"description" => "A principal decoder definition where the principal decoder is a concatenation of other principal decoders.",
"capabilities" => [{
"name" => "org.wildfly.security.principal-decoder",
"dynamic" => true
}],
"attributes" => {
"joiner" => {
"type" => STRING,
"description" => "The string to use to join the results of the referenced principal decoders.",
"expressions-allowed" => true,
"nillable" => true,
"default" => ".",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"principal-decoders" => {
"type" => LIST,
"description" => "The referenced principal decoders to concatenate.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.principal-decoder",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"regex-name-rewriter" => {
"description" => "A regular expression based Name Rewriter",
"model-description" => {"*" => {
"description" => "A regular expression based Name Rewriter",
"capabilities" => [{
"name" => "org.wildfly.security.name-rewriter",
"dynamic" => true
}],
"attributes" => {
"pattern" => {
"type" => STRING,
"description" => "The regular expression to use to locate the portion of the name to be replaced.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"replace-all" => {
"type" => BOOLEAN,
"description" => "Should all occurrences of the pattern matched be replaced or only the first occurrence.",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"replacement" => {
"type" => STRING,
"description" => "The value to be used as the replacement.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 0L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-modifiable-realm" => {
"description" => "A custom security realm definition.",
"model-description" => {"*" => {
"description" => "A custom security realm definition.",
"capabilities" => [
{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
},
{
"name" => "org.wildfly.security.modifiable-security-realm",
"dynamic" => true
}
],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional key/value configuration for the custom realm.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "The class name of the implementation of the custom realm.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "The module to use to load the custom realm.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"identity" => {
"description" => "An identity which can be managed by a security realm.",
"model-description" => {"*" => {
"description" => "An identity which can be managed by a security realm.",
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"custom-credential-security-factory" => {
"description" => "A custom credential SecurityFactory definition.",
"model-description" => {"*" => {
"description" => "A custom credential SecurityFactory definition.",
"capabilities" => [{
"name" => "org.wildfly.security.security-factory.credential",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional key/value configuration for the custom security factory.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "The class name of the implementation of the custom security factory.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "The module to use to load the custom security factory.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"key-store" => {
"description" => "A KeyStore definition.",
"model-description" => {"*" => {
"description" => "A KeyStore definition.",
"capabilities" => [{
"name" => "org.wildfly.security.key-store",
"dynamic" => true
}],
"attributes" => {
"alias-filter" => {
"type" => STRING,
"description" => "A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"loaded-provider" => {
"type" => OBJECT,
"description" => "Information about the provider that was used for this KeyStore.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"name" => {
"type" => STRING,
"description" => "The name of the provider used to load the KeyStore.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"info" => {
"type" => STRING,
"description" => "The information string about the provider used to load the KeyStore.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => DOUBLE,
"description" => "The version of the provider used to load the KeyStore.",
"expressions-allowed" => false,
"nillable" => false
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"modified" => {
"type" => BOOLEAN,
"description" => "Indicates if the in-memory representation of the KeyStore has been changed since it was last loaded or stored. Note: For some providers updates may be immediate without further load or store calls.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"password" => {
"type" => STRING,
"description" => "The password to use to load the KeyStore, this attribute will be replaced with the new vault solution.",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"deprecated" => {
"since" => "1.0.0",
"reason" => "Obtaining the password will be moved to the new vault capabilities."
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"size" => {
"type" => INT,
"description" => "The number of entries in the KeyStore.",
"expressions-allowed" => false,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"state" => {
"type" => STRING,
"description" => "The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"DOWN",
"STARTING",
"START_FAILED",
"UP",
"STOPPING",
"REMOVED"
],
"access-type" => "read-only",
"storage" => "runtime"
},
"synchronized" => {
"type" => STRING,
"description" => "The time this KeyStore was last loaded or saved. Note: Some providers may continue to apply updates after the KeyStore was loaded within the application server.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"path" => {
"type" => STRING,
"description" => "The path to the KeyStore file.",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"relative-to" => {
"type" => STRING,
"description" => "The base path this store is relative to.",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"required" => {
"type" => BOOLEAN,
"description" => "Is the file required to exist at the time the KeyStore service starts?",
"attribute-group" => "file",
"expressions-allowed" => true,
"nillable" => true,
"default" => false,
"requires" => ["path"],
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider" => {
"type" => STRING,
"description" => "The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.",
"attribute-group" => "implementation",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"provider-loader" => {
"type" => STRING,
"description" => "A reference to the provider-loader that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.",
"attribute-group" => "implementation",
"expressions-allowed" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"type" => {
"type" => STRING,
"description" => "The type of the KeyStore, used when creating the new KeyStore instance.",
"attribute-group" => "implementation",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"alias" => {
"description" => "An individual alias within the KeyStore.",
"model-description" => {"*" => {
"description" => "An individual alias within the KeyStore.",
"storage" => "runtime-only",
"attributes" => {
"certificate" => {
"type" => OBJECT,
"description" => "The certificate associated with the alias (Note: If the alias has a certificate chain this will always be undefined).",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"certificate-chain" => {
"type" => LIST,
"description" => "The certificate chain associated with the alias.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The type of the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"public-key" => {
"type" => OBJECT,
"description" => "The public key associated with the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"format" => {
"type" => STRING,
"description" => "The format of the public key.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"finger-prints" => {
"type" => LIST,
"description" => "The finger prints for the certificate.",
"expressions-allowed" => false,
"nillable" => false,
"value-type" => {
"algorithm" => {
"type" => STRING,
"description" => "The algorithm of the public key or finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"value" => {
"type" => STRING,
"description" => "The value of the finger print.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"encoded" => {
"type" => STRING,
"description" => "The encoded value of the public key or certificate.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"subject" => {
"type" => STRING,
"description" => "The subject from the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"issuer" => {
"type" => STRING,
"description" => "The issuer of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-before" => {
"type" => STRING,
"description" => "The starting date and time the certificate is valid.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"not-after" => {
"type" => STRING,
"description" => "The expiration date and time of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"serial-number" => {
"type" => STRING,
"description" => "The serial number of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature-algorithm" => {
"type" => STRING,
"description" => "The algorithm used to generate the certificates signature.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"signature" => {
"type" => STRING,
"description" => "The signature of the certificate.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => STRING,
"description" => "The certificate version.",
"expressions-allowed" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"creation-date" => {
"type" => STRING,
"description" => "The creation date of the entry represented by this alias.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"entry-type" => {
"type" => STRING,
"description" => "The type of the entry for this alias. Note: Unrecognised types will be reported as 'Other'.",
"expressions-allowed" => false,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"PasswordEntry",
"PrivateKeyEntry",
"SecretKeyEntry",
"TrustedCertificateEntry",
"Other"
],
"access-type" => "read-only",
"storage" => "runtime"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}}
},
"custom-role-decoder" => {
"description" => "Definition of a custom RoleDecoder",
"model-description" => {"*" => {
"description" => "Definition of a custom RoleDecoder",
"capabilities" => [{
"name" => "org.wildfly.security.role-decoder",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional kay/value configuration for the RoleDecoder",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "Fully qualified class name of the RoleDecoder",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "Name of the module to use to load the RoleDecoder",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"simple-role-decoder" => {
"description" => "Definition of a simple RoleDecoder that takes a single attribute and maps it directly to roles.",
"model-description" => {"*" => {
"description" => "Definition of a simple RoleDecoder that takes a single attribute and maps it directly to roles.",
"capabilities" => [{
"name" => "org.wildfly.security.role-decoder",
"dynamic" => true
}],
"attributes" => {"attribute" => {
"type" => STRING,
"description" => "The name of the attribute from the identity to map directly to roles.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"aggregate-role-mapper" => {
"description" => "A role mapper definition where the role mapper is an aggregation of other role mappers.",
"model-description" => {"*" => {
"description" => "A role mapper definition where the role mapper is an aggregation of other role mappers.",
"capabilities" => [{
"name" => "org.wildfly.security.role-mapper",
"dynamic" => true
}],
"attributes" => {"role-mappers" => {
"type" => LIST,
"description" => "The referenced role mappers to aggregate.",
"expressions-allowed" => false,
"nillable" => false,
"capability-reference" => "org.wildfly.security.role-mapper",
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"custom-realm" => {
"description" => "A custom security realm definition.",
"model-description" => {"*" => {
"description" => "A custom security realm definition.",
"capabilities" => [{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
}],
"attributes" => {
"configuration" => {
"type" => OBJECT,
"description" => "The optional key/value configuration for the custom realm.",
"expressions-allowed" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"class-name" => {
"type" => STRING,
"description" => "The class name of the implementation of the custom realm.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"module" => {
"type" => STRING,
"description" => "The module to use to load the custom realm.",
"attribute-group" => "class-loading",
"expressions-allowed" => true,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
},
"regex-name-validating-rewriter" => {
"description" => "A regular expression based Name Rewriter which uses the regular expression to validate the name.",
"model-description" => {"*" => {
"description" => "A regular expression based Name Rewriter which uses the regular expression to validate the name.",
"capabilities" => [{
"name" => "org.wildfly.security.name-rewriter",
"dynamic" => true
}],
"attributes" => {
"match" => {
"type" => BOOLEAN,
"description" => "Should names that match the pattern be rejected or names that don't",
"expressions-allowed" => true,
"nillable" => false,
"default" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"pattern" => {
"type" => STRING,
"description" => "The regular expression to use to locate the portion of the name to be replaced.",
"expressions-allowed" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment