Last active
November 27, 2017 14:43
-
-
Save darranl/20e3c7d7efc97173642fb18fc729cb15 to your computer and use it in GitHub Desktop.
WildFly Elytron Resource Descriptions - LDAP Authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=undertow/application-security-domain=*:read-resource-description | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "undertow"), | |
| ("application-security-domain" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "A Mapping from a security domain references in a deployed application.", | |
| "capabilities" => [{ | |
| "name" => "org.wildfly.undertow.application-security-domain", | |
| "dynamic" => true | |
| }], | |
| "access-constraints" => { | |
| "sensitive" => {"application-security-domain" => {"type" => "undertow"}}, | |
| "application" => {"application-security-domain" => {"type" => "undertow"}} | |
| }, | |
| "attributes" => { | |
| "enable-jacc" => { | |
| "type" => BOOLEAN, | |
| "description" => "Enable authorization using JACC", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "http-authentication-factory" => { | |
| "type" => STRING, | |
| "description" => "The HTTP Authentication Factory to be used by deployments that reference the mapped security domain.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "capability-reference" => "org.wildfly.security.http-authentication-factory", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-constraints" => {"sensitive" => {"authentication-factory-ref" => {"type" => "core"}}}, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "override-deployment-config" => { | |
| "type" => BOOLEAN, | |
| "description" => "Should the authentication configuration in the deployment be overridden by the factory.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "referencing-deployments" => { | |
| "type" => LIST, | |
| "description" => "The deployments currently referencing this mapping.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => STRING, | |
| "access-type" => "read-only", | |
| "storage" => "runtime" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {"setting" => { | |
| "description" => "Settings", | |
| "model-description" => undefined | |
| }} | |
| } | |
| }] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=elytron/dir-context=*:read-resource-description | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "elytron"), | |
| ("dir-context" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "The configuration to connect to a directory (LDAP) server.", | |
| "capabilities" => [{ | |
| "name" => "org.wildfly.security.dir-context", | |
| "dynamic" => true | |
| }], | |
| "access-constraints" => { | |
| "sensitive" => {"elytron-security" => {"type" => "elytron"}}, | |
| "application" => {"elytron-security" => {"type" => "elytron"}} | |
| }, | |
| "attributes" => { | |
| "authentication-context" => { | |
| "type" => STRING, | |
| "description" => "The authentication context to obtain login credentials to connect to the LDAP server. Can be omitted if authentication-level is \"none\" (anonymous).", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => [ | |
| "credential-reference", | |
| "ssl-context", | |
| "principal" | |
| ], | |
| "capability-reference" => "org.wildfly.security.authentication-context", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "authentication-level" => { | |
| "type" => STRING, | |
| "description" => "The authentication level (security level/authentication mechanism) to use. Corresponds to SECURITY_AUTHENTICATION (\"java.naming.security.authentication\") environment property. Allowed values: \"none\", \"simple\", sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => "simple", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "connection-timeout" => { | |
| "type" => INT, | |
| "description" => "The timeout for connecting to the LDAP server in milliseconds.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "credential-reference" => { | |
| "type" => OBJECT, | |
| "description" => "The credential reference to authenticate and connect to the LDAP server. Can be omitted if authentication-level is \"none\" (anonymous).", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["authentication-context"], | |
| "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, | |
| "value-type" => { | |
| "store" => { | |
| "type" => STRING, | |
| "description" => "The name of the credential store holding the alias to credential.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["clear-text"], | |
| "requires" => ["alias"], | |
| "capability-reference" => "org.wildfly.security.credential-store", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "alias" => { | |
| "type" => STRING, | |
| "description" => "The alias which denotes stored secret or credential in the store.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "requires" => ["store"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "type" => { | |
| "type" => STRING, | |
| "description" => "The type of credential this reference is denoting.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "clear-text" => { | |
| "type" => STRING, | |
| "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["store"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| }, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "no-services" | |
| }, | |
| "enable-connection-pooling" => { | |
| "type" => BOOLEAN, | |
| "description" => "Indicates if connection pooling is enabled.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "module" => { | |
| "type" => STRING, | |
| "description" => "Name of module that will be used as class loading base.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "principal" => { | |
| "type" => STRING, | |
| "description" => "The principal to authenticate and connect to the LDAP server. Can be omitted if authentication-level is \"none\" (anonymous).", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["authentication-context"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "properties" => { | |
| "type" => OBJECT, | |
| "description" => "The additional connection properties for the DirContext.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "value-type" => STRING, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "read-timeout" => { | |
| "type" => INT, | |
| "description" => "The read timeout for an LDAP operation in milliseconds.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "referral-mode" => { | |
| "type" => STRING, | |
| "description" => "If referrals should be followed.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => "IGNORE", | |
| "allowed" => [ | |
| "FOLLOW", | |
| "IGNORE", | |
| "THROW" | |
| ], | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "ssl-context" => { | |
| "type" => STRING, | |
| "description" => "The name of ssl-context used to secure connection to the LDAP server.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["authentication-context"], | |
| "capability-reference" => "org.wildfly.security.ssl-context", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "url" => { | |
| "type" => STRING, | |
| "description" => "The connection url.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {} | |
| } | |
| }] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=elytron/http-authentication-factory=*:read-resource-description(recursive=true) | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "elytron"), | |
| ("http-authentication-factory" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "Resource containing the association of a SecurityDomain with a HttpServerAuthenticationMechanismFactory.", | |
| "capabilities" => [{ | |
| "name" => "org.wildfly.security.http-authentication-factory", | |
| "dynamic" => true | |
| }], | |
| "access-constraints" => { | |
| "sensitive" => {"elytron-security" => {"type" => "elytron"}}, | |
| "application" => {"elytron-security" => {"type" => "elytron"}} | |
| }, | |
| "attributes" => { | |
| "available-mechanisms" => { | |
| "type" => LIST, | |
| "description" => "The HTTP mechanisms available from this configuration after all filtering has been applied.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => STRING, | |
| "access-type" => "read-only", | |
| "storage" => "runtime" | |
| }, | |
| "http-server-mechanism-factory" => { | |
| "type" => STRING, | |
| "description" => "The HttpServerAuthenticationMechanismFactory to associate with this resource", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "capability-reference" => "org.wildfly.security.http-server-mechanism-factory", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "mechanism-configurations" => { | |
| "type" => LIST, | |
| "description" => "Mechanism specific configuration", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => { | |
| "mechanism-name" => { | |
| "type" => STRING, | |
| "description" => "This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "host-name" => { | |
| "type" => STRING, | |
| "description" => "The host name this configuration applies to.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "protocol" => { | |
| "type" => STRING, | |
| "description" => "The protocol this configuration applies to.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "pre-realm-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A principal transformer to apply before the realm is selected", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "post-realm-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A principal transformer to apply after the realm is selected", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "final-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A final principal transformer to apply for this mechanism realm", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "realm-mapper" => { | |
| "type" => STRING, | |
| "description" => "The realm mapper to be used by the mechanism", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.realm-mapper", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "mechanism-realm-configurations" => { | |
| "type" => LIST, | |
| "description" => "Definition of the realm names as understood by the mechanism", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => { | |
| "realm-name" => { | |
| "type" => STRING, | |
| "description" => "The name of the realm to be presented by the mechanism", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "pre-realm-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A principal transformer to apply before the realm is selected", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "post-realm-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A principal transformer to apply after the realm is selected", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "final-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A final principal transformer to apply for this mechanism realm", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "realm-mapper" => { | |
| "type" => STRING, | |
| "description" => "The realm mapper to be used by the mechanism", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.realm-mapper", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| } | |
| }, | |
| "credential-security-factory" => { | |
| "type" => STRING, | |
| "description" => "The security factory to use to obtain a credential as required by the mechanism", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.security-factory.credential", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| }, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "security-domain" => { | |
| "type" => STRING, | |
| "description" => "The SecurityDomain to associate with this resource", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "capability-reference" => "org.wildfly.security.security-domain", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {} | |
| } | |
| }] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=elytron/kerberos-security-factory=*:read-resource-description | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "elytron"), | |
| ("kerberos-security-factory" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "A security factory for obtaining a GSSCredential for use during authentication.", | |
| "capabilities" => [{ | |
| "name" => "org.wildfly.security.security-factory.credential", | |
| "dynamic" => true | |
| }], | |
| "access-constraints" => { | |
| "sensitive" => {"elytron-security" => {"type" => "elytron"}}, | |
| "application" => {"elytron-security" => {"type" => "elytron"}} | |
| }, | |
| "attributes" => { | |
| "debug" => { | |
| "type" => BOOLEAN, | |
| "description" => "Should the JAAS step of obtaining the credential have debug logging enabled.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "mechanism-names" => { | |
| "type" => LIST, | |
| "description" => "The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => [ | |
| "KRB5", | |
| "SPNEGO" | |
| ], | |
| "min-length" => 1L, | |
| "max-length" => 5L, | |
| "allowed" => [ | |
| "KRB5LEGACY", | |
| "GENERIC", | |
| "KRB5", | |
| "KRB5V2", | |
| "SPNEGO" | |
| ], | |
| "value-type" => STRING, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "mechanism-oids" => { | |
| "type" => LIST, | |
| "description" => "The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => STRING, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "minimum-remaining-lifetime" => { | |
| "type" => INT, | |
| "description" => "How much lifetime (in seconds) should a cached credential have remaining before it is recreated.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => 0, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "obtain-kerberos-ticket" => { | |
| "type" => BOOLEAN, | |
| "description" => "Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "options" => { | |
| "type" => OBJECT, | |
| "description" => "The Krb5LoginModule additional options.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "value-type" => STRING, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "principal" => { | |
| "type" => STRING, | |
| "description" => "The principal represented by the KeyTab", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "request-lifetime" => { | |
| "type" => INT, | |
| "description" => "How much lifetime (in seconds) should be requested for newly created credentials.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => 2147483647, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "required" => { | |
| "type" => BOOLEAN, | |
| "description" => "Is the keytab file with adequate principal required to exist at the time the service starts?", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "server" => { | |
| "type" => BOOLEAN, | |
| "description" => "If this for use server side or client side?", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => true, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "wrap-gss-credential" => { | |
| "type" => BOOLEAN, | |
| "description" => "Should generated GSS credentials be wrapped to prevent improper disposal or not?", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "path" => { | |
| "type" => STRING, | |
| "description" => "The path of the KeyTab to load to obtain the credential.", | |
| "attribute-group" => "file", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "relative-to" => { | |
| "type" => STRING, | |
| "description" => "The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.", | |
| "attribute-group" => "file", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "requires" => ["path"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {} | |
| } | |
| }] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=elytron/ldap-realm=*:read-resource-description(recursive=true) | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "elytron"), | |
| ("ldap-realm" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "A security realm definition backed by LDAP.", | |
| "capabilities" => [ | |
| { | |
| "name" => "org.wildfly.security.security-realm", | |
| "dynamic" => true | |
| }, | |
| { | |
| "name" => "org.wildfly.security.modifiable-security-realm", | |
| "dynamic" => true | |
| } | |
| ], | |
| "access-constraints" => { | |
| "sensitive" => {"elytron-security" => {"type" => "elytron"}}, | |
| "application" => {"elytron-security" => {"type" => "elytron"}} | |
| }, | |
| "attributes" => { | |
| "allow-blank-password" => { | |
| "type" => BOOLEAN, | |
| "description" => "Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "requires" => ["direct-verification"], | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "dir-context" => { | |
| "type" => STRING, | |
| "description" => "The configuration to connect to a LDAP server.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "capability-reference" => "org.wildfly.security.dir-context", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "direct-verification" => { | |
| "type" => BOOLEAN, | |
| "description" => "Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "identity-mapping" => { | |
| "type" => OBJECT, | |
| "description" => "The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "value-type" => { | |
| "rdn-identifier" => { | |
| "type" => STRING, | |
| "description" => "The RDN part of the principal's DN to be used to obtain the principal's name from an LDAP entry. Used also when creating new identities.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "use-recursive-search" => { | |
| "type" => BOOLEAN, | |
| "description" => "Indicates if identity search queries are recursive.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "requires" => ["search-base-dn"] | |
| }, | |
| "search-base-dn" => { | |
| "type" => STRING, | |
| "description" => "The base DN to search for identities.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "requires" => ["rdn-identifier"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "attribute-mapping" => { | |
| "type" => LIST, | |
| "description" => "The attribute mappings defined for this resource.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => { | |
| "from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "to" => { | |
| "type" => STRING, | |
| "description" => "The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "reference" => { | |
| "type" => STRING, | |
| "description" => "The name of LDAP attribute containing DN of entry to obtain value from.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["filter"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "filter" => { | |
| "type" => STRING, | |
| "description" => "The filter to use to obtain the values for a specific attribute. String \"{0}\" will be replaced by username, \"{1}\" by user identity DN.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "alternatives" => ["reference"], | |
| "requires" => ["to"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "filter-base-dn" => { | |
| "type" => STRING, | |
| "description" => "The name of the context where the filter should be performed.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "requires" => ["filter"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "search-recursive" => { | |
| "type" => BOOLEAN, | |
| "description" => "Indicates if attribute LDAP search queries are recursive.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => true, | |
| "requires" => ["filter"] | |
| }, | |
| "role-recursion" => { | |
| "type" => INT, | |
| "description" => "Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => 0 | |
| }, | |
| "role-recursion-name" => { | |
| "type" => STRING, | |
| "description" => "Determine LDAP attribute of role entry which will be substitute for \"{0}\" in filter-name when searching roles of role.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => "cn", | |
| "requires" => ["role-recursion"], | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "extract-rdn" => { | |
| "type" => STRING, | |
| "description" => "The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| } | |
| }, | |
| "filter-name" => { | |
| "type" => STRING, | |
| "description" => "The LDAP filter for getting identity by name. If this is not specified then the default value will be (rdn_identifier={0}). The string '{0}' will be replaced by searched identity name and the 'rdn_identifier' will be the value of the attribute 'rdn-identifier'.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "iterator-filter" => { | |
| "type" => STRING, | |
| "description" => "The LDAP filter for iterating over identities of the realm.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "new-identity-parent-dn" => { | |
| "type" => STRING, | |
| "description" => "The DN of parent of newly created identities. Required for modifiability of the realm.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "new-identity-attributes" => { | |
| "type" => LIST, | |
| "description" => "The attributes of newly created identities. Required for modifiability of the realm.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "value-type" => { | |
| "name" => { | |
| "type" => STRING, | |
| "description" => "The attribute name.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "value" => { | |
| "type" => LIST, | |
| "description" => "The attribute value.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "value-type" => STRING | |
| } | |
| } | |
| }, | |
| "user-password-mapper" => { | |
| "type" => OBJECT, | |
| "description" => "The credential mapping for userPassword-like credential attribute.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "value-type" => { | |
| "from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "writable" => { | |
| "type" => BOOLEAN, | |
| "description" => "Indicates if password can be changed.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false | |
| }, | |
| "verifiable" => { | |
| "type" => BOOLEAN, | |
| "description" => "Indicates if password can be used to verify user.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => true | |
| } | |
| } | |
| }, | |
| "otp-credential-mapper" => { | |
| "type" => OBJECT, | |
| "description" => "The credential mapping for OTP credential.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "value-type" => { | |
| "algorithm-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to an OTP credential algorithm.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "hash-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to a Base64 encoded OTP credential hash.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "seed-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to an OTP credential seed.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "sequence-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to an OTP credential sequence number.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| } | |
| }, | |
| "x509-credential-mapper" => { | |
| "type" => OBJECT, | |
| "description" => "The configuration allowing to use LDAP as storage of X509 credentials. X509 credential is user certificate or information allowing to identify it. At least one *-from attribute should be specified. This definition will be ignored otherwise. If more *-from attributes is defined, user certificate must match all defined criteria.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "value-type" => { | |
| "digest-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to a user certificate digest. If not defined, certificate digest will not be checked.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "digest-algorithm" => { | |
| "type" => STRING, | |
| "description" => "The digest algorithm (hash function) used to compute digest of the user certificate. Will be used only if digest-from have been defined.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => "SHA-1", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "certificate-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to an encoded user certificate. If not defined, encoded certificate will not be checked.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "serial-number-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to a serial number of user certificate. If not defined, serial number will not be checked.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "subject-dn-from" => { | |
| "type" => STRING, | |
| "description" => "The name of the LDAP attribute to map to a subject DN of user certificate. If not defined, subject DN will not be checked.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| } | |
| } | |
| }, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {} | |
| } | |
| }] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=elytron/regex-principal-transformer=*:read-resource-description | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "elytron"), | |
| ("regex-principal-transformer" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "A regular expression based principal transformer", | |
| "capabilities" => [{ | |
| "name" => "org.wildfly.security.principal-transformer", | |
| "dynamic" => true | |
| }], | |
| "access-constraints" => { | |
| "sensitive" => {"elytron-security" => {"type" => "elytron"}}, | |
| "application" => {"elytron-security" => {"type" => "elytron"}} | |
| }, | |
| "attributes" => { | |
| "pattern" => { | |
| "type" => STRING, | |
| "description" => "The regular expression to use to locate the portion of the name to be replaced.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "replace-all" => { | |
| "type" => BOOLEAN, | |
| "description" => "Should all occurrences of the pattern matched be replaced or only the first occurrence.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| }, | |
| "replacement" => { | |
| "type" => STRING, | |
| "description" => "The value to be used as the replacement.", | |
| "expressions-allowed" => true, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 0L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "all-services" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {} | |
| } | |
| }] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [standalone@localhost:9990 /] ./subsystem=elytron/security-domain=*:read-resource-description(recursive=true) | |
| { | |
| "outcome" => "success", | |
| "result" => [{ | |
| "address" => [ | |
| ("subsystem" => "elytron"), | |
| ("security-domain" => "*") | |
| ], | |
| "outcome" => "success", | |
| "result" => { | |
| "description" => "A security domain definition.", | |
| "capabilities" => [{ | |
| "name" => "org.wildfly.security.security-domain", | |
| "dynamic" => true | |
| }], | |
| "access-constraints" => { | |
| "sensitive" => {"elytron-security" => {"type" => "elytron"}}, | |
| "application" => {"elytron-security" => {"type" => "elytron"}} | |
| }, | |
| "attributes" => { | |
| "default-realm" => { | |
| "type" => STRING, | |
| "description" => "The default realm contained by this security domain.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "outflow-anonymous" => { | |
| "type" => BOOLEAN, | |
| "description" => "When outflowing to a security domain if outflow is not possible should the anonymous identity be used? Outflowing anonymous has the effect of clearing any identity already established for that domain.", | |
| "expressions-allowed" => true, | |
| "required" => false, | |
| "nillable" => true, | |
| "default" => false, | |
| "requires" => ["outflow-security-domains"], | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "outflow-security-domains" => { | |
| "type" => LIST, | |
| "description" => "The list of security domains that the security identity from this domain should automatically outflow to.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.security-domain", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "value-type" => STRING, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "permission-mapper" => { | |
| "type" => STRING, | |
| "description" => "A reference to a PermissionMapper to be used by this domain.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.permission-mapper", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "post-realm-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A reference to a principal transformer to be applied after the realm has operated on the supplied identity name.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "pre-realm-principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A reference to a principal transformer to be applied before the realm is selected.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "principal-decoder" => { | |
| "type" => STRING, | |
| "description" => "A reference to a PrincipalDecoder to be used by this domain.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-decoder", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "realm-mapper" => { | |
| "type" => STRING, | |
| "description" => "Reference to the RealmMapper to be used by this domain.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.realm-mapper", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "realms" => { | |
| "type" => LIST, | |
| "description" => "The list of realms contained by this security domain.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "value-type" => { | |
| "realm" => { | |
| "type" => STRING, | |
| "description" => "A reference to an individual security realm.", | |
| "expressions-allowed" => false, | |
| "required" => true, | |
| "nillable" => false, | |
| "capability-reference" => "org.wildfly.security.security-realm", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "principal-transformer" => { | |
| "type" => STRING, | |
| "description" => "A principal transformer to be associated with the realm.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.principal-transformer", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "role-decoder" => { | |
| "type" => STRING, | |
| "description" => "A RoleDecoder reference to be associated with the realm.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.role-decoder", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| }, | |
| "role-mapper" => { | |
| "type" => STRING, | |
| "description" => "A RoleMapper reference to be associated with the realm.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.role-mapper", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L | |
| } | |
| }, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "role-mapper" => { | |
| "type" => STRING, | |
| "description" => "Reference to the RoleMapper to be used by this domain.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.role-mapper", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "security-event-listener" => { | |
| "type" => STRING, | |
| "description" => "Reference to a listener for security events.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.security-event-listener", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| }, | |
| "trusted-security-domains" => { | |
| "type" => LIST, | |
| "description" => "The list of security domains that are trusted by this security domain.", | |
| "expressions-allowed" => false, | |
| "required" => false, | |
| "nillable" => true, | |
| "capability-reference" => "org.wildfly.security.security-domain", | |
| "min-length" => 1L, | |
| "max-length" => 2147483647L, | |
| "value-type" => STRING, | |
| "access-type" => "read-write", | |
| "storage" => "configuration", | |
| "restart-required" => "resource-services" | |
| } | |
| }, | |
| "operations" => undefined, | |
| "notifications" => undefined, | |
| "children" => {} | |
| } | |
| }] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment