Skip to content

Instantly share code, notes, and snippets.

@darranl

darranl/explicit.dmr

Last active December 22, 2015 22:19
Show Gist options
  • Save darranl/6539085 to your computer and use it in GitHub Desktop.
Save darranl/6539085 to your computer and use it in GitHub Desktop.
Download ZIP
Illustration of use-realm-roles configuration.
Raw
explicit.dmr
"role-mapping" => {
"Monitor" => {
"exclude" => undefined,
"include" => {"group-Monitor" => {
"name" => "Monitor",
"realm" => undefined,
"type" => "GROUP"
}}
},
"Operator" => {
"exclude" => undefined,
"include" => {"group-Operator" => {
"name" => "Operator",
"realm" => undefined,
"type" => "GROUP"
}}
},
"Maintainer" => {
"exclude" => undefined,
"include" => {"group-Maintainer" => {
"name" => "Maintainer",
"realm" => undefined,
"type" => "GROUP"
}}
},
"Deployer" => {
"exclude" => undefined,
"include" => {"group-Deployer" => {
"name" => "Deployer",
"realm" => undefined,
"type" => "GROUP"
}}
},
"Administrator" => {
"exclude" => undefined,
"include" => {"group-Administrator" => {
"name" => "Administrator",
"realm" => undefined,
"type" => "GROUP"
}}
},
"Auditor" => {
"exclude" => undefined,
"include" => {"group-Auditor" => {
"name" => "Auditor",
"realm" => undefined,
"type" => "GROUP"
}}
},
"SuperUser" => {
"exclude" => undefined,
"include" => {"group-SuperUser" => {
"name" => "SuperUser",
"realm" => undefined,
"type" => "GROUP"
}}
}
}
Raw
explicit.xml
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<access-control provider="simple">
<role-mapping use-realm-roles="false">
<role name="Monitor">
<include>
<group name="Monitor"/>
</include>
</role>
<role name="Operator">
<include>
<group name="Operator"/>
</include>
</role>
<role name="Maintainer">
<include>
<group name="Maintainer"/>
</include>
</role>
<role name="Deployer">
<include>
<group name="Deployer"/>
</include>
</role>
<role name="Administrator">
<include>
<group name="Administrator"/>
</include>
</role>
<role name="Auditor">
<include>
<group name="Auditor"/>
</include>
</role>
<role name="SuperUser">
<include>
<group name="SuperUser"/>
</include>
</role>
</role-mapping>
</access-control>
Raw
extended-use-realm-roles.xml
<role-mapping use-realm-roles="true">
<role name="Operator">
<include>
<group name="Monitor"/>
</include>
<exclude>
<user name="BadUser"/>
</exclude>
</role>
</role-mapping>
Raw
use-realm-roles.xml
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="true">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<access-control provider="simple">
<role-mapping use-realm-roles="true">
</role-mapping>
</access-control>
Raw
verbose-extended-use-realm-roles.dmr
"role-mapping" => {"Operator" => {
"exclude" => {"user-BadUser" => {
"name" => "BadUser",
"realm" => undefined,
"type" => "USER"
}},
"include" => {
"group-Operator" => {
"name" => "Operator",
"realm" => undefined,
"type" => "GROUP"
},
"group-Monitor" => {
"name" => "Monitor",
"realm" => undefined,
"type" => "GROUP"
}
}
}}
Raw
verbose-extended-use-realm-roles.xml
<role-mapping use-realm-roles="false">
<role name="Operator">
<include>
<group name="Operator"/>
<group name="Monitor"/>
</include>
<exclude>
<user name="BadUser"/>
</exclude>
</role>
</role-mapping>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment