Skip to content

Instantly share code, notes, and snippets.

@darranl

darranl/aggregate-providers.json

Created November 27, 2017 14:48
Show Gist options
  • Save darranl/cb1101c9c4a192dd80a9825d7ae1c761 to your computer and use it in GitHub Desktop.
Save darranl/cb1101c9c4a192dd80a9825d7ae1c761 to your computer and use it in GitHub Desktop.
Download ZIP
WildFly Elytron Resource Descriptions - SSL
Raw
aggregate-providers.json
[standalone@localhost:9990 /] ./subsystem=elytron/aggregate-providers=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("aggregate-providers" => "*")
],
"outcome" => "success",
"result" => {
"description" => "An aggregation of two or more Provider[] resources.",
"capabilities" => [{
"name" => "org.wildfly.security.providers",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {"providers" => {
"type" => LIST,
"description" => "The referenced Provider[] resources to aggregate.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 2L,
"max-length" => 2147483647L,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
constant-realm-mapper.json
[standalone@localhost:9993 /] ./subsystem=elytron/constant-realm-mapper=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("constant-realm-mapper" => "*")
],
"outcome" => "success",
"result" => {
"description" => "Definition of a constant RealmMapper that always returns the same value.",
"capabilities" => [{
"name" => "org.wildfly.security.realm-mapper",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {"realm-name" => {
"type" => STRING,
"description" => "The name of the constant realm to return.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
key-manager.json
[standalone@localhost:9990 /] ./subsystem=elytron/key-manager=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("key-manager" => "*")
],
"outcome" => "success",
"result" => {
"description" => "A key manager definition for creating the KeyManager as used to create an SSLContext.",
"capabilities" => [{
"name" => "org.wildfly.security.key-manager",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"algorithm" => {
"type" => STRING,
"description" => "The name of the algorithm to use to create the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"alias-filter" => {
"type" => STRING,
"description" => "A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"credential-reference" => {
"type" => OBJECT,
"description" => "The credential reference to decrypt KeyStore item. (Not a password of the KeyStore.)",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"alternatives" => ["clear-text"],
"requires" => ["alias"],
"capability-reference" => "org.wildfly.security.credential-store",
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"requires" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "The secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"key-store" => {
"type" => STRING,
"description" => "Reference to the KeyStore to use to initialise the underlying KeyManagerFactory.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"provider-name" => {
"type" => STRING,
"description" => "The name of the provider to use to create the underlying KeyManagerFactory.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"providers" => {
"type" => STRING,
"description" => "Reference to obtain the Provider[] to use when creating the underlying KeyManagerFactory.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
key-store-realm.json
[standalone@localhost:9993 /] ./subsystem=elytron/key-store-realm=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("key-store-realm" => "*")
],
"outcome" => "success",
"result" => {
"description" => "A security realm definition backed by a key store.",
"capabilities" => [{
"name" => "org.wildfly.security.security-realm",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {"key-store" => {
"type" => STRING,
"description" => "Reference to the KeyStore that should be used to back this security realm.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
key-store.json
[standalone@localhost:9990 /] ./subsystem=elytron/key-store=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("key-store" => "*")
],
"outcome" => "success",
"result" => {
"description" => "A KeyStore definition.",
"capabilities" => [{
"name" => "org.wildfly.security.key-store",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"alias-filter" => {
"type" => STRING,
"description" => "A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"alternatives" => ["clear-text"],
"requires" => ["alias"],
"capability-reference" => "org.wildfly.security.credential-store",
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"requires" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"loaded-provider" => {
"type" => OBJECT,
"description" => "Information about the provider that was used for this KeyStore.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"value-type" => {
"name" => {
"type" => STRING,
"description" => "The name of the provider used to load the KeyStore.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"info" => {
"type" => STRING,
"description" => "The information string about the provider used to load the KeyStore.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => DOUBLE,
"description" => "The version of the provider used to load the KeyStore.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"modified" => {
"type" => BOOLEAN,
"description" => "Indicates if the in-memory representation of the KeyStore has been changed since it was last loaded or stored. Note: For some providers updates may be immediate without further load or store calls.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"size" => {
"type" => INT,
"description" => "The number of entries in the KeyStore.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"state" => {
"type" => STRING,
"description" => "The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"DOWN",
"STARTING",
"START_FAILED",
"UP",
"STOPPING",
"REMOVED"
],
"access-type" => "read-only",
"storage" => "runtime"
},
"synchronized" => {
"type" => STRING,
"description" => "The time this KeyStore was last loaded or saved. Note: Some providers may continue to apply updates after the KeyStore was loaded within the application server.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-only",
"storage" => "runtime"
},
"path" => {
"type" => STRING,
"description" => "The path to the KeyStore file.",
"attribute-group" => "file",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"relative-to" => {
"type" => STRING,
"description" => "The base path this store is relative to.",
"attribute-group" => "file",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"required" => {
"type" => BOOLEAN,
"description" => "Is the file required to exist at the time the KeyStore service starts?",
"attribute-group" => "file",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"requires" => ["path"],
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"provider-name" => {
"type" => STRING,
"description" => "The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.",
"attribute-group" => "implementation",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"providers" => {
"type" => STRING,
"description" => "A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.",
"attribute-group" => "implementation",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"type" => {
"type" => STRING,
"description" => "The type of the KeyStore, used when creating the new KeyStore instance.",
"attribute-group" => "implementation",
"expressions-allowed" => true,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
provider-loader.json
[standalone@localhost:9990 /] ./subsystem=elytron/provider-loader=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("provider-loader" => "*")
],
"outcome" => "success",
"result" => {
"description" => "A definition for a Provider loader.",
"capabilities" => [{
"name" => "org.wildfly.security.providers",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"loaded-providers" => {
"type" => LIST,
"description" => "The list of providers loaded by this provider loader.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => {
"name" => {
"type" => STRING,
"description" => "The name reported by the provider instance.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"info" => {
"type" => STRING,
"description" => "The information reported by the provider instance.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"version" => {
"type" => DOUBLE,
"description" => "The version reported by the provider instance.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false
},
"services" => {
"type" => LIST,
"description" => "List of services available from this provider.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => {
"type" => {
"type" => STRING,
"description" => "The service type.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"algorithm" => {
"type" => STRING,
"description" => "The algorithm supported by the service.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"class-name" => {
"type" => STRING,
"description" => "The class name of the implementation of the service SPI.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}
}
}
},
"access-type" => "read-only",
"storage" => "runtime"
},
"class-names" => {
"type" => LIST,
"description" => "The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.",
"attribute-group" => "class-loading",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"module" => {
"type" => STRING,
"description" => "The name of the module to load the provider from.",
"attribute-group" => "class-loading",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"argument" => {
"type" => STRING,
"description" => "An argument to be passed into the constructor as the Provider is instantiated.",
"attribute-group" => "configuration",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => [
"path",
"configuration"
],
"requires" => ["class-names"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"configuration" => {
"type" => OBJECT,
"description" => "The key/value configuration to be passed to the Provider to initialise it.",
"attribute-group" => "configuration",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => [
"path",
"argument"
],
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"path" => {
"type" => STRING,
"description" => "The path of the file to use to initialise the providers.",
"attribute-group" => "configuration",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => ["configuration"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"relative-to" => {
"type" => STRING,
"description" => "The base path of the configuration file.",
"attribute-group" => "configuration",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
sasl-authentication-factory.json
[standalone@localhost:9993 /] ./subsystem=elytron/sasl-authentication-factory=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("sasl-authentication-factory" => "*")
],
"outcome" => "success",
"result" => {
"description" => "Resource containing the association of a SecurityDomain with a SaslServerFactory.",
"capabilities" => [{
"name" => "org.wildfly.security.sasl-authentication-factory",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"available-mechanisms" => {
"type" => LIST,
"description" => "The SASL mechanisms available from this configuration after all filtering has been applied.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => STRING,
"access-type" => "read-only",
"storage" => "runtime"
},
"mechanism-configurations" => {
"type" => LIST,
"description" => "Mechanism specific configuration",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => {
"mechanism-name" => {
"type" => STRING,
"description" => "This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"host-name" => {
"type" => STRING,
"description" => "The host name this configuration applies to.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"protocol" => {
"type" => STRING,
"description" => "The protocol this configuration applies to.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"pre-realm-principal-transformer" => {
"type" => STRING,
"description" => "A principal transformer to apply before the realm is selected",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L
},
"post-realm-principal-transformer" => {
"type" => STRING,
"description" => "A principal transformer to apply after the realm is selected",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L
},
"final-principal-transformer" => {
"type" => STRING,
"description" => "A final principal transformer to apply for this mechanism realm",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used by the mechanism",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
},
"mechanism-realm-configurations" => {
"type" => LIST,
"description" => "Definition of the realm names as understood by the mechanism",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => {
"realm-name" => {
"type" => STRING,
"description" => "The name of the realm to be presented by the mechanism",
"expressions-allowed" => true,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
},
"pre-realm-principal-transformer" => {
"type" => STRING,
"description" => "A principal transformer to apply before the realm is selected",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L
},
"post-realm-principal-transformer" => {
"type" => STRING,
"description" => "A principal transformer to apply after the realm is selected",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L
},
"final-principal-transformer" => {
"type" => STRING,
"description" => "A final principal transformer to apply for this mechanism realm",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used by the mechanism",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L
}
}
},
"credential-security-factory" => {
"type" => STRING,
"description" => "The security factory to use to obtain a credential as required by the mechanism",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.security-factory.credential",
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"sasl-server-factory" => {
"type" => STRING,
"description" => "The SaslServerFactory to associate with this resource",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.sasl-server-factory",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"security-domain" => {
"type" => STRING,
"description" => "The SecurityDomain to associate with this resource",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.security-domain",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
server-ssl-context.json
[standalone@localhost:9990 /] ./subsystem=elytron/server-ssl-context=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("server-ssl-context" => "*")
],
"outcome" => "success",
"result" => {
"description" => "An SSLContext for use on the server side of a connection.",
"capabilities" => [{
"name" => "org.wildfly.security.ssl-context",
"dynamic" => true
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"active-session-count" => {
"type" => INT,
"description" => "The count of current active sessions.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"access-type" => "read-only",
"storage" => "runtime"
},
"authentication-optional" => {
"type" => BOOLEAN,
"description" => "Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"cipher-suite-filter" => {
"type" => STRING,
"description" => "The filter to apply to specify the enabled cipher suites.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => "DEFAULT",
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"final-principal-transformer" => {
"type" => STRING,
"description" => "A final principal transformer to apply for this mechanism realm.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"key-manager" => {
"type" => STRING,
"description" => "Reference to the key manager to use within the SSLContext.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-manager",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"maximum-session-cache-size" => {
"type" => INT,
"description" => "The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => -1,
"min" => -1L,
"max" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"need-client-auth" => {
"type" => BOOLEAN,
"description" => "To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"post-realm-principal-transformer" => {
"type" => STRING,
"description" => "A principal transformer to apply after the realm is selected.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"pre-realm-principal-transformer" => {
"type" => STRING,
"description" => "A principal transformer to apply before the realm is selected.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.principal-transformer",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"protocols" => {
"type" => LIST,
"description" => "The enabled protocols.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"allowed" => [
"SSLv2",
"SSLv3",
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"TLSv1.3"
],
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"provider-name" => {
"type" => STRING,
"description" => "The name of the provider to use. If not specified, all providers from providers will be passed to the SSLContext.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"providers" => {
"type" => STRING,
"description" => "The name of the providers to obtain the Provider[] to use to load the SSLContext.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"realm-mapper" => {
"type" => STRING,
"description" => "The realm mapper to be used for SSL authentication.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.realm-mapper",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "resource-services"
},
"security-domain" => {
"type" => STRING,
"description" => "The security domain to use for authentication during SSL session establishment.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.security-domain",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"session-timeout" => {
"type" => INT,
"description" => "The timeout for SSL sessions, in seconds. The default value -1 means use the JVM default value. Value zero means there is no limit.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => -1,
"min" => -1L,
"max" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"trust-manager" => {
"type" => STRING,
"description" => "Reference to the trust manager to use within the SSLContext.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.trust-manager",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"use-cipher-suites-order" => {
"type" => BOOLEAN,
"description" => "To honor local cipher suites preference.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => true,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"want-client-auth" => {
"type" => BOOLEAN,
"description" => "To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"wrap" => {
"type" => BOOLEAN,
"description" => "Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {"ssl-session" => {
"description" => "A currently established SSL session.",
"model-description" => undefined
}}
}
}]
}
Raw
subsystem.json
[standalone@localhost:9990 /] ./subsystem=elytron:read-resource-description
{
"outcome" => "success",
"result" => {
"description" => "The Elytron Subsystem",
"capabilities" => [{
"name" => "org.wildfly.security.elytron",
"dynamic" => false
}],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"default-authentication-context" => {
"type" => STRING,
"description" => "The default authentication context to be associated with all deployments.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.authentication-context",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"disallowed-providers" => {
"type" => LIST,
"description" => "A list of providers that are not allowed, and will be removed from the providers list.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 0L,
"max-length" => 2147483647L,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "jvm"
},
"final-providers" => {
"type" => STRING,
"description" => "Reference to the Providers that should be registered after all existing Providers.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"initial-providers" => {
"type" => STRING,
"description" => "Reference to the Providers that should be registered ahead of all existing Providers.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"security-properties" => {
"type" => OBJECT,
"description" => "Security properties to be set.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {
"configurable-sasl-server-factory" => {
"description" => "A SaslServerFactory definition that wraps another SaslServerFactory and applies the specified configuration and filtering.",
"model-description" => undefined
},
"custom-role-mapper" => {
"description" => "Definition of a custom RoleMapper",
"model-description" => undefined
},
"sasl-authentication-factory" => {
"description" => "Resource containing the association of a SecurityDomain with a SaslServerFactory.",
"model-description" => undefined
},
"size-rotating-file-audit-log" => {
"description" => "An audit log definition for persisting an audit log to a local files rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.",
"model-description" => undefined
},
"add-prefix-role-mapper" => {
"description" => "A role mapper definition for a role mapper that adds a prefix to each provided.",
"model-description" => undefined
},
"aggregate-http-server-mechanism-factory" => {
"description" => "A http server factory definition where the http server factory is an aggregation of other http server factories.",
"model-description" => undefined
},
"aggregate-security-event-listener" => {
"description" => "An aggregation of two or more security event listener resources.",
"model-description" => undefined
},
"mapped-regex-realm-mapper" => {
"description" => "Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.",
"model-description" => undefined
},
"constant-permission-mapper" => {
"description" => "Definition of a permission mapper that always returns the same constant.",
"model-description" => undefined
},
"key-manager" => {
"description" => "A key manager definition for creating the KeyManager as used to create an SSLContext.",
"model-description" => undefined
},
"properties-realm" => {
"description" => "A security realm definition backed by properties files.",
"model-description" => undefined
},
"http-authentication-factory" => {
"description" => "Resource containing the association of a SecurityDomain with a HttpServerAuthenticationMechanismFactory.",
"model-description" => undefined
},
"regex-principal-transformer" => {
"description" => "A regular expression based principal transformer",
"model-description" => undefined
},
"filesystem-realm" => {
"description" => "A simple security realm definition backed by the filesystem.",
"model-description" => undefined
},
"logical-role-mapper" => {
"description" => "A RoleMapper definition for a RoleMapper that performs a logical operation using two referenced RoleMappers.",
"model-description" => undefined
},
"periodic-rotating-file-audit-log" => {
"description" => "An audit log definition for persisting an audit log to a local files rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.",
"model-description" => undefined
},
"ldap-key-store" => {
"description" => "A LdapKeyStore definition.",
"model-description" => undefined
},
"service-loader-http-server-mechanism-factory" => {
"description" => "A http server factory definition where the http server factory is an aggregation of factories identified using a ServiceLoader",
"model-description" => undefined
},
"server-ssl-context" => {
"description" => "An SSLContext for use on the server side of a connection.",
"model-description" => undefined
},
"chained-principal-transformer" => {
"description" => "A principal transformer definition where the principal transformer is a chaining of other principal transformers.",
"model-description" => undefined
},
"client-ssl-context" => {
"description" => "An SSLContext for use on the client side of a connection.",
"model-description" => undefined
},
"simple-regex-realm-mapper" => {
"description" => "Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.",
"model-description" => undefined
},
"authentication-context" => {
"description" => "An individual authentication context definition.",
"model-description" => undefined
},
"constant-principal-decoder" => {
"description" => "Definition of a principal decoder that always returns the same constant.",
"model-description" => undefined
},
"aggregate-principal-decoder" => {
"description" => "A principal decoder definition where the principal decoder is an aggregation of other principal decoders.",
"model-description" => undefined
},
"simple-permission-mapper" => {
"description" => "Definition of a simple configured permission mapper.",
"model-description" => undefined
},
"filtering-key-store" => {
"description" => "A filtering KeyStore definition.",
"model-description" => undefined
},
"syslog-audit-log" => {
"description" => "An audit logger that sends audit events to a remote syslog server.",
"model-description" => undefined
},
"x500-attribute-principal-decoder" => {
"description" => "Definition of a X.500 attribute based principal decoder",
"model-description" => undefined
},
"token-realm" => {
"description" => "A security realm definition capable of validating and extracting identities from security tokens.",
"model-description" => undefined
},
"custom-permission-mapper" => {
"description" => "Definition of a custom permission mapper.",
"model-description" => undefined
},
"dir-context" => {
"description" => "The configuration to connect to a directory (LDAP) server.",
"model-description" => undefined
},
"add-suffix-role-mapper" => {
"description" => "A role mapper definition for a role mapper that adds a suffix to each provided.",
"model-description" => undefined
},
"configurable-http-server-mechanism-factory" => {
"description" => "A HTTP server factory definition that wraps another HTTP server factory and applies the specified configuration and filtering.",
"model-description" => undefined
},
"aggregate-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.",
"model-description" => undefined
},
"custom-principal-transformer" => {
"description" => "A custom principal transformer definition.",
"model-description" => undefined
},
"regex-validating-principal-transformer" => {
"description" => "A regular expression based principal transformer which uses the regular expression to validate the name.",
"model-description" => undefined
},
"ldap-realm" => {
"description" => "A security realm definition backed by LDAP.",
"model-description" => undefined
},
"policy" => {
"description" => "A definition that sets up a policy provider.",
"model-description" => undefined
},
"provider-loader" => {
"description" => "A definition for a Provider loader.",
"model-description" => undefined
},
"mechanism-provider-filtering-sasl-server-factory" => {
"description" => "A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version. Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.",
"model-description" => undefined
},
"kerberos-security-factory" => {
"description" => "A security factory for obtaining a GSSCredential for use during authentication.",
"model-description" => undefined
},
"authentication-configuration" => {
"description" => "An individual authentication configuration definition.",
"model-description" => undefined
},
"custom-principal-decoder" => {
"description" => "Definition of a custom principal decoder",
"model-description" => undefined
},
"identity-realm" => {
"description" => "A security realm definition where identities are represented in the management model.",
"model-description" => undefined
},
"file-audit-log" => {
"description" => "An audit logger that logs to a local file.",
"model-description" => undefined
},
"custom-realm-mapper" => {
"description" => "Definition of a custom RealmMapper",
"model-description" => undefined
},
"trust-manager" => {
"description" => "A trust manager definition for creating the TrustManager[] as used to create an SSLContext.",
"model-description" => undefined
},
"provider-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of factories from the Provider[]",
"model-description" => undefined
},
"jdbc-realm" => {
"description" => "A security realm definition backed by database using JDBC.",
"model-description" => undefined
},
"key-store-realm" => {
"description" => "A security realm definition backed by a key store.",
"model-description" => undefined
},
"security-domain" => {
"description" => "A security domain definition.",
"model-description" => undefined
},
"constant-realm-mapper" => {
"description" => "Definition of a constant RealmMapper that always returns the same value.",
"model-description" => undefined
},
"aggregate-realm" => {
"description" => "A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.",
"model-description" => undefined
},
"aggregate-providers" => {
"description" => "An aggregation of two or more Provider[] resources.",
"model-description" => undefined
},
"logical-permission-mapper" => {
"description" => "Definition of a logical permission mapper.",
"model-description" => undefined
},
"constant-principal-transformer" => {
"description" => "A principal transformer definition for a PrincipalTransformer that always returns the same constant.",
"model-description" => undefined
},
"provider-http-server-mechanism-factory" => {
"description" => "A http server factory definition where the http server factory is an aggregation of factories from the Provider[]",
"model-description" => undefined
},
"constant-role-mapper" => {
"description" => "A role mapper definition where a constant set of roles is always returned.",
"model-description" => undefined
},
"service-loader-sasl-server-factory" => {
"description" => "A sasl server factory definition where the sasl server factory is an aggregation of factories identified using a ServiceLoader",
"model-description" => undefined
},
"caching-realm" => {
"description" => "A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.",
"model-description" => undefined
},
"concatenating-principal-decoder" => {
"description" => "A principal decoder definition where the principal decoder is a concatenation of other principal decoders.",
"model-description" => undefined
},
"credential-store" => {
"description" => "Credential store to keep alias for sensitive information such as passwords for external services.",
"model-description" => undefined
},
"custom-modifiable-realm" => {
"description" => "Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface. By configuring a realm as being modifiable management operations will be made available to manipulate the realm.",
"model-description" => undefined
},
"custom-credential-security-factory" => {
"description" => "A custom credential SecurityFactory definition.",
"model-description" => undefined
},
"key-store" => {
"description" => "A KeyStore definition.",
"model-description" => undefined
},
"custom-role-decoder" => {
"description" => "Definition of a custom RoleDecoder",
"model-description" => undefined
},
"simple-role-decoder" => {
"description" => "Definition of a simple RoleDecoder that takes a single attribute and maps it directly to roles.",
"model-description" => undefined
},
"aggregate-principal-transformer" => {
"description" => "A principal transformer aggregating more principal transformers. Original principal is tried to be transformed by individual transformers until one return non-null principal - that is returned.",
"model-description" => undefined
},
"aggregate-role-mapper" => {
"description" => "A role mapper definition where the role mapper is an aggregation of other role mappers.",
"model-description" => undefined
},
"custom-realm" => {
"description" => "A custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface. Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.",
"model-description" => undefined
}
}
}
}
Raw
trust-manager.json
[standalone@localhost:9993 /] ./subsystem=elytron/trust-manager=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("trust-manager" => "*")
],
"outcome" => "success",
"result" => {
"description" => "A trust manager definition for creating the TrustManager[] as used to create an SSLContext.",
"capabilities" => [
{
"name" => "org.wildfly.security.trust-manager",
"dynamic" => true
},
{
"name" => "org.wildfly.security.credential-store",
"dynamic" => true
}
],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"algorithm" => {
"type" => STRING,
"description" => "The name of the algorithm to use to create the underlying TrustManagerFactory.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"alias-filter" => {
"type" => STRING,
"description" => "A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"certificate-revocation-list" => {
"type" => OBJECT,
"description" => "Enables certificate revocation list checks to a trust manager.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"value-type" => {
"path" => {
"type" => STRING,
"description" => "The path to the configuration to use to initialise the provider.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"relative-to" => {
"type" => STRING,
"description" => "The base path of the certificate revocation list file.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"requires" => ["path"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"maximum-cert-path" => {
"type" => INT,
"description" => "The maximum number of non-self-issued intermediate certificates that may exist in a certification path.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => 5,
"min" => 1L,
"max" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"key-store" => {
"type" => STRING,
"description" => "Reference to the KeyStore to use to initialise the underlying TrustManagerFactory.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"capability-reference" => "org.wildfly.security.key-store",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"provider-name" => {
"type" => STRING,
"description" => "The name of the provider to use to create the underlying TrustManagerFactory.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"providers" => {
"type" => STRING,
"description" => "Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"capability-reference" => "org.wildfly.security.providers",
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Raw
x500-attribute-principal-decoder.json
[standalone@localhost:9993 /] ./subsystem=elytron/x500-attribute-principal-decoder=*:read-resource-description
{
"outcome" => "success",
"result" => [{
"address" => [
("subsystem" => "elytron"),
("x500-attribute-principal-decoder" => "*")
],
"outcome" => "success",
"result" => {
"description" => "Definition of a X.500 attribute based principal decoder",
"capabilities" => [
{
"name" => "org.wildfly.security.principal-transformer",
"dynamic" => true
},
{
"name" => "org.wildfly.security.principal-decoder",
"dynamic" => true
}
],
"access-constraints" => {
"sensitive" => {"elytron-security" => {"type" => "elytron"}},
"application" => {"elytron-security" => {"type" => "elytron"}}
},
"attributes" => {
"attribute-name" => {
"type" => STRING,
"description" => "The name of the X.500 attribute to map (can be defined using OID instead)",
"expressions-allowed" => true,
"required" => true,
"nillable" => true,
"alternatives" => ["oid"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"convert" => {
"type" => BOOLEAN,
"description" => "When set to 'true', if the Principal is not already an X500Principal conversion will be attempted",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"joiner" => {
"type" => STRING,
"description" => "The joining string",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => ".",
"min-length" => 0L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"maximum-segments" => {
"type" => INT,
"description" => "The maximum number of occurrences of the attribute to map",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => 2147483647,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"oid" => {
"type" => STRING,
"description" => "The OID of the X.500 attribute to map (can be defined using attribute name instead)",
"expressions-allowed" => true,
"required" => true,
"nillable" => true,
"alternatives" => ["attribute-name"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"required-attributes" => {
"type" => LIST,
"description" => "The attributes names of the attributes that must be present in the principal",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"required-oids" => {
"type" => LIST,
"description" => "The OIDs of the attributes that must be present in the principal",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L,
"value-type" => STRING,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"reverse" => {
"type" => BOOLEAN,
"description" => "When set to 'true', the attribute values will be processed and returned in reverse order",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => false,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
},
"start-segment" => {
"type" => INT,
"description" => "The 0-based starting occurrence of the attribute to map",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"default" => 0,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "all-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}
}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment