Chapter 4. Reference
4.1. aggregate-realm
attributes
You can configure aggregate-realm
by setting its attributes.
Attribute | Description |
---|---|
authentication-realm | Reference to the security realm to use for authentication steps. This is used for obtaining or validating credentials. |
authorization-realm | Reference to the security realm to use for loading the identity for authorization steps. |
authorization-realms | Reference to the security realms to aggregate for loading the identity for authorization steps. If an attribute is defined in more than one authorization realm, the value of the first occurrence of the attribute is used. |
principal-transformer | Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization. |
The authorization-realm
and authorization-realms
attributes are mutually exclusive. Define only one of the two attributes in a realm.
4.2. caching-realm
attributes
You can configure caching-realm
by setting its attributes.
Attribute | Description |
---|---|
maximum-age |
The time in milliseconds that an item can stay in the cache. A value of |
maximum-entries |
The maximum number of entries to keep in the cache. This defaults to |
realm |
A reference to a cacheable security realm such as |
4.3. distributed-realm
attributes
You can configure distributed-realm
by setting its attributes.
Attribute | Description |
---|---|
emit-events |
Whether a |
ignore-unavailable-realms |
In case the connection to any identity store fails, whether subsequent realms should be checked. Set the value to
When the value is set to |
realms | A list of the security realms to search. The security realms are invoked sequentially in the order they are provided in this attribute. |
4.4. failover-realm
attributes
You can configure failover-realm
by setting its attributes.
Attribute | Description |
---|---|
delegate-realm | The security realm to use by default. |
emit-events |
Specifies whether a security event of the type |
failover-realm |
The security realm to use in case the |
4.5. file-audit-log
attributes
Attribute | Description |
---|---|
|
Specifies if the output stream requires flushing after every audit event. If you do not define the attribute, the |
|
Specifies the audit file encoding. The default is
|
|
Default value is |
| Defines the location of the log files. |
| Optional attribute. Defines the location of the log files. |
|
Default value is |
4.6. http-authentication-factory
attributes
You can configure http-authentication-factory
by setting its attributes.
Attribute | Description |
---|---|
http-server-mechanism-factory |
The |
mechanism-configurations | The list of mechanism-specific configurations. |
security-domain | The security domain to associate with the resource. |
Attribute | Description |
---|---|
credential-security-factory | The security factory to use to obtain a credential as required by the mechanism. |
final-principal-transformer | A final principal transformer to apply for this mechanism realm. |
host-name | The host name this configuration applies to. |
mechanism-name | This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name. |
mechanism-realm-configurations | The list of definitions of the realm names as understood by the mechanism. |
pre-realm-principal-transformer | A principal transformer to apply before the realm is selected. |
post-realm-principal-transformer | A principal transformer to apply after the realm is selected. |
protocol | The protocol this configuration applies to. |
realm-mapper | The realm mapper to be used by the mechanism. |
Attribute | Description |
---|---|
final-principal-transformer | A final principal transformer to apply for this mechanism realm. |
post-realm-principal-transformer | A principal transformer to apply after the realm is selected. |
pre-realm-principal-transformer | A principal transformer to apply before the realm is selected. |
realm-mapper | The realm mapper to be used by the mechanism. |
realm-name | The name of the realm to be presented by the mechanism. |
4.7. jaas-realm
attributes
You can configure jaas-realm
by setting its attributes. All the attributes except entry
are optional.
attribute | description |
---|---|
|
Callback handler to use with the Login Context. Security property |
|
The entry name to use to initialize |
|
The module with custom |
|
The optional path to JAAS configuration file. You can also specify the location with java system property |
|
If you provide |
4.8. module
command arguments
You can use different arguments with the module
command.
Argument | Description |
---|---|
--absolute-resources |
Use this argument to specify a list of absolute file system paths to reference from its
See |
--allow-nonexistent-resources |
Use this argument to create empty directories for resources specified by |
--dependencies | Use this argument to provide a comma-separated list of module names that this module depends on. |
--export-dependencies | Use this argument to specify exported dependencies. module add --name=com.mysql --resources=/path/to/{MySQLDriverJarName} --export-dependencies=wildflyee.api,java.se
|
--main-class | Use this argument to specify the fully qualified class name that declares the module’s main method. |
--module-root-dir |
Use this argument if you have defined an external JBoss EAP module directory to use instead of the default module add --module-root-dir=/path/to/my-external-modules/ --name=com.mysql --resources=/path/to/{MySQLDriverJarName} --dependencies=wildflyee.api,java.se |
--module-xml |
Use this argument to provide a file system path to a |
--name | Use this argument to provide the name of the module to add. This argument is required. |
--properties |
Use this argument to provide a comma-separated list of |
--resource-delimiter |
Use this argument to set a user-defined file path separator for the list of resources provided to the |
--resources |
Use this argument to specify the resources for this module by providing a list of file system paths. The files are copied to this module directory and referenced from its
See |
--slot |
Use this argument to add the module to a slot other than the default module add --name=com.mysql --slot=8.0 --resources=/path/to/{MySQLDriverJarName} --dependencies=wildflyee.api,java.se
|
4.9. periodic-rotating-file-audit-log
attributes
Attribute | Description |
---|---|
|
Specifies if the output stream requires flushing after every audit event. If you do not define the attribute, the |
|
Specifies the audit file encoding. The default is
|
|
Use |
| Defines the location of the log files. |
| Optional attribute. Defines the location of the log files. |
|
Optional attribute. Adds a date suffix to a rotated log. You must use the |
|
Default value is |
4.10. sasl-authentication-factory
attributes
You can configure sasl-authentication-factory
by setting its attributes.
Attribute | Description |
---|---|
mechanism-configurations | The list of mechanism specific configurations. |
sasl-server-factory | The SASL server factory to associate with this resource. |
security-domain | The security domain to associate with this resource. |
Attribute | Description |
---|---|
credential-security-factory | The security factory to use to obtain a credential as required by the mechanism. |
final-principal-transformer | A final principal transformer to apply for this mechanism realm. |
host-name | The host name this configuration applies to. |
mechanism-name | This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name. |
mechanism-realm-configurations | The list of definitions of the realm names as understood by the mechanism. |
protocol | The protocol this configuration applies to. |
post-realm-principal-transformer | A principal transformer to apply after the realm is selected. |
pre-realm-principal-transformer | A principal transformer to apply before the realm is selected. |
realm-mapper | The realm mapper to be used by the mechanism. |
Attribute | Description |
---|---|
final-principal-transformer | A final principal transformer to apply for this mechanism realm. |
post-realm-principal-transformer | A principal transformer to apply after the realm is selected. |
pre-realm-principal-transformer | A principal transformer to apply before the realm is selected. |
realm-mapper | The realm mapper to be used by the mechanism. |
realm-name | The name of the realm to be presented by the mechanism. |
4.11. security-domain
attributes
You can configure security-domain
by setting its attributes.
Attribute | Description |
---|---|
default-realm | The default realm contained by this security domain. |
evidence-decoder | A reference to an EvidenceDecoder to be used by this domain. |
outflow-anonymous | This attribute specifies whether the anonymous identity should be used if outflow to a security domain is not possible, which happens in the following scenarios:
Outflowing anonymous identity clears any previously established identity for that domain. |
outflow-security-domains | The list of security domains that the security identity from this domain should automatically outflow to. |
permission-mapper | A reference to a PermissionMapper to be used by this domain. |
post-realm-principal-transformer | A reference to a principal transformer to be applied after the realm has operated on the supplied identity name. |
pre-realm-principal-transformer | A reference to a principal transformer to be applied before the realm is selected. |
principal-decoder | A reference to a PrincipalDecoder to be used by this domain. |
realm-mapper | Reference to the RealmMapper to be used by this domain. |
realms | The list of realms contained by this security domain. |
role-decoder | Reference to the RoleDecoder to be used by this domain. |
role-mapper | Reference to the RoleMapper to be used by this domain. |
security-event-listener | Reference to a listener for security events. |
trusted-security-domains | The list of security domains that are trusted by this security domain. |
trusted-virtual-security-domains | The list of virtual security domains that are trusted by this security domain. |
4.12. simple-role-decoder
attributes
You can configure simple role decoder by setting its attribute.
Attribute | Description |
---|---|
attribute | The name of the attribute from the identity to map directly to roles. |
4.13. size-rotating-file-audit-log
attributes
Attribute | Description |
---|---|
|
Specifies if the output stream requires flushing after every audit event. If you do not define the attribute, the |
|
Specifies the audit file encoding. The default is
|
|
Default value is |
|
The maximum number of files to back up when rotating. The default value is |
| Defines the location of the log files. |
| Optional attribute. Defines the location of the log files. |
|
By default, Elytron does not create a new log file when you restart a server. Set this attribute to |
|
The maximum size that the log file can reach before Elytron rotates the log. The default is |
|
Optional attribute. Adds a date suffix to a rotated log. You must use the |
|
Default value is |
4.14. syslog-audit-log
attributes
Attribute | Description |
---|---|
| The format in which audit events are recorded. Supported values:
Default value:
|
| The host name to be embedded into all events sent to the syslog server. |
|
The listening port on the |
|
The maximum number of times that Elytron will attempt to send successive messages to a Supported values:
Default value:
|
|
IP address of the |
|
The SSL context to use when connecting to the |
| The RFC format to be used for describing the audit event. Supported values:
Default value:
|
|
The transport layer protocol to use to connect to the Supported values:
Default value:
|