| <?xml version="1.0" ?> |
| |
| <server xmlns="urn:jboss:domain:4.0"> |
| <extensions> |
| <extension module="org.jboss.as.clustering.infinispan"/> |
| <extension module="org.jboss.as.connector"/> |
| <extension module="org.jboss.as.deployment-scanner"/> |
| <extension module="org.jboss.as.ee"/> |
| <extension module="org.jboss.as.ejb3"/> |
| <extension module="org.jboss.as.jaxrs"/> |
| <extension module="org.jboss.as.jdr"/> |
| <extension module="org.jboss.as.jmx"/> |
| <extension module="org.jboss.as.jpa"/> |
| <extension module="org.jboss.as.jsf"/> |
| <extension module="org.jboss.as.logging"/> |
| <extension module="org.jboss.as.mail"/> |
| <extension module="org.jboss.as.naming"/> |
| <extension module="org.jboss.as.remoting"/> |
| <extension module="org.jboss.as.security"/> |
| <extension module="org.jboss.as.transactions"/> |
| <extension module="org.keycloak.keycloak-server-subsystem"/> |
| <extension module="org.wildfly.extension.bean-validation"/> |
| <extension module="org.wildfly.extension.io"/> |
| <extension module="org.wildfly.extension.request-controller"/> |
| <extension module="org.wildfly.extension.security.manager"/> |
| <extension module="org.wildfly.extension.undertow"/> |
| </extensions> |
| <management> |
| <security-realms> |
| <security-realm name="ManagementRealm"> |
| <authentication> |
| <local default-user="$local" skip-group-loading="true"/> |
| <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> |
| </authentication> |
| <authorization map-groups-to-roles="false"> |
| <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> |
| </authorization> |
| </security-realm> |
| <security-realm name="ApplicationRealm"> |
| <authentication> |
| <local default-user="$local" allowed-users="*" skip-group-loading="true"/> |
| <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> |
| </authentication> |
| <authorization> |
| <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> |
| </authorization> |
| </security-realm> |
| <security-realm name="UndertowRealm"> |
| <server-identities> |
| <ssl> |
| <keystore path="{{keycloak_ssl_keystore_file_name}}" relative-to="jboss.server.config.dir" keystore-password="{{keycloak_ssl_keystore_password}}" /> |
| </ssl> |
| </server-identities> |
| </security-realm> |
| </security-realms> |
| <audit-log> |
| <formatters> |
| <json-formatter name="json-formatter"/> |
| </formatters> |
| <handlers> |
| <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> |
| </handlers> |
| <logger log-boot="true" log-read-only="false" enabled="false"> |
| <handlers> |
| <handler name="file"/> |
| </handlers> |
| </logger> |
| </audit-log> |
| <management-interfaces> |
| <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> |
| <socket-binding http="management-http"/> |
| </http-interface> |
| </management-interfaces> |
| <access-control provider="simple"> |
| <role-mapping> |
| <role name="SuperUser"> |
| <include> |
| <user name="$local"/> |
| </include> |
| </role> |
| </role-mapping> |
| </access-control> |
| </management> |
| <profile> |
| <subsystem xmlns="urn:jboss:domain:logging:3.0"> |
| <console-handler name="CONSOLE"> |
| <level name="INFO"/> |
| <formatter> |
| <named-formatter name="COLOR-PATTERN"/> |
| </formatter> |
| </console-handler> |
| <periodic-rotating-file-handler name="FILE" autoflush="true"> |
| <formatter> |
| <named-formatter name="PATTERN"/> |
| </formatter> |
| <file relative-to="jboss.server.log.dir" path="server.log"/> |
| <suffix value=".yyyy-MM-dd"/> |
| <append value="true"/> |
| </periodic-rotating-file-handler> |
| <logger category="com.arjuna"> |
| <level name="WARN"/> |
| </logger> |
| <logger category="org.jboss.as.config"> |
| <level name="DEBUG"/> |
| </logger> |
| <logger category="sun.rmi"> |
| <level name="WARN"/> |
| </logger> |
| <root-logger> |
| <level name="INFO"/> |
| <handlers> |
| <handler name="CONSOLE"/> |
| <handler name="FILE"/> |
| </handlers> |
| </root-logger> |
| <formatter name="PATTERN"> |
| <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> |
| </formatter> |
| <formatter name="COLOR-PATTERN"> |
| <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/> |
| </formatter> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/> |
| <subsystem xmlns="urn:jboss:domain:datasources:4.0"> |
| <datasources> |
| <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true"> |
| <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url> |
| <driver>h2</driver> |
| <security> |
| <user-name>sa</user-name> |
| <password>sa</password> |
| </security> |
| </datasource> |
| <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true"> |
| <connection-url>{{keycloak_db_url}}</connection-url> |
| <driver>mysql</driver> |
| <pool> |
| <max-pool-size>{{keycloak_db_pool_size}}</max-pool-size> |
| </pool> |
| <security> |
| <user-name>{{keycloak_db_username}}</user-name> |
| <password>{{keycloak_db_password}}</password> |
| </security> |
| <validation> |
| <check-valid-connection-sql>select 1</check-valid-connection-sql> |
| <validate-on-match>false</validate-on-match> |
| <background-validation>true</background-validation> |
| <background-validation-millis>10000</background-validation-millis> |
| </validation> |
| </datasource> |
| <drivers> |
| <driver name="mysql" module="org.mysql"> |
| <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class> |
| </driver> |
| <driver name="h2" module="com.h2database.h2"> |
| <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> |
| </driver> |
| </drivers> |
| </datasources> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0"> |
| <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:ee:4.0"> |
| <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> |
| <concurrent> |
| <context-services> |
| <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/> |
| </context-services> |
| <managed-thread-factories> |
| <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/> |
| </managed-thread-factories> |
| <managed-executor-services> |
| <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/> |
| </managed-executor-services> |
| <managed-scheduled-executor-services> |
| <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/> |
| </managed-scheduled-executor-services> |
| </concurrent> |
| <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:ejb3:4.0"> |
| <session-bean> |
| <stateless> |
| <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/> |
| </stateless> |
| <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/> |
| <singleton default-access-timeout="5000"/> |
| </session-bean> |
| <pools> |
| <bean-instance-pools> |
| <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value --> |
| <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> |
| <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/> |
| </bean-instance-pools> |
| </pools> |
| <caches> |
| <cache name="simple"/> |
| <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/> |
| </caches> |
| <passivation-stores> |
| <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/> |
| </passivation-stores> |
| <async thread-pool-name="default"/> |
| <timer-service thread-pool-name="default" default-data-store="default-file-store"> |
| <data-stores> |
| <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/> |
| </data-stores> |
| </timer-service> |
| <remote connector-ref="http-remoting-connector" thread-pool-name="default"/> |
| <thread-pools> |
| <thread-pool name="default"> |
| <max-threads count="10"/> |
| <keepalive-time time="100" unit="milliseconds"/> |
| </thread-pool> |
| </thread-pools> |
| <default-security-domain value="other"/> |
| <default-missing-method-permissions-deny-access value="true"/> |
| <log-system-exceptions value="true"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:io:1.1"> |
| <worker name="default"/> |
| <buffer-pool name="default"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:infinispan:4.0"> |
| <cache-container name="keycloak" jndi-name="infinispan/Keycloak"> |
| <local-cache name="realms"> |
| <eviction max-entries="10000" strategy="LRU"/> |
| </local-cache> |
| <local-cache name="users"> |
| <eviction max-entries="10000" strategy="LRU"/> |
| </local-cache> |
| <local-cache name="sessions"/> |
| <local-cache name="offlineSessions"/> |
| <local-cache name="loginFailures"/> |
| <local-cache name="work"/> |
| <local-cache name="authorization"> |
| <eviction max-entries="100" strategy="LRU"/> |
| </local-cache> |
| <local-cache name="keys"> |
| <eviction max-entries="1000" strategy="LRU"/> |
| <expiration max-idle="3600000"/> |
| </local-cache> |
| </cache-container> |
| <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server"> |
| <local-cache name="default"> |
| <transaction mode="BATCH"/> |
| </local-cache> |
| </cache-container> |
| <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan"> |
| <local-cache name="passivation"> |
| <locking isolation="REPEATABLE_READ"/> |
| <transaction mode="BATCH"/> |
| <file-store passivation="true" purge="false"/> |
| </local-cache> |
| <local-cache name="persistent"> |
| <locking isolation="REPEATABLE_READ"/> |
| <transaction mode="BATCH"/> |
| <file-store passivation="false" purge="false"/> |
| </local-cache> |
| </cache-container> |
| <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan"> |
| <local-cache name="passivation"> |
| <locking isolation="REPEATABLE_READ"/> |
| <transaction mode="BATCH"/> |
| <file-store passivation="true" purge="false"/> |
| </local-cache> |
| <local-cache name="persistent"> |
| <locking isolation="REPEATABLE_READ"/> |
| <transaction mode="BATCH"/> |
| <file-store passivation="false" purge="false"/> |
| </local-cache> |
| </cache-container> |
| <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan"> |
| <local-cache name="entity"> |
| <transaction mode="NON_XA"/> |
| <eviction strategy="LRU" max-entries="10000"/> |
| <expiration max-idle="100000"/> |
| </local-cache> |
| <local-cache name="local-query"> |
| <eviction strategy="LRU" max-entries="10000"/> |
| <expiration max-idle="100000"/> |
| </local-cache> |
| <local-cache name="timestamps"/> |
| </cache-container> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/> |
| <subsystem xmlns="urn:jboss:domain:jca:4.0"> |
| <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/> |
| <bean-validation enabled="true"/> |
| <default-workmanager> |
| <short-running-threads> |
| <core-threads count="50"/> |
| <queue-length count="50"/> |
| <max-threads count="50"/> |
| <keepalive-time time="10" unit="seconds"/> |
| </short-running-threads> |
| <long-running-threads> |
| <core-threads count="50"/> |
| <queue-length count="50"/> |
| <max-threads count="50"/> |
| <keepalive-time time="10" unit="seconds"/> |
| </long-running-threads> |
| </default-workmanager> |
| <cached-connection-manager/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:jdr:1.0"/> |
| <subsystem xmlns="urn:jboss:domain:jmx:1.3"> |
| <expose-resolved-model/> |
| <expose-expression-model/> |
| <remoting-connector/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:jpa:1.1"> |
| <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:jsf:1.0"/> |
| <subsystem xmlns="urn:jboss:domain:mail:2.0"> |
| <mail-session name="default" jndi-name="java:jboss/mail/Default"> |
| <smtp-server outbound-socket-binding-ref="mail-smtp"/> |
| </mail-session> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:naming:2.0"> |
| <remote-naming/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:remoting:3.0"> |
| <endpoint/> |
| <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/> |
| <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> |
| <deployment-permissions> |
| <maximum-set> |
| <permission class="java.security.AllPermission"/> |
| </maximum-set> |
| </deployment-permissions> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:security:1.2"> |
| <security-domains> |
| <security-domain name="other" cache-type="default"> |
| <authentication> |
| <login-module code="Remoting" flag="optional"> |
| <module-option name="password-stacking" value="useFirstPass"/> |
| </login-module> |
| <login-module code="RealmDirect" flag="required"> |
| <module-option name="password-stacking" value="useFirstPass"/> |
| </login-module> |
| </authentication> |
| </security-domain> |
| <security-domain name="jboss-web-policy" cache-type="default"> |
| <authorization> |
| <policy-module code="Delegating" flag="required"/> |
| </authorization> |
| </security-domain> |
| <security-domain name="jboss-ejb-policy" cache-type="default"> |
| <authorization> |
| <policy-module code="Delegating" flag="required"/> |
| </authorization> |
| </security-domain> |
| <security-domain name="jaspitest" cache-type="default"> |
| <authentication-jaspi> |
| <login-module-stack name="dummy"> |
| <login-module code="Dummy" flag="optional"/> |
| </login-module-stack> |
| <auth-module code="Dummy"/> |
| </authentication-jaspi> |
| </security-domain> |
| </security-domains> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:transactions:3.0"> |
| <core-environment> |
| <process-id> |
| <uuid/> |
| </process-id> |
| </core-environment> |
| <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:undertow:3.0"> |
| <buffer-cache name="default"/> |
| <server name="default-server"> |
| <http-listener name="default" socket-binding="http" redirect-socket="https"/> |
| <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/> |
| <host name="default-host" alias="localhost"> |
| <location name="/" handler="welcome-content"/> |
| <filter-ref name="server-header"/> |
| <filter-ref name="x-powered-by-header"/> |
| </host> |
| </server> |
| <servlet-container name="default"> |
| <jsp-config/> |
| <websockets/> |
| </servlet-container> |
| <handlers> |
| <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/> |
| </handlers> |
| <filters> |
| <response-header name="server-header" header-name="Server" header-value="WildFly/10"/> |
| <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/> |
| </filters> |
| </subsystem> |
| <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> |
| <web-context>auth</web-context> |
| <providers> |
| <provider>classpath:${jboss.home.dir}/providers/*</provider> |
| </providers> |
| <master-realm-name>master</master-realm-name> |
| <scheduled-task-interval>900</scheduled-task-interval> |
| <theme> |
| <staticMaxAge>2592000</staticMaxAge> |
| <cacheThemes>true</cacheThemes> |
| <cacheTemplates>true</cacheTemplates> |
| <dir>${jboss.home.dir}/themes</dir> |
| </theme> |
| <spi name="eventsStore"> |
| <default-provider>jpa</default-provider> |
| <provider name="jpa" enabled="true"> |
| <properties> |
| <property name="exclude-events" value="["REFRESH_TOKEN"]"/> |
| </properties> |
| </provider> |
| </spi> |
| <spi name="realm"> |
| <default-provider>jpa</default-provider> |
| </spi> |
| <spi name="user"> |
| <default-provider>jpa</default-provider> |
| </spi> |
| <spi name="userFederatedStorage"> |
| <default-provider>jpa</default-provider> |
| </spi> |
| <spi name="userCache"> |
| <provider name="default" enabled="true"/> |
| </spi> |
| <spi name="userSessionPersister"> |
| <default-provider>jpa</default-provider> |
| </spi> |
| <spi name="authorizationPersister"> |
| <default-provider>jpa</default-provider> |
| </spi> |
| <spi name="timer"> |
| <default-provider>basic</default-provider> |
| </spi> |
| <spi name="connectionsHttpClient"> |
| <provider name="default" enabled="true"/> |
| </spi> |
| <spi name="connectionsJpa"> |
| <provider name="default" enabled="true"> |
| <properties> |
| <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/> |
| <property name="initializeEmpty" value="true"/> |
| <property name="migrationStrategy" value="update"/> |
| <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/> |
| </properties> |
| </provider> |
| </spi> |
| <spi name="realmCache"> |
| <provider name="default" enabled="true"/> |
| </spi> |
| <spi name="connectionsInfinispan"> |
| <default-provider>default</default-provider> |
| <provider name="default" enabled="true"> |
| <properties> |
| <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/> |
| </properties> |
| </provider> |
| </spi> |
| <spi name="jta-lookup"> |
| <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider> |
| <provider name="jboss" enabled="true"/> |
| </spi> |
| <spi name="publicKeyStorage"> |
| <provider name="infinispan" enabled="true"> |
| <properties> |
| <property name="minTimeBetweenRequests" value="10"/> |
| </properties> |
| </provider> |
| </spi> |
| </subsystem> |
| </profile> |
| <interfaces> |
| <interface name="management"> |
| <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> |
| </interface> |
| <interface name="public"> |
| <inet-address value="${jboss.bind.address:127.0.0.1}"/> |
| </interface> |
| </interfaces> |
| <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> |
| <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> |
| <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> |
| <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> |
| <socket-binding name="http" port="${jboss.http.port:8080}"/> |
| <socket-binding name="https" port="${jboss.https.port:443}"/> |
| <socket-binding name="txn-recovery-environment" port="4712"/> |
| <socket-binding name="txn-status-manager" port="4713"/> |
| <outbound-socket-binding name="mail-smtp"> |
| <remote-destination host="localhost" port="25"/> |
| </outbound-socket-binding> |
| </socket-binding-group> |
| </server> |