Anpassungen Wildfly 25 Standalone.xml
Allgemeines
Diese Übersichten zeigen die Änderungen in der standalone.xml in der Wildfly-Version 20.0.1 und 25.0.1 auf.
Ersetzen
| Version 20.0.1 | Version 25.01 |
|---|---|
| <server xmlns="urn:jboss:domain:13.0"> | <server xmlns="urn:jboss:domain:18.0"> |
| <subsystem xmlns="urn:jboss:domain:transactions:5.0"> | <subsystem xmlns="urn:jboss:domain:transactions:6.0"> |
| <subsystem xmlns="urn:jboss:domain:undertow:11.0"> | <subsystem xmlns="urn:jboss:domain:undertow:12.0"> |
| <subsystem xmlns="urn:jboss:domain:ejb3:7.0"> | <subsystem xmlns="urn:jboss:domain:ejb3:9.0"> |
| <periodic-rotating-file-handler name="FILE" autoflush="true"> | <periodic-size-rotating-file-handler name="FILE" autoflush="true"> |
| </periodic-rotating-file-handler> <periodic-rotating-file-handler name="FAIL2BAN" autoflush="true"> | </periodic-size-rotating-file-handler> <periodic-size-rotating-file-handler name="FAIL2BAN" autoflush="true"> |
| <remote connector-ref="http-remoting-connector" thread-pool-name="default"/> | <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default"/> |
| <subsystem xmlns="urn:jboss:domain:infinispan:10.0"> | <subsystem xmlns="urn:jboss:domain:infinispan:13.0"> |
| <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server"> | <cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server"> |
| <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan"> | <cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan"> |
| <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan"> | <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan"> |
| <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan"> | <cache-container name="hibernate" default-cache="local-query" modules="org.hibernate.infinispan"> |
| <object-memory size="10000"/> | <heap-memory size="10000"/> |
| <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/> | <http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/> |
| <http-listener name="default" socket-binding="http" max-post-size="157286400" max-parameters="2200" redirect-socket="https" proxy-address-forwarding="true"/> | <http-listener name="default" socket-binding="http" max-post-size="157286400" max-parameters="2200" redirect-socket="https" proxy-address-forwarding="true"/> |
Hinzufügen
| Version 25.0.1 |
|---|
| <subsystem xmlns="urn:jboss:domain:discovery:1.0"/> |
| <subsystem xmlns="urn:jboss:domain:ee-security:1.0"/> |
Innerhalb <subsystem xmlns="urn:jboss:domain:security-manager:1.0"> folgendes hinzufügen <application-security-domains> |
| <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/> <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/> <subsystem xmlns="urn:wildfly:microprofile-jwt-smallrye:1.0"/> <subsystem xmlns="urn:wildfly:microprofile-opentracing-smallrye:3.0" default-tracer="jaeger"> <jaeger-tracer name="jaeger"> <sampler-configuration sampler-type="const" sampler-param="1.0"/> </jaeger-tracer> </subsystem> |
Löschen
| Version 25.0.1 |
|---|
| <security-realms> <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local" skip-group-loading="true"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <local default-user="$local" allowed-users="*" skip-group-loading="true"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> </security-realms> |
Löschen und ersetzen
Die Security-realms wurden durch elytron ersetzt. Dafür muss folgendes gelöscht und hinzugefügt werden.
1. Im Knoten <management> folgenden Teil löschen:
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true"/>
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
2. und durch nachfolgendes ersetzen:
<management-interfaces>
<http-interface http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
<socket-binding http="management-http"/>
</http-interface>
3. Im Knoten <server> -> <extension> folgendes hinzufügen:
<extension module="org.wildfly.extension.elytron"/>
<extension module="org.wildfly.extension.elytron-oidc-client"/>
4. Im Knoten <extensions> folgende Module hinzufügen
<extension module="org.wildfly.extension.clustering.web"/>
<extension module="org.wildfly.extension.core-management"/>
<extension module="org.wildfly.extension.discovery"/>
<extension module="org.wildfly.extension.ee-security"/>
<extension module="org.wildfly.extension.elytron"/>
<extension module="org.wildfly.extension.elytron-oidc-client"/>
<extension module="org.wildfly.extension.health"/>
<extension module="org.wildfly.extension.metrics"/>
<extension module="org.wildfly.extension.microprofile.config-smallrye"/>
<extension module="org.wildfly.extension.microprofile.jwt-smallrye"/>
<extension module="org.wildfly.extension.microprofile.opentracing-smallrye"/>
5. elytron Subsystem hinzufügen:
<subsystem xmlns="urn:wildfly:elytron:14.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
<providers name="openssl"/>
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
<realm name="local"/>
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
<realm name="local" role-mapper="super-user-mapper"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous"/>
<permission-set name="default-permissions"/>
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission"/>
<permission-set name="default-permissions"/>
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper name="local" realm-name="local"/>
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser"/>
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
</permission-set>
<permission-set name="default-permissions">
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
</permission-set>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="application-http-authentication" security-domain="ApplicationDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron"/>
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
<tls>
<key-stores>
<key-store name="applicationKS">
<credential-reference clear-text="password"/>
<implementation type="JKS"/>
<file path="application.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
<credential-reference clear-text="password"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
</server-ssl-contexts>
</tls>
</subsystem>