| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466 |
- <?xml version="1.0" ?>
- <server xmlns="urn:jboss:domain:4.0">
- <extensions>
- <extension module="org.jboss.as.clustering.infinispan"/>
- <extension module="org.jboss.as.connector"/>
- <extension module="org.jboss.as.deployment-scanner"/>
- <extension module="org.jboss.as.ee"/>
- <extension module="org.jboss.as.ejb3"/>
- <extension module="org.jboss.as.jaxrs"/>
- <extension module="org.jboss.as.jdr"/>
- <extension module="org.jboss.as.jmx"/>
- <extension module="org.jboss.as.jpa"/>
- <extension module="org.jboss.as.jsf"/>
- <extension module="org.jboss.as.logging"/>
- <extension module="org.jboss.as.mail"/>
- <extension module="org.jboss.as.naming"/>
- <extension module="org.jboss.as.remoting"/>
- <extension module="org.jboss.as.security"/>
- <extension module="org.jboss.as.transactions"/>
- <extension module="org.keycloak.keycloak-server-subsystem"/>
- <extension module="org.wildfly.extension.bean-validation"/>
- <extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.request-controller"/>
- <extension module="org.wildfly.extension.security.manager"/>
- <extension module="org.wildfly.extension.undertow"/>
- </extensions>
- <management>
- <security-realms>
- <security-realm name="ManagementRealm">
- <authentication>
- <local default-user="$local" skip-group-loading="true"/>
- <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
- </authentication>
- <authorization map-groups-to-roles="false">
- <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
- </authorization>
- </security-realm>
- <security-realm name="ApplicationRealm">
- <authentication>
- <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
- <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
- </authentication>
- <authorization>
- <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
- </authorization>
- </security-realm>
- </security-realms>
- <audit-log>
- <formatters>
- <json-formatter name="json-formatter"/>
- </formatters>
- <handlers>
- <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
- </handlers>
- <logger log-boot="true" log-read-only="false" enabled="false">
- <handlers>
- <handler name="file"/>
- </handlers>
- </logger>
- </audit-log>
- <management-interfaces>
- <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
- <socket-binding http="management-http"/>
- </http-interface>
- </management-interfaces>
- <access-control provider="simple">
- <role-mapping>
- <role name="SuperUser">
- <include>
- <user name="$local"/>
- </include>
- </role>
- </role-mapping>
- </access-control>
- </management>
- <profile>
- <subsystem xmlns="urn:jboss:domain:logging:3.0">
- <console-handler name="CONSOLE">
- <level name="INFO"/>
- <formatter>
- <named-formatter name="COLOR-PATTERN"/>
- </formatter>
- </console-handler>
- <periodic-rotating-file-handler name="FILE" autoflush="true">
- <formatter>
- <named-formatter name="PATTERN"/>
- </formatter>
- <file relative-to="jboss.server.log.dir" path="server.log"/>
- <suffix value=".yyyy-MM-dd"/>
- <append value="true"/>
- </periodic-rotating-file-handler>
- <logger category="com.arjuna">
- <level name="WARN"/>
- </logger>
- <logger category="org.jboss.as.config">
- <level name="DEBUG"/>
- </logger>
- <logger category="sun.rmi">
- <level name="WARN"/>
- </logger>
- <root-logger>
- <level name="INFO"/>
- <handlers>
- <handler name="CONSOLE"/>
- <handler name="FILE"/>
- </handlers>
- </root-logger>
- <formatter name="PATTERN">
- <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
- </formatter>
- <formatter name="COLOR-PATTERN">
- <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
- </formatter>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
- <subsystem xmlns="urn:jboss:domain:datasources:4.0">
- <datasources>
- <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
- <connection-url>jdbc:postgresql://{{keycloak_pg_host}}:{{keycloak_pg_port}}/{{keycloak_pg_db}}</connection-url>
- <driver>postgresql</driver>
- <security>
- <user-name>{{postgres_user}}</user-name>
- <password>{{postgres_password}}</password>
- </security>
- <validation>
- <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>
- <background-validation>true</background-validation>
- <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>
- </validation>
- <pool>
- <flush-strategy>IdleConnections</flush-strategy>
- </pool>
- </datasource>
- <drivers>
- <driver name="postgresql" module="org.postgresql.jdbc">
- <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
- </driver>
- </drivers>
- </datasources>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
- <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:4.0">
- <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
- <concurrent>
- <context-services>
- <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
- </context-services>
- <managed-thread-factories>
- <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
- </managed-thread-factories>
- <managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
- </managed-executor-services>
- <managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
- </managed-scheduled-executor-services>
- </concurrent>
- <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/KeycloakDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:4.0">
- <session-bean>
- <stateless>
- <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
- </stateless>
- <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
- <singleton default-access-timeout="5000"/>
- </session-bean>
- <pools>
- <bean-instance-pools>
- <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
- <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
- <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
- </bean-instance-pools>
- </pools>
- <caches>
- <cache name="simple"/>
- <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
- </caches>
- <passivation-stores>
- <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
- </passivation-stores>
- <async thread-pool-name="default"/>
- <timer-service thread-pool-name="default" default-data-store="default-file-store">
- <data-stores>
- <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
- </data-stores>
- </timer-service>
- <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
- <thread-pools>
- <thread-pool name="default">
- <max-threads count="10"/>
- <keepalive-time time="100" unit="milliseconds"/>
- </thread-pool>
- </thread-pools>
- <default-security-domain value="other"/>
- <default-missing-method-permissions-deny-access value="true"/>
- <log-system-exceptions value="true"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:io:1.1">
- <worker name="default"/>
- <buffer-pool name="default"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:infinispan:4.0">
- <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
- <local-cache name="realms">
- <eviction max-entries="10000" strategy="LRU"/>
- </local-cache>
- <local-cache name="users">
- <eviction max-entries="10000" strategy="LRU"/>
- </local-cache>
- <local-cache name="sessions"/>
- <local-cache name="offlineSessions"/>
- <local-cache name="loginFailures"/>
- <local-cache name="work"/>
- <local-cache name="authorization">
- <eviction max-entries="100" strategy="LRU"/>
- </local-cache>
- <local-cache name="keys">
- <eviction max-entries="1000" strategy="LRU"/>
- <expiration max-idle="3600000"/>
- </local-cache>
- </cache-container>
- <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
- <local-cache name="default">
- <transaction mode="BATCH"/>
- </local-cache>
- </cache-container>
- <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- <local-cache name="persistent">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="false" purge="false"/>
- </local-cache>
- </cache-container>
- <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- <local-cache name="persistent">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="false" purge="false"/>
- </local-cache>
- </cache-container>
- <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
- <local-cache name="entity">
- <transaction mode="NON_XA"/>
- <eviction strategy="LRU" max-entries="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="local-query">
- <eviction strategy="LRU" max-entries="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="timestamps"/>
- </cache-container>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
- <subsystem xmlns="urn:jboss:domain:jca:4.0">
- <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
- <bean-validation enabled="true"/>
- <default-workmanager>
- <short-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </short-running-threads>
- <long-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </long-running-threads>
- </default-workmanager>
- <cached-connection-manager/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
- <subsystem xmlns="urn:jboss:domain:jmx:1.3">
- <expose-resolved-model/>
- <expose-expression-model/>
- <remoting-connector/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
- <subsystem xmlns="urn:jboss:domain:mail:2.0">
- <mail-session name="default" jndi-name="java:jboss/mail/Default">
- <smtp-server outbound-socket-binding-ref="mail-smtp"/>
- </mail-session>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:naming:2.0">
- <remote-naming/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:remoting:3.0">
- <endpoint/>
- <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
- <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
- <deployment-permissions>
- <maximum-set>
- <permission class="java.security.AllPermission"/>
- </maximum-set>
- </deployment-permissions>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:security:1.2">
- <security-domains>
- <security-domain name="other" cache-type="default">
- <authentication>
- <login-module code="Remoting" flag="optional">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- <login-module code="RealmDirect" flag="required">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- </authentication>
- </security-domain>
- <security-domain name="jboss-web-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- <security-domain name="jboss-ejb-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- <security-domain name="jaspitest" cache-type="default">
- <authentication-jaspi>
- <login-module-stack name="dummy">
- <login-module code="Dummy" flag="optional"/>
- </login-module-stack>
- <auth-module code="Dummy"/>
- </authentication-jaspi>
- </security-domain>
- </security-domains>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:3.0">
- <core-environment>
- <process-id>
- <uuid/>
- </process-id>
- </core-environment>
- <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:undertow:3.0">
- <buffer-cache name="default"/>
- <server name="default-server">
- <http-listener name="default" socket-binding="http" redirect-socket="https"/>
- <host name="default-host" alias="localhost">
- <location name="/" handler="welcome-content"/>
- <filter-ref name="server-header"/>
- <filter-ref name="x-powered-by-header"/>
- </host>
- </server>
- <servlet-container name="default">
- <jsp-config/>
- <websockets/>
- </servlet-container>
- <handlers>
- <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
- </handlers>
- <filters>
- <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
- <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
- </filters>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
- <web-context>auth</web-context>
- <providers>
- <provider>classpath:${jboss.home.dir}/providers/*</provider>
- </providers>
- <master-realm-name>master</master-realm-name>
- <scheduled-task-interval>900</scheduled-task-interval>
- <theme>
- <staticMaxAge>2592000</staticMaxAge>
- <cacheThemes>true</cacheThemes>
- <cacheTemplates>true</cacheTemplates>
- <dir>${jboss.home.dir}/themes</dir>
- </theme>
- <spi name="eventsStore">
- <provider name="jpa" enabled="true">
- <properties>
- <property name="exclude-events" value="["REFRESH_TOKEN"]"/>
- </properties>
- </provider>
- </spi>
- <spi name="userCache">
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="userSessionPersister">
- <default-provider>jpa</default-provider>
- </spi>
- <spi name="timer">
- <default-provider>basic</default-provider>
- </spi>
- <spi name="connectionsHttpClient">
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="connectionsJpa">
- <provider name="default" enabled="true">
- <properties>
- <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
- <property name="initializeEmpty" value="true"/>
- <property name="migrationStrategy" value="update"/>
- <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
- </properties>
- </provider>
- </spi>
- <spi name="realmCache">
- <provider name="default" enabled="true"/>
- </spi>
- <spi name="connectionsInfinispan">
- <default-provider>default</default-provider>
- <provider name="default" enabled="true">
- <properties>
- <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
- </properties>
- </provider>
- </spi>
- <spi name="jta-lookup">
- <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
- <provider name="jboss" enabled="true"/>
- </spi>
- <spi name="publicKeyStorage">
- <provider name="infinispan" enabled="true">
- <properties>
- <property name="minTimeBetweenRequests" value="10"/>
- </properties>
- </provider>
- </spi>
- </subsystem>
- </profile>
- <interfaces>
- <interface name="management">
- <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
- </interface>
- <interface name="public">
- <inet-address value="${jboss.bind.address:127.0.0.1}"/>
- </interface>
- </interfaces>
- <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
- <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
- <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
- <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
- <socket-binding name="http" port="${jboss.http.port:8080}"/>
- <socket-binding name="https" port="${jboss.https.port:8443}"/>
- <socket-binding name="txn-recovery-environment" port="4712"/>
- <socket-binding name="txn-status-manager" port="4713"/>
- <outbound-socket-binding name="mail-smtp">
- <remote-destination host="localhost" port="25"/>
- </outbound-socket-binding>
- </socket-binding-group>
- </server>
|
