Wiki-Quellcode von Anpassungen Wildfly 25 Standalone.xml
Zuletzt geändert von MACH ProForms GmbH am 28.11.2024
Verstecke letzte Bearbeiter
| author | version | line-number | content |
|---|---|---|---|
 |
6.1 | 1 | = Allgemeines = |
| 2 | |||
| 3 | Diese Übersichten zeigen die Änderungen in der standalone.xml in der Wildfly-Version 20.0.1 und 25.0.1 auf. | ||
| 4 | |||
| |
9.1 | 5 | (% class="box infomessage" %) |
| 6 | ((( | ||
| 7 | Unser Muster bzw. die Standard-Standalone.xml, welche während der Erstinstallation ausgeliefert wird, finden Sie [[hier >>url:https://cloud.machproforms.de/index.php/s/b7fKTQ4M5xobZAM]]zum Download. Diese ist an die neuen Gegebenheiten der Version 4.101 angepasst. | ||
| 8 | ))) | ||
| 9 | |||
| |
10.1 | 10 | (% class="box warningmessage" %) |
| 11 | ((( | ||
| |
11.1 | 12 | Beachten Sie bitte, dass die nachfolgenden Anpassungen nur Empfehlungen sind. Es kann durchaus sein, dass Ihre Standalone.xml die Einträge z.B. nicht bzw. andere/weitere Einträge enthält. Eine Orientierung für die möglichen Einträge finde Sie in der offiziellen [[Dokumentation>>https://docs.wildfly.org/25/wildscribe/index.html]]. |
| |
10.1 | 13 | ))) |
| 14 | |||
| |
4.1 | 15 | = Ersetzen = |
| |
3.1 | 16 | |
| |
1.1 | 17 | |=Version 20.0.1|=Version 25.01 |
| 18 | |<server xmlns="urn:jboss:domain:13.0">|<server xmlns="urn:jboss:domain:18.0"> | ||
| 19 | |<subsystem xmlns="urn:jboss:domain:transactions:5.0">|<subsystem xmlns="urn:jboss:domain:transactions:6.0"> | ||
| 20 | |<subsystem xmlns="urn:jboss:domain:undertow:11.0">|<subsystem xmlns="urn:jboss:domain:undertow:12.0"> | ||
| 21 | |<subsystem xmlns="urn:jboss:domain:ejb3:7.0">|<subsystem xmlns="urn:jboss:domain:ejb3:9.0"> | ||
| 22 | |<periodic-rotating-file-handler name="FILE" autoflush="true">|<periodic-size-rotating-file-handler name="FILE" autoflush="true"> | ||
| 23 | |</periodic-rotating-file-handler> | ||
| 24 | <periodic-rotating-file-handler name="FAIL2BAN" autoflush="true">|</periodic-size-rotating-file-handler> | ||
| 25 | <periodic-size-rotating-file-handler name="FAIL2BAN" autoflush="true"> | ||
| 26 | |<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>|<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default"/> | ||
| 27 | |<subsystem xmlns="urn:jboss:domain:infinispan:10.0">|<subsystem xmlns="urn:jboss:domain:infinispan:13.0"> | ||
| 28 | |<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">|<cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server"> | ||
| |
2.1 | 29 | |<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">|<cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan"> |
| 30 | |<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">|<cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan"> | ||
| 31 | |<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">|<cache-container name="hibernate" default-cache="local-query" modules="org.hibernate.infinispan"> | ||
| 32 | |<object-memory size="10000"/>|<heap-memory size="10000"/> | ||
| 33 | |<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>|<http-connector name="http-remoting-connector" connector-ref="default" sasl-authentication-factory="application-sasl-authentication"/> | ||
| |
7.1 | 34 | |<http-listener name="default" socket-binding="http" max-post-size="157286400" max-parameters="2200" redirect-socket="https" proxy-address-forwarding="true"/>|<http-listener name="default" socket-binding="http" max-post-size="157286400" max-parameters="2200" redirect-socket="https" proxy-address-forwarding="true"/> |
| |
1.1 | 35 | |
| |
4.1 | 36 | = Hinzufügen = |
| |
2.1 | 37 | |
| |
3.1 | 38 | |=Version 25.0.1 |
| 39 | |<subsystem xmlns="urn:jboss:domain:discovery:1.0"/> | ||
| 40 | |<subsystem xmlns="urn:jboss:domain:ee-security:1.0"/> | ||
| 41 | |((( | ||
| |
13.1 | 42 | Innerhalb <subsystem xmlns="urn:jboss:domain:undertow:12.0"> folgendes hinzufügen |
| |
3.1 | 43 | |
| 44 | <application-security-domains> | ||
| 45 | <application-security-domain name="other" security-domain="ApplicationDomain"/> | ||
| 46 | </application-security-domains> | ||
| 47 | ))) | ||
| 48 | |<subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/> | ||
| 49 | <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/> | ||
| 50 | <subsystem xmlns="urn:wildfly:microprofile-jwt-smallrye:1.0"/> | ||
| 51 | <subsystem xmlns="urn:wildfly:microprofile-opentracing-smallrye:3.0" default-tracer="jaeger"> | ||
| 52 | <jaeger-tracer name="jaeger"> | ||
| 53 | <sampler-configuration sampler-type="const" sampler-param="1.0"/> | ||
| 54 | </jaeger-tracer> | ||
| 55 | </subsystem> | ||
| 56 | |||
| |
8.1 | 57 | = Löschen = |
| 58 | |||
| 59 | |=Version 25.0.1 | ||
| 60 | |<security-realms> | ||
| 61 | <security-realms> <security-realm name="ManagementRealm"> | ||
| 62 | <authentication> | ||
| 63 | <local default-user="$local" skip-group-loading="true"/> | ||
| 64 | <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> | ||
| 65 | </authentication> | ||
| 66 | <authorization map-groups-to-roles="false"> | ||
| 67 | <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | ||
| 68 | </authorization> | ||
| 69 | </security-realm> | ||
| 70 | <security-realm name="ApplicationRealm"> | ||
| 71 | <authentication> | ||
| 72 | <local default-user="$local" allowed-users="*" skip-group-loading="true"/> | ||
| 73 | <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> | ||
| 74 | </authentication> | ||
| 75 | <authorization> | ||
| 76 | <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | ||
| 77 | </authorization> | ||
| 78 | </security-realm> | ||
| 79 | </security-realms> | ||
| 80 | |||
| |
3.1 | 81 | = Löschen und ersetzen = |
| 82 | |||
| 83 | Die Security-realms wurden durch elytron ersetzt. Dafür muss folgendes gelöscht und hinzugefügt werden. | ||
| 84 | |||
| 85 | ~1. Im Knoten <management> folgenden Teil löschen: | ||
| 86 | |||
| 87 | <management-interfaces> | ||
| 88 | <http-interface security-realm="ManagementRealm"> | ||
| 89 | <http-upgrade enabled="true"/> | ||
| 90 | <socket-binding http="management-http"/> | ||
| 91 | </http-interface> | ||
| 92 | </management-interfaces> | ||
| 93 | |||
| 94 | 2. und durch nachfolgendes ersetzen: | ||
| 95 | |||
| 96 | <management-interfaces> | ||
| 97 | <http-interface http-authentication-factory="management-http-authentication"> | ||
| 98 | <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> | ||
| 99 | <socket-binding http="management-http"/> | ||
| 100 | </http-interface> | ||
| 101 | |||
| |
12.1 | 102 | 3. Im Knoten <server> -> <extension> folgendes hinzufügen: |
| |
3.1 | 103 | |
| 104 | <extension module="org.wildfly.extension.elytron"/> | ||
| 105 | <extension module="org.wildfly.extension.elytron-oidc-client"/> | ||
| 106 | |||
| |
12.1 | 107 | 4. Im Knoten <extensions> folgende Module hinzufügen |
| |
3.1 | 108 | |
| 109 | <extension module="org.wildfly.extension.clustering.web"/> | ||
| 110 | <extension module="org.wildfly.extension.core-management"/> | ||
| 111 | <extension module="org.wildfly.extension.discovery"/> | ||
| 112 | <extension module="org.wildfly.extension.ee-security"/> | ||
| 113 | <extension module="org.wildfly.extension.elytron"/> | ||
| 114 | <extension module="org.wildfly.extension.elytron-oidc-client"/> | ||
| 115 | <extension module="org.wildfly.extension.health"/> | ||
| 116 | <extension module="org.wildfly.extension.metrics"/> | ||
| 117 | <extension module="org.wildfly.extension.microprofile.config-smallrye"/> | ||
| 118 | <extension module="org.wildfly.extension.microprofile.jwt-smallrye"/> | ||
| 119 | <extension module="org.wildfly.extension.microprofile.opentracing-smallrye"/> | ||
| 120 | |||
| |
12.1 | 121 | 5. elytron Subsystem hinzufügen: |
| |
3.1 | 122 | |
| 123 | <subsystem xmlns="urn:wildfly:elytron:14.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> | ||
| 124 | <providers> | ||
| 125 | <aggregate-providers name="combined-providers"> | ||
| 126 | <providers name="elytron"/> | ||
| 127 | <providers name="openssl"/> | ||
| 128 | </aggregate-providers> | ||
| 129 | <provider-loader name="elytron" module="org.wildfly.security.elytron"/> | ||
| 130 | <provider-loader name="openssl" module="org.wildfly.openssl"/> | ||
| 131 | </providers> | ||
| 132 | <audit-logging> | ||
| 133 | <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/> | ||
| 134 | </audit-logging> | ||
| 135 | <security-domains> | ||
| 136 | <security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper"> | ||
| 137 | <realm name="ApplicationRealm" role-decoder="groups-to-roles"/> | ||
| 138 | <realm name="local"/> | ||
| 139 | </security-domain> | ||
| 140 | <security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper"> | ||
| 141 | <realm name="ManagementRealm" role-decoder="groups-to-roles"/> | ||
| 142 | <realm name="local" role-mapper="super-user-mapper"/> | ||
| 143 | </security-domain> | ||
| 144 | </security-domains> | ||
| 145 | <security-realms> | ||
| 146 | <identity-realm name="local" identity="$local"/> | ||
| 147 | <properties-realm name="ApplicationRealm"> | ||
| 148 | <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> | ||
| 149 | <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> | ||
| 150 | </properties-realm> | ||
| 151 | <properties-realm name="ManagementRealm"> | ||
| 152 | <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/> | ||
| 153 | <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> | ||
| 154 | </properties-realm> | ||
| 155 | </security-realms> | ||
| 156 | <mappers> | ||
| 157 | <simple-permission-mapper name="default-permission-mapper" mapping-mode="first"> | ||
| 158 | <permission-mapping> | ||
| 159 | <principal name="anonymous"/> | ||
| 160 | <permission-set name="default-permissions"/> | ||
| 161 | </permission-mapping> | ||
| 162 | <permission-mapping match-all="true"> | ||
| 163 | <permission-set name="login-permission"/> | ||
| 164 | <permission-set name="default-permissions"/> | ||
| 165 | </permission-mapping> | ||
| 166 | </simple-permission-mapper> | ||
| 167 | <constant-realm-mapper name="local" realm-name="local"/> | ||
| 168 | <simple-role-decoder name="groups-to-roles" attribute="groups"/> | ||
| 169 | <constant-role-mapper name="super-user-mapper"> | ||
| 170 | <role name="SuperUser"/> | ||
| 171 | </constant-role-mapper> | ||
| 172 | </mappers> | ||
| 173 | <permission-sets> | ||
| 174 | <permission-set name="login-permission"> | ||
| 175 | <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | ||
| 176 | </permission-set> | ||
| 177 | <permission-set name="default-permissions"> | ||
| 178 | <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | ||
| 179 | <permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/> | ||
| 180 | <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/> | ||
| 181 | </permission-set> | ||
| 182 | </permission-sets> | ||
| 183 | <http> | ||
| 184 | <http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global"> | ||
| 185 | <mechanism-configuration> | ||
| 186 | <mechanism mechanism-name="DIGEST"> | ||
| 187 | <mechanism-realm realm-name="ManagementRealm"/> | ||
| 188 | </mechanism> | ||
| 189 | </mechanism-configuration> | ||
| 190 | </http-authentication-factory> | ||
| 191 | <http-authentication-factory name="application-http-authentication" security-domain="ApplicationDomain" http-server-mechanism-factory="global"> | ||
| 192 | <mechanism-configuration> | ||
| 193 | <mechanism mechanism-name="BASIC"> | ||
| 194 | <mechanism-realm realm-name="ApplicationRealm"/> | ||
| 195 | </mechanism> | ||
| 196 | </mechanism-configuration> | ||
| 197 | </http-authentication-factory> | ||
| 198 | <provider-http-server-mechanism-factory name="global"/> | ||
| 199 | </http> | ||
| 200 | <sasl> | ||
| 201 | <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain"> | ||
| 202 | <mechanism-configuration> | ||
| 203 | <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | ||
| 204 | <mechanism mechanism-name="DIGEST-MD5"> | ||
| 205 | <mechanism-realm realm-name="ApplicationRealm"/> | ||
| 206 | </mechanism> | ||
| 207 | </mechanism-configuration> | ||
| 208 | </sasl-authentication-factory> | ||
| 209 | <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain"> | ||
| 210 | <mechanism-configuration> | ||
| 211 | <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/> | ||
| 212 | <mechanism mechanism-name="DIGEST-MD5"> | ||
| 213 | <mechanism-realm realm-name="ManagementRealm"/> | ||
| 214 | </mechanism> | ||
| 215 | </mechanism-configuration> | ||
| 216 | </sasl-authentication-factory> | ||
| 217 | <configurable-sasl-server-factory name="configured" sasl-server-factory="elytron"> | ||
| 218 | <properties> | ||
| 219 | <property name="wildfly.sasl.local-user.default-user" value="$local"/> | ||
| 220 | </properties> | ||
| 221 | </configurable-sasl-server-factory> | ||
| 222 | <mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global"> | ||
| 223 | <filters> | ||
| 224 | <filter provider-name="WildFlyElytron"/> | ||
| 225 | </filters> | ||
| 226 | </mechanism-provider-filtering-sasl-server-factory> | ||
| 227 | <provider-sasl-server-factory name="global"/> | ||
| 228 | </sasl> | ||
| 229 | <tls> | ||
| 230 | <key-stores> | ||
| 231 | <key-store name="applicationKS"> | ||
| 232 | <credential-reference clear-text="password"/> | ||
| 233 | <implementation type="JKS"/> | ||
| 234 | <file path="application.keystore" relative-to="jboss.server.config.dir"/> | ||
| 235 | </key-store> | ||
| 236 | </key-stores> | ||
| 237 | <key-managers> | ||
| 238 | <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost"> | ||
| 239 | <credential-reference clear-text="password"/> | ||
| 240 | </key-manager> | ||
| 241 | </key-managers> | ||
| 242 | <server-ssl-contexts> | ||
| 243 | <server-ssl-context name="applicationSSC" key-manager="applicationKM"/> | ||
| 244 | </server-ssl-contexts> | ||
| 245 | </tls> | ||
| 246 | </subsystem> |