WildFly Full 24 Model Reference

  1. home
  2. core-service=management
  3. security-realm
Deprecated Since 1.7.0
The security-realm configuration is deprecated and may be removed or moved in future versions.

A security realm that can be associated with a management interface and used to control access to the management services.

Children (4)

  • authentication Configuration of the server side authentication mechanisms. Optionally one truststore can be defined and one username/password based store can be defined. Authentication will first attempt to use the truststore and if this is not available will fall back to the username/password authentication. If none of these are specified the only available mechanism will be the local mechanism for the Native interface and the HTTP interface will not be accessible.
    • jaas Configuration to use a JAAS LoginContext to authenticate the users.
    • kerberos Configuration to use Kerberos to authenticate the users.
    • ldap Configuration to use LDAP as the user repository.
    • local Configuration of the local authentication mechanism.
    • plug-in Configuration of a user store plug-in for use by the realm.
    • properties Configuration to use a list users stored within a properties file as the user repository. The entries within the properties file are username={credentials} with each user being specified on it's own line.
    • truststore Configuration of a keystore to use to create a trust manager to verify clients.
    • users Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.
  • authorization Configuration server side for loading additional user information such as roles to be used for subsequent authorization checks.
    • ldap Configuration to use LDAP as the user repository.
    • plug-in Configuration of a user store plug-in for use by the realm.
    • properties Configuration to use properties file to load a users roles. The entries within the properties file are username={roles} where roles is a comma separated list of users roles.
  • plug-in An extension to the security realm allowing additional authentication / authorization modules to be loaded.
  • server-identity Configuration of the identities that represent the server.
    • kerberos Configuration for the Kerberos identity of a server or host controller.
    • secret Configuration of the secret/password-based identity of a server or host controller.
    • ssl Configuration of the SSL identity of a server or host controller.

Provided capabilities(1)

Name Dynamic Other provider points
org.wildfly.core.management.security.realm true

none

Attributes (1)

  • map-groups-to-roles After a users group membership has been loaded should a 1:1 relationship be assumed regarding group to role mapping.
    • Attribute Value
    Default Value true
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required resource-services

Operations (2)

  • add Adds a security realm that can be associated with a management interface and used to control access to the management services.
    Request Parameter Type Required Expressions Allowed Default value Description
    map-groups-to-roles BOOLEAN false true true After a users group membership has been loaded should a 1:1 relationship be assumed regarding group to role mapping.
  • remove Removes a security realm that can be associated with a management interface and used to control access to the management services.