Management API Reference for sasl-policy=policy

The policy configuration.

Attributes (6)

forward-secrecy - The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.

Type	BOOLEAN
Default Value	true
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "The optional nested \"forward-secrecy\" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }

no-active - The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.

Type	BOOLEAN
Default Value	true
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "The optional nested \"no-active\" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. \"false\" to permit, \"true\" to deny.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }

no-anonymous - The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.

Type	BOOLEAN
Default Value	true
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "The optional nested \"no-anonymous\" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. \"false\" to permit, \"true\" to deny.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }`

no-dictionary - The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.

Type	BOOLEAN
Default Value	true
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "The optional nested \"no-dictionary\" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. \"false\" to permit, \"true\" to deny.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }

no-plain-text - The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.

Type	BOOLEAN
Default Value	true
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "The optional nested \"no-plain-text\" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., \"PLAIN\") are not permitted. \"false\" to permit, \"true\" to deny.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }

pass-credentials - The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.

Type	BOOLEAN
Default Value	true
Is the attribute nillable?	true
Does the attribute allow expression?	true
Where is the attribute stored?	configuration
Access Type	read-write
Is restarted required?	no-services
Stability Level	default
Raw DMR model	`{ "type" : { "TYPE_MODEL_VALUE" : "BOOLEAN" }, "description" : "The optional nested \"pass-credentials\" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.", "expressions-allowed" : true, "required" : false, "nillable" : true, "default" : true, "stability" : "default", "access-type" : "read-write", "storage" : "configuration", "restart-required" : "no-services", "capability-reference" : null }`

Operations (2)

add - Adds the SASL policy.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
forward-secrecy	BOOLEAN	false	true	true	The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
no-active	BOOLEAN	false	true	true	The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
no-anonymous	BOOLEAN	false	true	true	The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
no-dictionary	BOOLEAN	false	true	true	The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
no-plain-text	BOOLEAN	false	true	true	The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
pass-credentials	BOOLEAN	false	true	true	The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.

Raw DMR model


{
    "operation-name" : "add",
    "description" : "Adds the SASL policy.",
    "request-properties" : {
        "forward-secrecy" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "The optional nested \"forward-secrecy\" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : true,
            "stability" : "default"
        },
        "no-active" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "The optional nested \"no-active\" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. \"false\" to permit, \"true\" to deny.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : true,
            "stability" : "default"
        },
        "no-anonymous" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "The optional nested \"no-anonymous\" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted.  \"false\" to permit, \"true\" to deny.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : true,
            "stability" : "default"
        },
        "no-dictionary" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "The optional nested \"no-dictionary\" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted.  \"false\" to permit, \"true\" to deny.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : true,
            "stability" : "default"
        },
        "no-plain-text" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "The optional nested \"no-plain-text\" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., \"PLAIN\") are not permitted.    \"false\" to permit, \"true\" to deny.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : true,
            "stability" : "default"
        },
        "pass-credentials" : {
            "type" : {
                "TYPE_MODEL_VALUE" : "BOOLEAN"
            },
            "description" : "The optional nested \"pass-credentials\" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.",
            "expressions-allowed" : true,
            "required" : false,
            "nillable" : true,
            "default" : true,
            "stability" : "default"
        }
    },
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "runtime-only" : false
}

remove - Removes the SASL policy.

Raw DMR model


{
    "operation-name" : "remove",
    "description" : "Removes the SASL policy.",
    "request-properties" : {},
    "reply-properties" : {},
    "stability" : "default",
    "read-only" : false,
    "restart-required" : "all-services",
    "runtime-only" : false
}

Galleon Features

Galleon features are to be used when creating Galleon feature-packs.

subsystem.remoting.connector.security.sasl.sasl-policy.policy

        
<feature spec="subsystem.remoting.connector.security.sasl.sasl-policy.policy">
  <param name="connector" value="{resource name}"/>
  <param name="forward-secrecy" value="{value}"/>
  <param name="no-active" value="{value}"/>
  <param name="no-anonymous" value="{value}"/>
  <param name="no-dictionary" value="{value}"/>
  <param name="no-plain-text" value="{value}"/>
  <param name="pass-credentials" value="{value}"/>
<feature/>