Chapter 19. Configuring Clients

19.1. Client Configuration Using the wildfly-config.xml File

Prior to release 7.1, JBoss EAP client libraries, such as EJB and naming, used different configuration strategies. JBoss EAP 7.1 introduced the wildfly-config.xml file with the purpose of unifying all client configurations into one single configuration file, in a similar manner to the way the server configuration is handled.

The following table describes the clients and types of configuration that can be done using the wildfly-config.xml file in JBoss EAP and a link to the reference schema link for each.

Client ConfigurationSchema Location / Configuration Information

Authentication client

The schema reference is provided in the product installation at EAP_HOME/docs/schema/elytron-client-1_2.xsd.

The schema is also published at http://www.jboss.org/schema/jbossas/elytron-client-1_2.xsd.

See Client Authentication Configuration Using the wildfly-config.xml File for more information and for an example configuration.

Additional information can be found in Configure Client Authentication with Elytron Client in How to Configure Identity Management for JBoss EAP.

EJB client

The schema reference is provided in the product installation at EAP_HOME/docs/schema/wildfly-client-ejb_3_0.xsd.

The schema is also published at http://www.jboss.org/schema/jbossas/wildfly-client-ejb_3_0.xsd.

See EJB Client Configuration Using the wildfly-config.xml File for more information and for an example configuration.

Another simple example is located in the Migrate an EJB Client to Elytron section of the Migration Guide for JBoss EAP.

HTTP client

The schema reference is provided in the product installation at EAP_HOME/docs/schema/wildfly-http-client_1_0.xsd.

The schema is also published at http://www.jboss.org/schema/jbossas/wildfly-http-client_1_0.xsd.

Note

This feature is provided as a Technology Preview only.

See HTTP Client Configuration Using the wildfly-config.xml File for more information and for an example configuration.

Remoting client

The schema reference is provided in the product installation at EAP_HOME/docs/schema/jboss-remoting_5_0.xsd.

The schema is also published at http://www.jboss.org/schema/jbossas/jboss-remoting_5_0.xsd.

See Remoting Client Configuration Using the wildfly-config.xml File for more information and for an example configuration.

XNIO worker client

The schema reference is provided in the product installation at EAP_HOME/docs/schema/xnio_3_5.xsd.

The schema is also published at http://www.jboss.org/schema/jbossas/xnio_3_5.xsd.

See Default XNIO Worker Configuration Using the wildfly-config.xml File for more information and for an example configuration.

19.1.1. Client Authentication Configuration Using the wildfly-config.xml File

You can use the authentication-client element, which is in the urn:elytron:client:1.2 namespace, to configure client authentication information using the wildfly-config.xml file. This section describes how to configure client authentication using this element.

authentication-client Elements and Attributes

The authentication-client element can optionally contain the following top level child elements, along with their child elements:

credential-stores

This optional element defines credential stores that are referenced from elsewhere in the configuration as an alternative to embedding credentials within the configuration.

It can contain any number of credential-store elements.

Example: credential-stores Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    <credential-stores>
      <credential-store name="..." type="..." provider="..." >
        <attributes>
          <attribute name="..." value="..." />
        </attributes>
        <protection-parameter-credentials>...</protection-parameter-credentials>
      </credential-store>
    </credential-stores>
  </authentication-client>
</configuration>

credential-store

This element defines a credential store that is referenced from elsewhere in the configuration.

It has the following attributes.

Attribute NameAttribute Description

name

The name of the credential store. This attribute is required.

type

The type of credential store. This attribute is optional.

provider

The name of the java.security.Provider to use to load the credential store. This attribute is optional.

It can contain one and only one of each of the following child elements.

attributes

This element defines the configuration attributes used to initialize the credential store and can be repeated as many times as is required for the configuration.

Example: attributes Configuration

<attributes>
  <attribute name="..." value="..." />
</attributes>

protection-parameter-credentials

This element contains one or more credentials to be assembled into a protection parameter to be used when initializing the credential store.

It can contain one or more of the following child elements, which are dependent on the credential store implementation:

Example: protection-parameter-credentials Configuration

<protection-parameter-credentials>
  <key-store-reference>...</key-store-reference>
  <credential-store-reference store="..." alias="..." clear-text="..." />
  <clear-password password="..." />
  <key-pair public-key-pem="..." private-key-pem="..." />
  <certificate private-key-pem="..." pem="..." />
  <public-key-pem>...</public-key-pem>
  <bearer-token value="..." />
  <oauth2-bearer-token token-endpoint-uri="...">...</oauth2-bearer-token>
</protection-parameter-credentials>

key-store-reference

This element, which is not currently used by any authentication mechanisms in JBoss EAP, defines a reference to a keystore.

It has the following attributes.

Attribute NameAttribute Description

key-store-name

The keystore name. This attribute is required.

alias

The alias of the entry to load from the referenced keystore. This can be omitted only for keystores that contain just a single entry.

It can contain one and only one of the following child elements.

Example: key-store-reference Configuration

<key-store-reference key-store-name="..." alias="...">
  <key-store-clear-password password="..." />
  <key-store-credential>...</key-store-credential>
</key-store-reference>

credential-store-reference

This element defines a reference to a credential store.

It has the following attributes.

Attribute NameAttribute Description

store

The credential store name.

alias

The alias of the entry to load from the referenced credential store. This can be omitted only for keystores that contain just a single entry.

clear-text

The clear text password.

clear-password
This element defines a clear text password.
key-pair

This element, which is not currently used by any authentication mechanisms in JBoss EAP, defines a public and private key pair.

It can contain the following child elements.

public-key-pem
This element, which is not currently used by any authentication mechanisms in JBoss EAP, defines the PEM-encoded public key.
private-key-pem
This element defines the PEM-encoded private key.
certificate

This element, which is not currently used by any authentication mechanisms in JBoss EAP, specifies a certificate.

It has the following attributes.

Attribute NameAttribute Description

private-key-pem

A PEM-encoded private key.

pem

The corresponding certificate.

bearer-token
This element defines a bearer token.
oauth2-bearer-token

This element defines an OAuth 2 bearer token.

It has the following attribute.

Attribute NameAttribute Description

token-endpoint-uri

The URI of the token endpoint.

It can contain one and only one of each of the following child elements.

client-credentials

This element defines the client credentials.

It has the following attributes.

Attribute NameAttribute Description

client-id

The client ID. This attribute is required.

client-secret

The client secret. This attribute is required.

resource-owner-credentials

This element defines the resource owner credentials.

It has the following attributes.

Attribute NameAttribute Description

name

The resource name. This attribute is required.

pasword

The password. This attribute is required.

key-stores

This optional element defines keystores that are referenced from elsewhere in the configuration.

Example: key-stores Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    <key-stores>
      <key-store name="...">
        <!-- The following 3 elements specify where to load the keystore from. -->
        <file name="..." />
        <load-from uri="..." />
        <resource name="..." />
        <!-- One of the following to specify the protection parameter to unlock the keystore. -->
        <key-store-clear-password password="..." />
        <key-store-credential>...</key-store-credential>
      </key-store>
    </key-stores>
   ...
  </authentication-client>
</configuration>

key-store

This optional element defines a keystore that is referenced from elsewhere in the configuration.

The key-store has the following attributes.

Attribute NameAttribute Description

name

The name of the keystore. This attribute is required.

type

The keystore type, for example, JCEKS. This attribute is required.

provider

The name of the java.security.Provider to use to load the credential store. This attribute is optional.

wrap-passwords

If true, passwords will wrap. The passwords are stored by taking the clear password contents, encoding them in UTF-8, and storing the resultant bytes as a secret key. Defaults to false.

It must contain exactly one of the following elements, which define where to load the keystore from.

It must also contain one of the following elements, which specifies the protection parameter to use when initializing the keystore.

file

This element specifies the name of the keystore file.

It has the following attribute.

Attribute NameAttribute Description

name

The fully qualified file path and name of the file.

load-from

This element specifies the URI of the keystore file.

It has the following attribute.

Attribute NameAttribute Description

uri

The URI for the keystore file.

resource

This element specifies the name of the resource to load from the Thread context class loader.

It has the following attribute.

Attribute NameAttribute Description

name

The name of the resource.

key-store-clear-password

This element specifies the clear text password.

It has the following attribute.

Attribute NameAttribute Description

password

The clear text password.

key-store-credential

This element specifies a reference to another keystore that obtains an entry to use as the protection parameter to access this keystore.

The key-store-credential element has the following attributes.

Attribute NameAttribute Description

key-store-name

The keystore name. This attribute is required.

alias

The alias of the entry to load from the referenced keystore. This can be omitted only for keystores that contain just a single entry.

It can contain one and only one of the following child elements.

Example: key-store-credential Configuration

<key-store-credential key-store-name="..." alias="...">
  <key-store-clear-password password="..." />
  <key-store-credential>...</key-store-credential>
</key-store-credential>

authentication-rules

This element defines the rules to match against the outbound connection to apply the appropriate authentication configuration. When an authentication-configuration is required, the URI of the accessed resources as well as an optional abstract type and abstract type authority are matched against the rules defined in the configuration to identify which authentication-configuration should be used.

This element can contain one or more child rule elements.

Example: authentication-rules Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    ...
    <authentication-rules>
      <rule use-configuration="...">
        ...
      </rule>
     </authentication-rules>
     ...
  </authentication-client>
</configuration>

rule

This element defines the rules to match against the outbound connection to apply the appropriate authentication configuration.

It has the following attribute.

Attribute NameAttribute Description

use-configuration

The authentication configuration that is chosen when rules match.

Authentication configuration rule matching is independent of SSL context rule matching. The authentication rule structure is identical to the SSL context rule structure, except that it references an authentication configuration, while the SSL context rule references an SSL context.

It can contain the following child elements.

Example: rule Configuration for Authentication

<rule use-configuration="...">
    <!-- At most one of the following two can be defined. -->
    <match-no-user />
    <match-user name="..." />
    <!-- Each of the following can be defined at most once. -->
    <match-protocol name="..." />
    <match-host name="..." />
    <match-path name="..." />
    <match-port number="..." />
    <match-urn name="..." />
    <match-domain name="..." />
    <match-abstract-type name="..." authority="..." />
</rule>

match-no-user
This rule matches when there is no user-info embedded within the URI.
match-user
This rule matches when the user-info embedded in the URI matches the name attribute specified in this element.
match-protocol
This rule matches when the protocol within the URI matches the protocol name attribute specified in this element.
match-host
This rule matches when the host name specified within the URI matches the host name attribute specified in this element.
match-path
This rule matches when the path specified within the URI matches the path name attribute specified in this element.
match-port
This rule matches when the port number specified within the URI matches the port number attribute specified in this element. This only matches against the number specified within the URI and not against any default port number derived from the protocol.
match-urn
This rule matches when the scheme specific part of the URI matches the name attribute specified in this element.
match-domain-name
This rule matches when the protocol of the URI is domain and the scheme specific part of the URI matches the name attribute specified in this element.
match-abstract-type
This rule matches when the abstract type matches the name attribute and the authority matches the authority attribute specified in this element.
authentication-configurations

This element defines named authentication configurations that are to be chosen by the authentication rules.

It can contain one or more configuration elements.

Example: authentication-configurations Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    <authentication-configurations>
      <configuration name="...">
        <!-- Destination Overrides. -->
        <set-host name="..." />
        <set-port number="..." />
        <set-protocol name="..." />
        <!-- At most one of the following two elements. -->
        <set-user-name name="..." />
        <set-anonymous />
        <set-mechanism-realm name="..." />
        <rewrite-user-name-regex pattern="..." replacement="..." />
        <sasl-mechanism-selector selector="..." />
        <set-mechanism-properties>
          <property key="..." value="..." />
        </set-mechanism-properties>
        <credentials>...</credentials>
        <set-authorization-name name="..." />
        <providers>...</providers>
        <!-- At most one of the following two elements. -->
        <use-provider-sasl-factory />
        <use-service-loader-sasl-factory module-name="..." />
      </configuration>
    </authentication-configurations>
  </authentication-client>
</configuration>

configuration

This element defines named authentication configurations that are to be chosen by the authentication rules.

It can contain the following child elements.

set-host-name

This element overrides the host name for the authenticated call.

It has the following attribute.

Attribute NameAttribute Description

name

The host name.

set-port-number

This element overrides the port number for the authenticated call.

It has the following attribute.

Attribute NameAttribute Description

number

The port number.

set-protocol

This element overrides the protocol for the authenticated call.

It has the following attribute.

Attribute NameAttribute Description

name

The protocol.

set-user-name

This element sets the user name to use for the authentication. It should not be used with the set-anonymous element.

It has the following attribute.

Attribute NameAttribute Description

name

The user name to use for authentication.

set-anonymous
The element is used to switch to anonymous authentication. It should not be used with the set-user-name element.
set-mechanism-realm-name

This element specifies the name of the realm that will be selected by the SASL mechanism if required.

It has the following attribute.

Attribute NameAttribute Description

name

The name of the realm.

rewrite-user-name-regex

This element defines a regular expression pattern and replacement to rewrite the user name used for authentication.

It has the following attributes.

Attribute NameAttribute Description

pattern

A regular expression pattern.

replacement

The replacement to use to rewrite the user name used for authentication.

sasl-mechanism-selector

This element specifies a SASL mechanism selector using the syntax from the org.wildfly.security.sasl.SaslMechanismSelector.fromString(string) method.

It has the following attribute.

Attribute NameAttribute Description

selector

The SASL mechanism selector.

For more information about the grammar required for the sasl-mechanism-selector, see sasl-mechanism-selector Grammar in How to Configure Server Security for JBoss EAP.

set-mechanism-properties
This element can contain one or more property elements that are to be passed to the authentication mechanisms.
property

This element defines a property to be passed to the authentication mechanisms.

It has the following attributes.

Attribute NameAttribute Description

key

The property name.

value

The property value.

credentials

This element defines one or more credentials available for use during authentication.

It can contain one or more of the following child elements, which are dependent on the credential store implementation:

These are the same child elements as those contained in the protection-parameter-credentials element. See the protection-parameter-credentials element for details and an example configuration.

set-authorization-name

This element specifies the name that should be used for authorization if it is different from the authentication identity.

It has the following attributes.

Attribute NameAttribute Description

name

The name that should be used for authorization.

use-provider-sasl-factory
This element specifies the java.security.Provider instances that are either inherited or defined in this configuration and that are to be used to locate the available SASL client factories. This element should not be used with the use-service-loader-sasl-factory element.
use-service-loader-sasl-factory

This element specifies the module that is to be used to discover the SASL client factories using the service loader discovery mechanism. If no module is specified, the class loader that loaded the configuration is used. This element should not be used with the use-provider-sasl-factory element.

It has the following attribute.

Attribute NameAttribute Description

module-name

The name of the module.

net-authenticator

This element contains no configuration. If present, the org.wildfly.security.auth.util.ElytronAuthenticator is registered with java.net.Authenticator.setDefault(Authenticator). This allows the Elytron authentication client configuration to be used for authentication when JDK APIs are used for HTTP calls that require authentication.

Note

Because the JDK caches the authentication on the first call across the JVM, it is better to use this approach only on standalone processes that do not require different credentials for different calls to the same URI.

ssl-context-rules

This optional element defines the SSL context rules. When an ssl-context is required, the URI of the accessed resources as well as an optional abstract type and abstract type authority are matched against the rules defined in the configuration to identify which ssl-context should be used.

This element can contain one or more child rule elements.

Example: ssl-context-rules Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    <ssl-context-rules>
      <rule use-ssl-context="...">
        ...
      </rule>
    </ssl-context-rules>
    ...
  </authentication-client>
</configuration>

rule

This element defines the rule to match on the SSL context definitions.

It has the following attribute.

Attribute NameAttribute Description

use-ssl-context

The SSL context definition that is chosen when rules match.

SSL context rule matching is independent of authentication rule matching. The SSL context rule structure is identical to the authentication configuration rule structure, except that it references an SSL context, while the authentication rule references an authentication configuration.

It can contain the following child elements.

Example: rule Configuration for SSL Context

<rule use-ssl-context="...">
  <!-- At most one of the following two can be defined. -->
  <match-no-user />
  <match-user name="..." />
  <!-- Each of the following can be defined at most once. -->
  <match-protocol name="..." />
  <match-host name="..." />
  <match-path name="..." />
  <match-port number="..." />
  <match-urn name="..." />
  <match-domain name="..." />
  <match-abstract-type name="..." authority="..." />
</rule>

ssl-contexts

This optional element defines SSL context definitions that are to be chosen by the SSL context rules.

Example: ssl-contexts Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    <ssl-contexts>
      <default-ssl-context name="..."/>
      <ssl-context name="...">
        <key-store-ssl-certificate>...</key-store-ssl-certificate>
        <trust-store key-store-name="..." />
        <cipher-suite selector="..." />
        <protocol names="... ..." />
        <provider-name name="..." />
        <providers>...</providers>
        <certificate-revocation-list path="..." maximum-cert-path="..." />
      </ssl-context>
    </ssl-contexts>
  </authentication-client>
</configuration>

default-ssl-context
This element takes the SSLContext returned by javax.net.ssl.SSLContext.getDefault() and assigns it a name so it can referenced from the ssl-context-rules. This element can be repeated, meaning the default SSL context can be referenced using different names.
ssl-context

This element defines an SSL context to use for connections.

It can optionally contain one of each of the following child elements.

key-store-ssl-certificate

This element defines a reference to an entry within a keystore for the key and certificate to use for this SSL context.

It has the following attributes.

Attribute NameAttribute Description

key-store-name

The keystore name. This attribute is required.

alias

The alias of the entry to load from the referenced keystore. This can be omitted only for keystores that contain just a single entry.

It can contain the following child elements:

This structure is nearly identical to the structure used in the key-store-credential configuration with the exception that here it obtains the entry for the key and for the certificate. However, the nested key-store-clear-password and key-store-credential elements still provide the protection parameter to unlock the entry.

Example: key-store-ssl-certificate Configuration

<key-store-ssl-certificate key-store-name="..." alias="...">
  <key-store-clear-password password="..." />
  <key-store-credential>...</key-store-credential>
</key-store-ssl-certificate>

trust-store

This element is a reference to the keystore that is to be used to initialize the TrustManager.

It has the following attribute.

Attribute NameAttribute Description

key-store-name

The keystore name. This attribute is required.

cipher-suite

This element configures the filter for the enabled cipher suites.

It has the following attribute.

Attribute NameAttribute Description

selector

The selector to filter the cipher suites. The selector uses the format of the OpenSSL-style cipher list string created by the org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector) method.

Example: cipher-suite Configuration Using Default Filtering

<cipher-suite selector="DEFAULT" />

protocol
This element defines a space separated list of the protocols to be supported. See the client-ssl-context Attributes table in How to Configure Server Security for JBoss EAP for the list of available protocols. Red Hat recommends that you use TLSv1.2.
provider-name
Once the available providers have been identified, only the provider with the name defined on this element is used.
certificate-revocation-list

This element defines both the path to the certificate revocation list and the maximum number of non-self-issued intermediate certificates that can exist in a certification path. The presence of this element enables checking the peer’s certificate against the certificate revocation list.

It has the following attributes.

Attribute NameAttribute Description

path

The path to the certification list. This attribute is optional.

maximum-cert-path

The maximum number of non-self-issued intermediate certificates that can exist in a certification path. This attribute is optional.

providers

This element defines how java.security.Provider instances are located when required.

It can contain the following child elements.

Because the configuration sections of authentication-client are independent of each other, this element can be configured in the following locations.

Example: Locations of providers Configuration

<configuration>
  <authentication-client xmlns="urn:elytron:client:1.2">
    <providers />
    ...
    <credential-stores>
      <credential-store name="...">
        ...
        <providers />
      </credential-store>
    </credential-stores>
    ...
    <authentication-configurations>
      <authentication-configuration name="...">
        ...
        <providers />
      </authentication-configuration>
    </authentication-configurations>
    ...
    <ssl-contexts>
      <ssl-context name="...">
        ...
        <providers />
      </ssl-context>
    </ssl-contexts>
  </authentication-client>
</configuration>

The providers configuration applies to the element in which it is defined and to any of its child elements unless it is overridden. The specification of a providers in a child element overrides a providers specified in any of its parent elements. If no providers configuration is specified, the default behavior is the equivalent of the following, which gives the Elytron provider priority over any globally registered providers, but also allows for the use of globally registered providers.

Example: providers Configuration

<providers>
  <use-service-loader />
  <global />
</providers>

global
This empty element specifies to use the global providers loaded by the java.security.Security.getProviders() method call.
use-service-loader
This empty element specifies to use the providers that are loaded by the specified module. If no module is specified, the class loader that loaded the authentication client is used.
Important

Elements Not Currently Used By Any JBoss EAP Authentication Mechanisms

The following child elements of the credentials element in the Elytron client configuration are not currently used by any authentication mechanisms in JBoss EAP. They can be used in your own custom implementations of authentication mechanism; however, they are not supported.

  1. key-pair
  2. public-key-pem
  3. key-store-reference
  4. certificate

19.1.2. EJB Client Configuration Using the wildfly-config.xml File

You can use the jboss-ejb-client element, which is in the urn:jboss:wildfly-client-ejb:3.0 namespace, to configure EJB client connections, global interceptors, and invocation timeouts using the wildfly-config.xml file. This section describes how to configure an EJB client using this element.

jboss-ejb-client Elements and Attributes

The jboss-ejb-client element can optionally contain the following three top level child elements, along with their child elements:

invocation-timeout

This optional element specifies the EJB invocation timeout. It has the following attribute.

Attribute NameAttribute Description

seconds

The timeout, in seconds, for the EJB handshake or the method invocation request/response cycle. This attribute is required.

If the execution of a method takes longer than the timeout period, the invocation throws a java.util.concurrent.TimeoutException; however, the server side will not be interrupted.

global-interceptors
This optional element specifies the global EJB client interceptors. It can contain any number of interceptor elements.
interceptor

This element is used to specify an EJB client interceptor. It has the following attributes.

Attribute NameAttribute Description

class

The name of a class that implements the org.jboss.ejb.client.EJBClientInterceptor interface. This attribute is required.

module

The name of the module that should be used to load the interceptor class. This attribute is optional.

connections
This element is used to specify EJB client connections. It can contain any number of connection elements.
connection

This element is used to specify an EJB client connection. It can optionally contain an interceptors element. It has the following attribute.

Attribute NameAttribute Description

uri

The destination URI for the connection. This attribute is required.

interceptors
This element is used to specify EJB client interceptors and can contain any number of interceptor elements.
Example EJB Client Configuration in the wildfly-config.xml File

The following is an example that configures the EJB client connections, global interceptors, and invocation timeout using the jboss-ejb-client element in the wildfly-config.xml file. 

<configuration>
...
    <jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0">
        <invocation-timeout seconds="10"/>
        <connections>
            <connection uri="remote+http://10.20.30.40:8080"/>
        </connections>
        <global-interceptors>
            <interceptor class="org.jboss.example.ExampleInterceptor"/>
        </global-interceptors>
    </jboss-ejb-client>
...
</configuration>

19.1.3. HTTP Client Configuration Using the wildfly-config.xml File

The following is an example of how to configure HTTP clients using the wildfly-config.xml file. 

<configuration>
...
    <http-client xmlns="urn:wildfly-http-client:1.0">
        <defaults>
            <eagerly-acquire-session value="true" />
            <buffer-pool buffer-size="2000" max-size="10" direct="true" thread-local-size="1" />
        </defaults>
    </http-client>
...
</configuration>
Important

HTTP client configuration using the wildfly-config.xml file is provided as Technology Preview only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features.

19.1.4. Remoting Client Configuration Using the wildfly-config.xml File

You can use the endpoint element, which is in the urn:jboss-remoting:5.0 namespace, to configure a remoting client using the wildfly-config.xml file. This section describes how to configure a remoting client using this element.

endpoint Elements and Attributes

The endpoint element can optionally contain the following two top level child elements, along with their child elements.

It also has the following attribute:

Attribute NameAttribute Description

name

The endpoint name. This attribute is optional. If not provided, an endpoint name is derived from the system’s host name, if possible.

providers
This optional element specifies transport providers for the remote endpoint. It can contain any number of provider elements.
provider

This element defines a remote transport provider. It has the following attributes.

Attribute NameAttribute Description

scheme

The primary URI scheme that corresponds to this provider. This attribute is required.

aliases

The space-separated list of of other URI scheme names that are also recognized for this provider. This attribute is optional.

module

The name of the module that contains the provider implementation. This attribute is optional. If not provided, the class loader that loads JBoss Remoting searches for the provider class.

class

The name of the class that implements the transport provider. This attribute is optional. If not provided, the java.util.ServiceLoader facility is used to search for the provider class.

connections
This optional element specifies connections for the remote endpoint. It can contain any number of connection elements.
connection

This element defines a connection for the remote endpoint. It has the following attributes.

Attribute NameAttribute Description

destination

The destination URI for the endpoint. This attribute is required.

read-timeout

The timeout, in seconds, for read operations on the corresponding socket. This attribute is optional; however, it should be provided only if a heartbeat-interval is defined.

write-timeout

The timeout, in seconds, for a write operation. This attribute is optional; however, it should be provided only if a heartbeat-interval is defined.

ip-traffic-class

Defines the numeric IP traffic class to use for this connection’s traffic. This attribute is optional.

tcp-keepalive

Boolean setting that determines whether to use TCP keepalive. This attribute is optional.

heartbeat-interval

The interval, in milliseconds, to use when checking for a connection heartbeat. This attribute is optional.

Example Remoting Client Configuration in the wildfly-config.xml File

The following is an example that configures a remoting client using the wildfly-config.xml file. 

<configuration>
  ...
  <endpoint xmlns="urn:jboss-remoting:5.0">
    <connections>
      <connection destination="remote+http://10.20.30.40:8080" read-timeout="50" write-timeout="50" heartbeat-interval="10000"/>
    </connections>
  </endpoint>
  ...
</configuration>

19.1.5. Default XNIO Worker Configuration Using the wildfly-config.xml File

You can use the worker element, which is in the urn:xnio:3.5 namespace, to configure an XNIO worker using the wildfly-config.xml file. This section describes how to configure an XNIO worker client using this element.

worker Elements and Attributes

The worker element can optionally contain the following top level child elements, along with their child elements:

daemon-threads

This optional element specifies whether worker and task threads should be daemon threads. This element has no content. It has the following attribute.

Attribute NameAttribute Description

value

A boolean value that specifies whether worker and task threads should be daemon threads. A value of true indicates that worker and task threads should be daemon threads. A value of false indicates that they should not be daemon threads. This attribute is required.

If this element is not provided, a value of true is assumed.

worker-name

This element defines the name of the worker. The worker name appears in thread dumps and in JMX. This element has no content. It has the following attribute.

Attribute NameAttribute Description

value

The name of the worker. This attribute is required.

pool-size

This optional element defines the maximum size of the worker’s task thread pool. This element has no content. It has the following attribute.

Attribute NameAttribute Description

max-threads

A positive integer that specifies the maximum number of threads that should be created. This attribute is required.

task-keepalive

This optional element establishes the keep-alive time of task threads before they can be expired. It has the following attribute.

Attribute NameAttribute Description

value

A positive integer that specifies the minimum number of seconds to keep idle threads alive. This attribute is required.

io-threads

This optional element determines how many I/O selector threads should be maintained. Generally this number should be a small constant that is a multiple of the number of available cores. It has the following attribute.

Attribute NameAttribute Description

value

A positive integer that specifies the number of I/O threads. This attribute is required.

stack-size

This optional element establishes the desired minimum thread stack size for worker threads. This element should only be defined in very specialized situations where density is at a premium. It has the following attribute.

Attribute NameAttribute Description

value

A positive integer that specifies the requested stack size, in bytes. This attribute is required.

outbound-bind-addresses
This optional element specifies the bind addresses to use for outbound connections. Each bind address mapping consists of a destination IP address block, and a bind address and optional port number to use for connections to destinations within that block. It can contain any number of bind-address elements.
bind-address

This optional element defines an individual bind address mapping. It has the following attributes.

Attribute NameAttribute Description

match

The IP address block, in CIDR notation, to match.

bind-address

The IP address to bind to if the address block matches. This attribute is required.

bind-port

The port number to bind to if the address block matches. This value defauts to 0, meaning it binds to any port. This attribute is optional.

Example XNIO Worker Configuration in the wildfly-config.xml File

The following is an example of how to configure the default XNIO worker using the wildfly-config.xml file. 

<configuration>
  ...
  <worker xmlns="urn:xnio:3.5">
    <io-threads value="10"/>
    <task-keepalive value="100"/>
  </worker>
  ...
</configuration>