Chapter 3. Reference

authentication-realm

Reference to the security realm to use for authentication steps. This is used for obtaining or validating credentials.

authorization-realm

Reference to the security realm to use for loading the identity for authorization steps.

authorization-realms

Reference to the security realms to aggregate for loading the identity for authorization steps. If an attribute is defined in more than one authorization realm, the value of the first occurrence of the attribute is used.

principal-transformer

Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization.

maximum-age

The time in milliseconds that an item can stay in the cache. A value of -1 keeps items indefinitely. This defaults to -1.

maximum-entries

The maximum number of entries to keep in the cache. This defaults to 16.

realm

A reference to a cacheable security realm such as jdbc-realm, ldap-realm, filesystem-realm or a custom security realm.

realms

A list of the security realms to search. The security realms are invoked sequentially in the order they are provided in this attribute.

delegate-realm

The security realm to use by default.

emit-events

Specifies whether a security event of the type SecurityEvent that signifies the unavailability of a delegate-realm should be emitted. When enabled, you can capture these events in the audit log. The default values is true.

failover-realm

The security realm to use in case the delegate-realm is unavailable.

http-server-mechanism-factory

The HttpServerAuthenticationMechanismFactory to associate with this resource.

mechanism-configurations

The list of mechanism-specific configurations.

security-domain

The security domain to associate with the resource.

credential-security-factory

The security factory to use to obtain a credential as required by the mechanism.

final-principal-transformer

A final principal transformer to apply for this mechanism realm.

host-name

The host name this configuration applies to.

mechanism-name

This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.

mechanism-realm-configurations

The list of definitions of the realm names as understood by the mechanism.

pre-realm-principal-transformer

A principal transformer to apply before the realm is selected.

post-realm-principal-transformer

A principal transformer to apply after the realm is selected.

protocol

The protocol this configuration applies to.

realm-mapper

The realm mapper to be used by the mechanism.

final-principal-transformer

A final principal transformer to apply for this mechanism realm.

post-realm-principal-transformer

A principal transformer to apply after the realm is selected.

pre-realm-principal-transformer

A principal transformer to apply before the realm is selected.

realm-mapper

The realm mapper to be used by the mechanism.

realm-name

The name of the realm to be presented by the mechanism.

callback-handler

Callback handler to use with the Login Context. Security property auth.login.defaultCallbackHandler can be used instead. The default callback handler of the realm is used if none of these are defined.

entry

The entry name to use to initialize LoginContext.

module

The module with custom LoginModules and CallbackHandler classes.

path

The optional path to JAAS configuration file. You can also specify the location with java system property java.security.auth.login.config or with java security property login.config.url.

relative-to

If you provide relative-to, the value of the path attribute is treated as relative to the path specified by this attribute.

--absolute-resources

Use this argument to specify a list of absolute file system paths to reference from its module.xml file. The files specified are not copied to the module directory.

See --resource-delimiter for delimiter details.

--allow-nonexistent-resources

Use this argument to create empty directories for resources specified by --resources that do not exist. The module add command will fail if there are resources that do not exist and this argument is not used.

--dependencies

Use this argument to provide a comma-separated list of module names that this module depends on.

--export-dependencies

Use this argument to specify exported dependencies.

module add --name=com.mysql --resources=/path/to/{MySQLDriverJarName} --export-dependencies=javaee.api,sun.jdk,ibm.jdk,javax.api,javax.transaction.api

--main-class

Use this argument to specify the fully qualified class name that declares the module’s main method.

--module-root-dir

Use this argument if you have defined an external JBoss EAP module directory to use instead of the default EAP_HOME/modules/ directory.

module add --module-root-dir=/path/to/my-external-modules/ --name=com.mysql --resources=/path/to/{MySQLDriverJarName} --dependencies=javaee.api,sun.jdk,ibm.jdk,javax.api,javax.transaction.api

--module-xml

Use this argument to provide a file system path to a module.xml to use for this new module. This file is copied to the module directory. If this argument is not specified, a module.xml file is generated in the module directory.

--name

Use this argument to provide the name of the module to add. This argument is required.

--properties

Use this argument to provide a comma-separated list of PROPERTY_NAME=PROPERTY_VALUE pairs that define module properties.

--resource-delimiter

Use this argument to set a user-defined file path separator for the list of resources provided to the --resources or absolute-resources argument. If not set, the file path separator is a colon (:) for Linux and a semicolon (;) for Windows.

--resources

Use this argument to specify the resources for this module by providing a list of file system paths. The files are copied to this module directory and referenced from its module.xml file. If you a provide a path to a directory, the directory and its contents are copied to the module directory. Symbolic links are not preserved; linked resources are copied to the module directory. This argument is required unless --absolute-resources or --module-xml is provided.

See --resource-delimiter for delimiter details.

--slot

Use this argument to add the module to a slot other than the default main slot.

module add --name=com.mysql --slot=8.0 --resources=/path/to/{MySQLDriverJarName} --dependencies=javaee.api,sun.jdk,ibm.jdk,javax.api,javax.transaction.api

mechanism-configurations

The list of mechanism specific configurations.

sasl-server-factory

The SASL server factory to associate with this resource.

security-domain

The security domain to associate with this resource.

credential-security-factory

The security factory to use to obtain a credential as required by the mechanism.

final-principal-transformer

A final principal transformer to apply for this mechanism realm.

host-name

The host name this configuration applies to.

mechanism-name

This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.

mechanism-realm-configurations

The list of definitions of the realm names as understood by the mechanism.

protocol

The protocol this configuration applies to.

post-realm-principal-transformer

A principal transformer to apply after the realm is selected.

pre-realm-principal-transformer

A principal transformer to apply before the realm is selected.

realm-mapper

The realm mapper to be used by the mechanism.

final-principal-transformer

A final principal transformer to apply for this mechanism realm.

post-realm-principal-transformer

A principal transformer to apply after the realm is selected.

pre-realm-principal-transformer

A principal transformer to apply before the realm is selected.

realm-mapper

The realm mapper to be used by the mechanism.

realm-name

The name of the realm to be presented by the mechanism.

attribute

The name of the attribute from the identity to map directly to roles.